Hardware-Assisted Trusted Execution Environment technologies have become a crucial component in providing security for cloud-based computing. One of such hardware-assisted countermeasures is Intel Software Guard Extension (SGX). Using additional dedicated hardware and a new set of CPU instructions, SGX is able to provide isolated execution of code within trusted hardware containers called enclaves. By utilizing private encrypted memory and various integrity authentication mechanisms, it can provide confidentiality and integrity guarantees to protected data. In spite of dedicated hardware, these extra layers of security add a significant performance overhead. Decryption of data using secret OTPs, which are generated by modified Counter Mode Encryption AES blocks, results in a significant latency overhead that contributes to the overall SGX performance loss. This thesis introduces a metadata prediction extension to SGX based on local metadata releveling and prediction mechanisms. Correct prediction of metadata allows to speculatively precompute OTPs, which can be immediately used in decryption of incoming ciphertext data. This hides a significant part of decryption latency and results in faster SGX performance without any changes to the original SGX security guarantees. / Master of Science / With the exponential growth of cloud computing, where critical data processing is happening on third-party computer systems, it is important to ensure data confidentiality and integrity against third-party access. Sometimes that may include not only external attackers, but also insiders, like cloud computing providers themselves. While software isolation using Virtual Machines is the most common method of achieving runtime security in cloud computing, numerous shortcomings of software-only countermeasures force companies to demand extra layers of security. Recently adopted general purpose hardware-assisted technology like Intel Software Guard Extension (SGX) add that extra layer of security at the significant performance overhead. One of the major contributors to the SGX performance overhead is data decryption latency. This work proposes a novel algorithm to speculatively predict metadata that is used during decryption. This allows the processor to hide a significant portion of decryption latency, thus improving the overall performance of Intel SGX without compromising security.
Identifer | oai:union.ndltd.org:VTETD/oai:vtechworks.lib.vt.edu:10919/111236 |
Date | 20 January 2020 |
Creators | Talapkaliyev, Daulet |
Contributors | Electrical and Computer Engineering, Patterson, Cameron D., Jian, Xun, Plassmann, Paul E. |
Publisher | Virginia Tech |
Source Sets | Virginia Tech Theses and Dissertation |
Detected Language | English |
Type | Thesis |
Format | ETD, application/pdf |
Rights | This item is protected by copyright and/or related rights. Some uses of this item may be deemed fair and permitted by law even without permission from the rights holder(s), or the rights holder(s) may have licensed the work for use under certain conditions. For other uses you need to obtain permission from the rights holder(s). |
Page generated in 0.0039 seconds