SLIDE 1
1
Overhead-free I/O from enclaves
SysTEX'16 Trento, Italy Meni Orenbach
- Prof. Mark Silberstein
2
Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni - - PowerPoint PPT Presentation
Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni - - PowerPoint PPT Presentation
Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni Orenbach Prof. Mark Silberstein 1 Research Statement: Enclaves are accelerators for secured execution Accelerator system services and Abstractions can be retrofitted Inspire
SLIDE 2
SLIDE 3
3
Case Example: GPU
Traditional CPU Application Host Application GPU Kernel Offload computation to GPU
Partition: GPU and host
SLIDE 4
4
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host High Performance Private Memory
Partition: GPU and host Separate GPU Memory
High latency (PCIe) to host memory
SLIDE 5
5
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host
Access Data
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls
SLIDE 6
6
GPU Kernel GPU Memory Storage Host Memory Host
Background: GPU Kernels
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory
SLIDE 7
7
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory
SLIDE 8
8
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host Kernel Launch 5μsec on NVIDIA K40
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs
Host construct kernel Can't Dynamically Load Instructions Can't Dynamically Load Threads Host manages address space
SLIDE 9
9
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation
SLIDE 10
10
GPU Kernel GPU Memory
Background: GPU Kernels
Storage Host Memory Host
Partition: GPU and host Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
SLIDE 11
11
What do GPU and enclave have in common?
SLIDE 12
12
Design an Enclave Application
Traditional CPU Application Host (Untrusted) Enclave (Trusted) Offload sensitive data to enclaves
Partition:trusted and untrusted Partition:trusted and untrusted Separate GPU Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
SLIDE 13
13
Enclave Enclave Memory
Private Reserved Memory
Storage Host Memory Host Integrity Confidentiality Anti-replay
High latency to host memory (Encrypt/Decrypt) Partition:trusted and untrusted Separate Enclave Memory Separate Enclave Memory Host manages OS services GPU cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
SLIDE 14
14
The OS is untrusted
Storage Host Memory Host
Access Data
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Host manages OS services Enclave cannot invoke syscalls Enclave cannot invoke syscalls Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
Enclave Enclave Memory
SLIDE 15
15
Storage Host Memory Host
Untrusted code operates on untrusted memory
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host operate on its memory Host operate on its memory Copy data to GPU memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
Enclave Enclave Memory
SLIDE 16
16
Enclave Memory
Trusted code operates on Trusted memory
Storage Host Memory Host
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host operate on its memory Copy data to enclave memory Copy data to enclave memory Host-centric management High invocation costs GPU execute computation Copy back to host memory
Enclave
SLIDE 17
17
Enclave Memory Enclave
Host-centric management
Storage Host Memory Host EENTER 3μsec on i7 Skylake
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host operate on its memory Copy data to enclave memory Host-centric management Host-centric management High invocation costs High invocation costs GPU execute computation Copy back to host memory
Host construct enclave Can't Dynamically Load Instructions (SGX1) Can't Dynamically Load Threads (SGX1) Host manages address space
SLIDE 18
18
Enclave Memory
Isolated execution
Storage Host Memory Host
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host operate on its memory Copy data to enclave memory Host-centric management High invocation costs Enclave execute computation Enclave execute computation Copy back to host memory
Enclave
SLIDE 19
19
Enclave Enclave Memory
Communication through untrusted memory
Storage Host Memory Host
Partition:trusted and untrusted Separate Enclave Memory Host manages OS services Enclave cannot invoke syscalls Host operate on its memory Copy data to enclave memory Host-centric management High invocation costs Enclave execute computation Copy back to host memory Copy back to host memory
SLIDE 20
20
The reason is... Isolation by design
Enclaves use strong isolation to provide strong security Accelerators run on different hardware Accelerators are isolated by necessity
SLIDE 21
21
Effect on processes' runtime
- Simplified parameter server in and out of
enclave
– Network server – Private model & data – Store model in hash table – Clients send 100k random requests to update items – Server issues recv() to get requests and update – Enclave encapsulate recv() in OCALL.
SLIDE 22
22
Simplified parameter server
1 2 4 8 16 32 64 1 2 3 4 5 6 7 8 9 10 SGX
Number of items updated per request Slowdown factor
SLIDE 23
23
What can we learn from GPUs?
SLIDE 24
24
SGXIO: Overhead-free I/O
from enclaves
Based on GPUfs [ASPLOS'2013]
– RPC communication infrastructure
Trusted memory Shared untrusted memory Untrusted memory RPC Queue Enclave Software 'Client' 'Server' untrusted_call() RPC Thread-Pool Exec Unlock Pass request Spinlock
SLIDE 25
25 1 2 4 8 16 32 64 1 2 3 4 5 6 7 8 9 10
SGX SGXIO
Number of items updated per request Slowdown factor
Simplified parameter server
SLIDE 26
26
Same, Same but different
- Enclaves are not traditional accelerators
– Latency to host memory
- MMU vs PCIe
– Atomic instructions shared with the host – Internal management
- E.g., Enclave Thread-scheduler
Enclaves bring new possibilities
SLIDE 27
27
Retrofitting accelerators' ideas for enclaves
- SGXIO: OS services for enclaves
- Asynchronous DMA host copies
- Non-blocking enclave launches
- In-enclave virtual memory management
SLIDE 28
28