research-article

Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave

Authors:

Ilya Alexandrovich,

Rebekah Leslie-Hurd,

Carlos RozasAuthors Info & Claims

HASP '16: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016

Article No.: 10, Pages 1 - 9

https://doi.org/10.1145/2948618.2954331

Published: 18 June 2016 Publication History

Abstract

We introduce Intel® Software Guard Extensions (Intel® SGX) SGX2 which extends the SGX instruction set to include dynamic memory management support for enclaves. Intel® SGX is a subset of the Intel Architecture Instruction Set [1]. SGX1 allows an application developer to build a trusted environment and execute inside that space. However SGX1 imposes limitations regarding memory commitment and reuse of enclave memory. The software developer is required to allocate all memory at enclave instantiation. This paper describes new instructions and programming models to extend support for dynamic memory management inside an enclave.

References

[1]

Intel Corp, "http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html," Intel, April 2016. {Online}. Available: http://download.intel.com/products/processor/manual/325462.pdf.

[2]

F. McKeen, I. Alexandrovich, A. Berenzon, C. Rozas and H. Shafi, "Innovative Instructions and Software Model for Isolated Execution," in HASP 2013, Tel Aviv, Israel, 2013.

Digital Library

[3]

I. Anati, S. Gueron, S. Johnson and V. Scarlata, "Innovative Technology for CPU Based Attestation and Sealing," in HASP 2013, Tel Aviv, Israel, 2013.

[4]

M. Hoekstra, R. Lal, P. Pappachan, C. Rozas and V. Phegade, "Using Innovative Instructions to Create Trustworthy Solutions," in HASP 2013, Tel Aviv Israel, 2013.

Digital Library

[5]

K. Brannock, P. Dewan, F. McKeen and U. Savagaonkar, "Providing a Safe Execution Environment," Intel Technology Journal, vol. 13, no. 2, 2009.

[6]

V. Costan and S. Devadas, "Intel SGX Explained," https://eprint.iacr.org/2016/086.pdf, 2016.

[7]

A. Baumann, M. Peinado and G. Hunt, "Shielding Applications from an Untrusted Cloud with Haven," in 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield CO, 2014.

Digital Library

[8]

R. Leslie-Hurd, D. Caspi and M. Fernandez, "Verifying Linearizability of Intel Software Guard Extensions," in Proc. Of the 27th International Conference on Computer Aided Verification (CAV), 2015.

[9]

X. T. W. T. Markus Metzger, "User-Guided Dynamic Data Race Detection," International Journal of Parallel Programming, vol. 43, no. 2, pp. 159--179, 2015.

Digital Library

[10]

A. Bron, E. Farchi, Y. Magid, Y. Nir and S. Ur, "Applications of synchronization coverage," in 10th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP'05), USA, pp. 206--212, 2005.

Digital Library

[11]

D. Lie, M. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," in Proc. of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, 2000.

Digital Library

[12]

G. Suh, D. Clarke, B. Gassend, M. van Dijk and S. Devadas, "AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing," in Proc. of the 17th International Conference on Supercomputing, 2003.

Digital Library

[13]

R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin and Z. Wang, "Architecture for Protecting Critical Secrets in Microporcessors," in Proc. of the 32nd annual International Symposium on Computer Architecture, 2005.

Digital Library

[14]

D. Champagne and R. Lee, "Scalable architectural support for trusted software," in 16th International Symposium on High Performance Computer Architecture (HPCA), 2010.

[15]

J. Szefer and R. Lee, "Architectural Support for Hypervisor-Scure Virtualization," in Proc. of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2012.

Digital Library

[16]

Rick Boivie, IBM Corp, "Secure Blue++: CPU Support for Secure Execution," IBM Watson Research Center, Yorktown Heights NY, 2012.

[17]

F. McKeen, U. Savagaonkar, C. Rozas, G. Michael, H. Herbert, A. Altmann, G. Graunke, D. Durham, S. Johnson, M. Kounavis, V. Scarlata, J. Cihula, S. Jeyasingh, B. Lint, G. Neiger, D. Rodgers, E. Brickell and J. LI, "METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION EXECUTION". WPO Patent WIPO Patent Application WO/2010/057065, 14 November 2009.

