Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment
| Title | Intel® Software Guard Extensions (Intel® SGX) Architecture for Oversubscription of Secure Memory in a Virtualized Environment |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Chakrabarti, Somnath, Leslie-Hurd, Rebekah, Vij, Mona, McKeen, Frank, Rozas, Carlos, Caspi, Dror, Alexandrovich, Ilya, Anati, Ittai |
| Conference Name | Proceedings of the Hardware and Architectural Support for Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5266-6 |
| Keywords | composability, Human Behavior, Memory management, Metrics, Oversubscription, privacy, pubcrawl, resilience, Resiliency, SGX, Software Guard Extensions, virtualization, virtualization privacy |
| Abstract | As workloads and data move to the cloud, it is essential that software writers are able to protect their applications from untrusted hardware, systems software, and co-tenants. Intel(r) Software Guard Extensions (SGX) enables a new mode of execution that is protected from attacks in such an environment with strong confidentiality, integrity, and replay protection guarantees. Though SGX supports memory oversubscription via paging, virtualizing the protected memory presents a significant challenge to Virtual Machine Monitor (VMM) writers and comes with a high performance overhead. This paper introduces SGX Oversubscription Extensions that add additional instructions and virtualization support to the SGX architecture so that cloud service providers can oversubscribe secure memory in a less complex and more performant manner. |
| URL | http://doi.acm.org/10.1145/3092627.3092634 |
| DOI | 10.1145/3092627.3092634 |
| Citation Key | chakrabarti_intel_2017 |