Using Dynamic Software Product Lines to Implement Adaptive SGX-enabled Systems

Abstract

In the light of computational outsourcing and external data storage, data protection and trusted execution become increasingly important. Novel hardware such as Intel's Software Guard extensions (SGX) attempts to provide a solution to protect data and computations from unauthorized access and manipulation, even against attackers with physical access to a machine. However, the current generation of SGX limits the protected memory space that can be efficiently used to 128 MiB, which must be shared between data and binary code. Thus, we propose to use a software product line approach to tailor an application's binary code in such a way that it can be updated during runtime, with the goal to only store relevant features in the protected memory at a given time. We provide a prototypical implementation that enables basic support for loading and unloading features during runtime and evaluate our prototype in terms of execution times against non-adaptive execution.