2nd Workshop on System Software for Trusted Execution (SysTEX 2017)
October 28th, 2017
In this talk I will discuss our recent work on the compiler and runtime framework for software memory address translation that we leverage to address some of the security and performance challenges of SGX execution. The framework enables the programmer to instrument a subset of memory pointers and override the way they access data, while providing a software infrastructure for page caching and address translation.
I will illustrate the benefits of this framework by describing our design of Secure User-managed Virtual Memory (SUVM) which provides much better memory scaling for enclaves than the original SGX paging. SUVM introduces an extra layer of virtual memory managed entirely by trusted code in a flexible application-specific manner. I will also discuss other potential use cases, such as inter-enclave shared memory, enclave migration and mitigation of controlled side channel attacks.
Mark Silberstein is an Assistant Professor at the department of Electrical Engineering, Technion - Israel Institute of Technology. Mark is working on OS abstractions and services for programmable accelerators and trusted execution environments with the goal to enhance programmability, performance and security.