SGXoMeter: Open and Modular Benchmarking for Intel SGX

Abstract

Intel's Software Guard Extensions (SGX) are currently the most wide-spread commodity trusted execution environment, which provides integrity and confidentiality of sensitive code and data. Thereby, it offers protection even against privileged attackers and various forms of physical attacks. As a technology that only became available in late 2015, it has received massive interest and undergone a rapid evolution. Despite first ad-hoc attempts, there is so far no standardised approach to benchmark the SGX hardware, its associated environment, and techniques that were designed to harden SGX-based applications. In this paper, we present SGXoMeter, an open and modular framework designed to benchmark different SGX-aware CPUs, &mgr;code revisions, SDK versions and extensions to mitigate side-channel attacks. SGXoMeter provides a set of practical SGX test case scenarios and eases the development of custom benchmarks. Furthermore, we compare it to sgx-nbench, the only other SGX application benchmark tool we are aware of, and evaluate their differences. Through our benchmark results, we identified a performance overhead of up to ã10 times induced between two different SGX-SDK versions for certain workload scenarios.