Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3092627.3092634acmotherconferencesArticle/Chapter ViewAbstractPublication PageshaspConference Proceedingsconference-collections
research-article

Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment

Published: 25 June 2017 Publication History

Abstract

As workloads and data move to the cloud, it is essential that software writers are able to protect their applications from untrusted hardware, systems software, and co-tenants. Intel® Software Guard Extensions (SGX) enables a new mode of execution that is protected from attacks in such an environment with strong confidentiality, integrity, and replay protection guarantees. Though SGX supports memory oversubscription via paging, virtualizing the protected memory presents a significant challenge to Virtual Machine Monitor (VMM) writers and comes with a high performance overhead. This paper introduces SGX Oversubscription Extensions that add additional instructions and virtualization support to the SGX architecture so that cloud service providers can oversubscribe secure memory in a less complex and more performant manner.

References

[1]
A. Abernathy, "Hyper-V Dynamic Memory vs. VMware Memory Overcommitment - Another Reason to Use Microsoft for VDI," http://blog.unidesk.com/hyper-v-dynamic-memory-vs-vmware-memory-overcommittmentvdi. {Accessed 7 April 2017}
[2]
I. Banerjee, F. Guo, R. Venkatasubramanian, "Memory Overcommitment in ESX Server" VMware® Technical Journal, Summer 2013.
[3]
M. Hoekstra, R. Lal, P. Pappachan, C. Rozas, V. Phegade and J. Del Cuvillo, "Using Innovative Instructions to Create Trustworthy Software Solutions," in HASP, Israel, 2013.
[4]
Intel® Corp., "Intel® 64 and IA-32 Architectures Software Developer's Manual," March 2017. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf. {Accessed 10 May 2017}.
[5]
David Kaplan, Jeremy Powell, Tom Woller, "AMD Memory Encryption," http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf. {Accessed 7 April 2017}
[6]
Dan Magenheimer, "Memory Overcommit... without the commitment," in Xen Summit, 2008. https://oss.oracle.com/projects/tmem/dist/documentation/papers/overcommit.pdf. {Accessed 7 April 2017}
[7]
F. McKeen, I. Alexandrovich, I. Anati, D. Caspi, S. Johnson, R. Leslie-Hurd and C. Rozas, "SGX Instructions to Support Dynamic Memory Allocation Inside an Enclave," in HASP, South Korea, 2016.
[8]
F. McKeen, I. Alexandrovich, A. Berenzon, C. Rozas, H. Shafi, V. Shanbhogue and U. Savagaoankar, "Innovative Instructions and Software Model for Isolated Execution," in HASP, Israel, 2013.
[9]
W.Zhao and Z. Wang, "Dynamic Memory Balancing for Virtual Machines," in Virtual Execution Environments, 2009.

Cited By

View all
  • (2024)Hybrid concurrency control protocol for data sharing among heterogeneous blockchainsFrontiers of Computer Science10.1007/s11704-022-2327-718:3Online publication date: 22-Jan-2024
  • (2022)DCertProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3565250(269-280)Online publication date: 7-Nov-2022
  • (2022)Trusted Platform Module-Based Privacy in the Public Cloud: Challenges and Future PerspectiveIT Professional10.1109/MITP.2022.314796824:3(81-87)Online publication date: 1-May-2022
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
HASP '17: Proceedings of the Hardware and Architectural Support for Security and Privacy
June 2017
68 pages
ISBN:9781450352666
DOI:10.1145/3092627
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

  • Intel: Intel
  • University of Houston

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Memory Management
  2. Oversubscription
  3. SGX
  4. Software Guard Extensions
  5. Virtualization

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

HASP '17

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)2
Reflects downloads up to 25 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Hybrid concurrency control protocol for data sharing among heterogeneous blockchainsFrontiers of Computer Science10.1007/s11704-022-2327-718:3Online publication date: 22-Jan-2024
  • (2022)DCertProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3565250(269-280)Online publication date: 7-Nov-2022
  • (2022)Trusted Platform Module-Based Privacy in the Public Cloud: Challenges and Future PerspectiveIT Professional10.1109/MITP.2022.314796824:3(81-87)Online publication date: 1-May-2022
  • (2020)AutarkyProceedings of the Fifteenth European Conference on Computer Systems10.1145/3342195.3387541(1-16)Online publication date: 15-Apr-2020
  • (2020)A survey of Intel SGX and its applicationsFrontiers of Computer Science10.1007/s11704-019-9096-y15:3Online publication date: 31-Dec-2020
  • (2019)Everything You Should Know About Intel SGX Performance on Virtualized SystemsProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/3322205.33110763:1(1-21)Online publication date: 26-Mar-2019
  • (2018)CPU Security BenchmarkProceedings of the 1st Workshop on Security-Oriented Designs of Computer Architectures and Processors10.1145/3267494.3267499(8-14)Online publication date: 15-Oct-2018
  • (2018)Virtualization Technologies and Cloud Security: Advantages, Issues, and PerspectivesFrom Database to Cyber Security10.1007/978-3-030-04834-1_9(166-185)Online publication date: 30-Nov-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media