Switchless Calls Made Practical in Intel SGX

Intel Software Guard Extensions (SGX) is an extension to x86 architecture that enables user-level code to create trusted memory regions, called enclaves. However, the security provided by enclaves is not free: one primary performance overhead is enclave switches, which are expensive and can be triggered frequently by cross-enclave function calls. Previous works propose a technique named Switchless Calls, which avoids enclave switches by using worker threads/cores to execute function calls asynchronously. But we find this technique is questionable in terms of efficiency: is it always wise to trade extra CPU cores for reduced enclave switches? In this paper, we make Switchless Calls a practical technique by ensuring that it improves performance efficiently. To this end, we investigate on what conditions can Switchless Calls improve performance efficiently by establishing a performance model via both mathematical and simulation analysis. Then, we formulate the notion of worker efficiency and design an efficiency-based scheduling algorithm that can automatically adjust the number of workers in response to changing workloads. Guided by the insights obtained from our performance modeling and worker scheduling, we integrate Switchless Calls into Intel SGX SDK as an official feature. We evaluate the performance of our implementation in various benchmarks and the results demonstrate the practicality of Switchless Calls.