Cited By

Saad MSobhy DSaad A(2024)Veritas: Layer-2 Scaling Solution for Decentralized Oracles on Ethereum Blockchain with Reputation and Real-Time ConsiderationsJournal of Sensor and Actuator Networks10.3390/jsan1302002113:2(21)Online publication date: 7-Mar-2024
https://doi.org/10.3390/jsan13020021
Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.14778/3685800.3685815
Qiu LTaft RShraer AKollios G(2024)The Price of Privacy: A Performance Study of Confidential Virtual Machines for Database SystemsProceedings of the 20th International Workshop on Data Management on New Hardware10.1145/3662010.3663440(1-8)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3662010.3663440
Show More Cited By

Recommendations

Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave
HASP '16: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016

Intel® Software Guard Extensions (Intel® SGX) SGX2 extends the Intel® Software Guard Extensions (SGX) instruction set and enables software developers to dynamically manage memory within the SGX environment. This paper reviews the current SGX Software ...
Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Intel Software Guard Extensions: Introduction and Open Research Challenges
SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

HASP '16: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016

June 2016

96 pages

ISBN:9781450347693

DOI:10.1145/2948618

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

HASP 2016

HASP 2016: Hardware and Architectural Support for Security and Privacy 2016

June 18, 2016

Seoul, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

145
Total Citations
View Citations
1,194
Total Downloads

Downloads (Last 12 months)146
Downloads (Last 6 weeks)19

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saad MSobhy DSaad A(2024)Veritas: Layer-2 Scaling Solution for Decentralized Oracles on Ethereum Blockchain with Reputation and Real-Time ConsiderationsJournal of Sensor and Actuator Networks10.3390/jsan1302002113:2(21)Online publication date: 7-Mar-2024
https://doi.org/10.3390/jsan13020021
Yang XYue CZhang WLiu YOoi BChen J(2024)SecuDB: An In-Enclave Privacy-Preserving and Tamper-Resistant Relational DatabaseProceedings of the VLDB Endowment10.14778/3685800.368581517:12(3906-3919)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.14778/3685800.3685815
Qiu LTaft RShraer AKollios G(2024)The Price of Privacy: A Performance Study of Confidential Virtual Machines for Database SystemsProceedings of the 20th International Workshop on Data Management on New Hardware10.1145/3662010.3663440(1-8)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3662010.3663440
Brescia LAldinucci MColonnelli ICasanova HMontella R(2024)Secure Generic Remote Workflow Execution with TEEsProceedings of the 2nd Workshop on Workflows in Distributed Environments10.1145/3642978.3652834(8-13)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642978.3652834
Li MShen YYe GHe JZheng XZhang ZZhu LConti M(2024)Anonymous, Secure, Traceable, and Efficient Decentralized Digital ForensicsIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.332171236:5(1874-1888)Online publication date: May-2024
https://doi.org/10.1109/TKDE.2023.3321712
Huang QWang CLu B(2024)An Efficient and Verifiable Encrypted Data Filtering Framework Over Large-Scale Storage in Cloud EdgeIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345660019(8248-8262)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3456600
Ménétrey JPasin MFelber PSchiavoni VMazzeo GHollum AVaydia D(2024)A Comprehensive Trusted Runtime for WebAssembly With Intel SGXIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.333451621:4(3562-3579)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/TDSC.2023.3334516
Shadab RZou YGandham SAwad ALin M(2024)A Secure Computing System With Hardware-Efficient Lazy Bonsai Merkle Tree for FPGA-Attached Embedded MemoryIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332493521:4(3262-3279)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3324935
Shi YLuo TLiang JAu MLuo X(2024)Obfuscating Verifiable Random Functions for Proof-of-Stake BlockchainsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332105121:4(2982-2996)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3321051
Pandith O(2024)SGXFault: An Efficient Page Fault Handling Mechanism for SGX EnclavesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.326816921:3(1173-1178)Online publication date: May-2024
https://doi.org/10.1109/TDSC.2023.3268169
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents