Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020); pages 754--765; Virtual event (originally: Sacramento, California, USA), November 8-12, 2020.
The Intel Security Guard Extensions (SGX) architecture enables the abstraction of enclaved execution, using which an application can protect its code and data from powerful adversaries, including system software that executes with the highest processor privilege. While the Intel SGX architecture exports an ISA with low-level instructions that enable applications to create enclaves, the task of writing applications using this ISA has been left to the software community.
We consider the problem of porting legacy applications to SGX enclaves. In the approximately four years to date since the Intel SGX became commercially available, the community has developed three different models to port applications to enclaves — the library OS, the library wrapper, and the instruction wrapper models.
In this paper, we conduct an empirical evaluation of the merits and costs of each model. We report on our attempt to port a handful of real-world application benchmarks (including OpenSSL, Memcached, a Web server and a Python interpreter) to SGX enclaves using prototypes that embody each of the above models. Our evaluation focuses on the merits and costs of each of these models from the perspective of the effort required to port code under each of these models, the effort to re-engineer an enclave-based application, the security offered by each model, and the runtime performance of the applications under these models.
Supplement: [ PDF ]
Slides: [ Coming soon ]
Paper DOI: [ 10.1145/3368089.3409726 ]
Artifact DOI: [ 10.5281/zenodo.3895761 ]