Technical Report MSC-2019-02

Title: Improving Performance and Security of Intel SGX
Authors: Marina Minkin
Supervisors: Mark Silberstein
PDFCurrently accessibly only within the Technion network
Abstract: Intel Software Guard Extensions (SGX) are a new set of CPU instructions which enable trusted and isolated execution of selected sections of application code in hardware containers called enclaves. An enclave acts as a reverse sandbox: its private memory and execution state are isolated from any software outside the enclave, including an OS and/or a hypervisor, yet the code running in the enclave may access untrusted memory of the owner process. While SGX provides the convenience of a standard x86 execution environment inside the enclave, there are important differences in the way enclaves manage their private memory and interact with the host OS.

In this work, we try to understand better and improve the performance and security of SGX enclaves. First, we present Foreshadow, which is an attack on SGX that extracts full memory dumps of SGX enclaves thereby compromising SGX’s integrity and confidentiality guarantees.

Next, previous work (Eleos, EuroSys’17) has shown that performance of SGX paging can be improved by using software user-level paging, called SUVM. In this thesis we show that SUVM for a single enclave is not effective for multi-enclave systems, and introduce Multi-SUVM. A system that supports SUVM for multi enclave environment with kernel space and in-enclave modifications. We show in Multi-SUVM up to 65% speedup, and up to 3.4× higher throughput than SUVM.

CopyrightThe above paper is copyright by the Technion, Author(s), or others. Please contact the author(s) for more information

Remark: Any link to this technical report should be to this page (, rather than to the URL of the PDF files directly. The latter URLs may change without notice.

To the list of the MSC technical reports of 2019
To the main CS technical reports page

Computer science department, Technion