Nico Weichbrodt, Joshua Heinemann, Lennart Almstedt, Pierre-Louis Aublin, R. Kapitza
{"title":"经验论文:sgx-dl:安全应用程序的动态加载和热补丁","authors":"Nico Weichbrodt, Joshua Heinemann, Lennart Almstedt, Pierre-Louis Aublin, R. Kapitza","doi":"10.1145/3464298.3476134","DOIUrl":null,"url":null,"abstract":"Trusted execution as offered by Intel's Software Guard Extensions (SGX) is considered as an enabler to protect the integrity and confidentiality of stateful workloads such as key-value stores and databases in untrusted environments. These systems are typically long running and require extension mechanisms built on top of dynamic loading as well as hot-patching to avoid downtimes and apply security updates faster. However, such essential mechanisms are currently neglected or even missing in combination with trusted execution. We present sgx-dl, a lean framework that enables dynamic loading of enclave code at the function level and hot-patching of dynamically loaded code. Additionally, sgx-dl is the first framework to utilize the new SGX version 2 features and also provides a versioning mechanism for dynamically loaded code. Our evaluation shows that sgx-dl introduces a performance overhead of less than 5% and shrinks application downtime by an order of magnitude in the case of a database system.","PeriodicalId":154994,"journal":{"name":"Proceedings of the 22nd International Middleware Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Experience Paper: sgx-dl: dynamic loading and hot-patching for secure applications\",\"authors\":\"Nico Weichbrodt, Joshua Heinemann, Lennart Almstedt, Pierre-Louis Aublin, R. Kapitza\",\"doi\":\"10.1145/3464298.3476134\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Trusted execution as offered by Intel's Software Guard Extensions (SGX) is considered as an enabler to protect the integrity and confidentiality of stateful workloads such as key-value stores and databases in untrusted environments. These systems are typically long running and require extension mechanisms built on top of dynamic loading as well as hot-patching to avoid downtimes and apply security updates faster. However, such essential mechanisms are currently neglected or even missing in combination with trusted execution. We present sgx-dl, a lean framework that enables dynamic loading of enclave code at the function level and hot-patching of dynamically loaded code. Additionally, sgx-dl is the first framework to utilize the new SGX version 2 features and also provides a versioning mechanism for dynamically loaded code. Our evaluation shows that sgx-dl introduces a performance overhead of less than 5% and shrinks application downtime by an order of magnitude in the case of a database system.\",\"PeriodicalId\":154994,\"journal\":{\"name\":\"Proceedings of the 22nd International Middleware Conference\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 22nd International Middleware Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3464298.3476134\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 22nd International Middleware Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3464298.3476134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
英特尔的Software Guard Extensions (SGX)提供的可信执行被认为是保护有状态工作负载(如不可信环境中的键值存储和数据库)的完整性和机密性的推手。这些系统通常是长时间运行的,需要建立在动态加载和热补丁之上的扩展机制,以避免停机和更快地应用安全更新。然而,这些基本机制目前被忽视,甚至在与可信执行的结合中缺失。我们介绍了sgx-dl,这是一个精益框架,可以在功能级别动态加载enclave代码,并对动态加载的代码进行热补丁。此外,SGX -dl是第一个利用SGX version 2新特性的框架,它还为动态加载的代码提供了版本控制机制。我们的评估表明,在数据库系统的情况下,sgx-dl带来的性能开销不到5%,并将应用程序停机时间缩短了一个数量级。
Experience Paper: sgx-dl: dynamic loading and hot-patching for secure applications
Trusted execution as offered by Intel's Software Guard Extensions (SGX) is considered as an enabler to protect the integrity and confidentiality of stateful workloads such as key-value stores and databases in untrusted environments. These systems are typically long running and require extension mechanisms built on top of dynamic loading as well as hot-patching to avoid downtimes and apply security updates faster. However, such essential mechanisms are currently neglected or even missing in combination with trusted execution. We present sgx-dl, a lean framework that enables dynamic loading of enclave code at the function level and hot-patching of dynamically loaded code. Additionally, sgx-dl is the first framework to utilize the new SGX version 2 features and also provides a versioning mechanism for dynamically loaded code. Our evaluation shows that sgx-dl introduces a performance overhead of less than 5% and shrinks application downtime by an order of magnitude in the case of a database system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
