Trusted Execution, and the Impact of Security on Performance

Proceedings of the 3rd Workshop on System Software for Trusted Execution Pub Date : 2018-01-15 DOI:10.1145/3268935.3268943

Stefan Brenner, Michael Behlendorf, R. Kapitza

{"title":"Trusted Execution, and the Impact of Security on Performance","authors":"Stefan Brenner, Michael Behlendorf, R. Kapitza","doi":"10.1145/3268935.3268943","DOIUrl":null,"url":null,"abstract":"Due to increasing success of cloud computing offerings, the demand for sensitive data processing and security in the cloud has also increased. By incorporation of trusted execution technologies such as the broadly available Intel Software Guard Extensions (SGX), applications can be secured. However, software engineers need to align their development process with the capabilities and properties of such a technology, in order to correctly secure applications while achieving good performance. In this paper, we identify relevant aspects for partitioning applications and discuss two complementary designs optimising for performance or security respectively. Additionally, our contribution comprises a performance and security measurement, at the example of two established real-world applications, that we both partitioned according to the above two distinct design approaches. We consider this paper as a guideline for the partitioning process of mainly data-handling services for usage of trusted execution and as a collection of relevant characteristics during the development of applications with trusted execution environments.","PeriodicalId":142419,"journal":{"name":"Proceedings of the 3rd Workshop on System Software for Trusted Execution","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd Workshop on System Software for Trusted Execution","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3268935.3268943","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Due to increasing success of cloud computing offerings, the demand for sensitive data processing and security in the cloud has also increased. By incorporation of trusted execution technologies such as the broadly available Intel Software Guard Extensions (SGX), applications can be secured. However, software engineers need to align their development process with the capabilities and properties of such a technology, in order to correctly secure applications while achieving good performance. In this paper, we identify relevant aspects for partitioning applications and discuss two complementary designs optimising for performance or security respectively. Additionally, our contribution comprises a performance and security measurement, at the example of two established real-world applications, that we both partitioned according to the above two distinct design approaches. We consider this paper as a guideline for the partitioning process of mainly data-handling services for usage of trusted execution and as a collection of relevant characteristics during the development of applications with trusted execution environments.

查看原文本刊更多论文

可信执行，以及安全性对性能的影响

由于云计算产品越来越成功，对云中的敏感数据处理和安全性的需求也在增加。通过结合可信的执行技术，例如广泛可用的Intel Software Guard Extensions (SGX)，可以保护应用程序。然而，软件工程师需要使他们的开发过程与这种技术的功能和属性保持一致，以便在获得良好性能的同时正确地保护应用程序。在本文中，我们确定了分区应用程序的相关方面，并分别讨论了优化性能或安全性的两种互补设计。此外，我们的贡献还包括性能和安全性度量，以两个已建立的实际应用程序为例，我们都根据上述两种不同的设计方法对其进行了划分。我们认为本文是为使用可信执行而划分主要数据处理服务的指导方针，也是在可信执行环境下开发应用程序过程中相关特征的集合。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd Workshop on System Software for Trusted Execution

自引率

0.00%

发文量