Enclave Management Models for Safe Execution of Software Components

Newton Will; Carlos Maziero

doi:10.5220/0012322600003648

Enclave Management Models for Safe Execution of Software Components

Newton Will, Carlos Maziero

2024

Abstract

Data confidentiality is becoming increasingly important to computer users, both in corporate and personal environments. In this sense, there are several solutions proposed to maintain the confidentiality and integrity of such data, among them the Intel Software Guard Extensions (SGX) architecture. The use of such mechanisms to provide confidentiality and integrity for sensitive data imposes a performance cost on the application execution, due to the restrictions and checks imposed by the Intel SGX architecture. Thus, the efficient use of SGX enclaves requires some management. The present work presents two management models for using SGX enclaves: (i) enclave sharing; and (ii) enclave pool. In order to apply such models, an enclave provider architecture is proposed, offering a decoupling between the enclave and the application, allowing to apply the proposed management models and offering the resources provided by the enclaves to the applications through an “as a service” approach. A prototype was built to evaluate the proposed architecture and management models; the experiments demonstrated a considerable reduction in the performance impact for enclave allocation, while guaranteeing good response times to satisfy simultaneous requests.

Download

Paper Citation

in Harvard Style

Will N. and Maziero C. (2024). Enclave Management Models for Safe Execution of Software Components. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 474-485. DOI: 10.5220/0012322600003648

in Bibtex Style

@conference{icissp24,
author={Newton Will and Carlos Maziero},
title={Enclave Management Models for Safe Execution of Software Components},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={474-485},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012322600003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Enclave Management Models for Safe Execution of Software Components
SN - 978-989-758-683-5
AU - Will N.
AU - Maziero C.
PY - 2024
SP - 474
EP - 485
DO - 10.5220/0012322600003648
PB - SciTePress