-
Speeding up enclave transitions for IO-intensive applications
Authors:
Jakob Svenningsson,
Nicolae Paladi,
Arash Vahidi
Abstract:
Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, suc…
▽ More
Process-based confidential computing enclaves such as Intel SGX can be used to protect the confidentiality and integrity of workloads, without the overhead of virtualisation. However, they introduce a notable performance overhead, especially when it comes to transitions in and out of the enclave context. Such overhead makes the use of enclaves impractical for running IO-intensive applications, such as network packet processing or biological sequence analysis. We build on earlier approaches to improve the IO performance of work-loads in Intel SGX enclaves and propose the SGX-Bundler library, which helps reduce the cost of both individual single enclave transitions well as of the total number of enclave transitions in trusted applications running in Intel SGX enclaves. We describe the implementation of the SGX-Bundler library, evaluate its performance and demonstrate its practicality using the case study of Open vSwitch, a widely used software switch implementation.
△ Less
Submitted 14 December, 2021;
originally announced December 2021.
-
Bridging Static and Dynamic Program Analysis using Fuzzy Logic
Authors:
Jacob Lidman,
Josef Svenningsson
Abstract:
Static program analysis is used to summarize properties over all dynamic executions. In a unifying approach based on 3-valued logic properties are either assigned a definite value or unknown. But in summarizing a set of executions, a property is more accurately represented as being biased towards true, or towards false. Compilers use program analysis to determine benefit of an optimization. Since…
▽ More
Static program analysis is used to summarize properties over all dynamic executions. In a unifying approach based on 3-valued logic properties are either assigned a definite value or unknown. But in summarizing a set of executions, a property is more accurately represented as being biased towards true, or towards false. Compilers use program analysis to determine benefit of an optimization. Since benefit (e.g., performance) is justified based on the common case understanding bias is essential in guiding the compiler. Furthermore, successful optimization also relies on understanding the quality of the information, i.e. the plausibility of the bias. If the quality of the static information is too low to form a decision we would like a mechanism that improves dynamically.
We consider the problem of building such a reasoning framework and present the fuzzy data-flow analysis. Our approach generalize previous work that use 3-valued logic. We derive fuzzy extensions of data-flow analyses used by the lazy code motion optimization and unveil opportunities previous work would not detect due to limited expressiveness. Furthermore we show how the results of our analysis can be used in an adaptive classifier that improve as the application executes.
△ Less
Submitted 13 July, 2017;
originally announced July 2017.
-
Embedding by Normalisation
Authors:
Shayan Najd,
Sam Lindley,
Josef Svenningsson,
Philip Wadler
Abstract:
This paper presents the insight that practical embedding techniques, commonly used for implementing Domain-Specific Languages, correspond to theoretical Normalisation-By-Evaluation (NBE) techniques, commonly used for deriving canonical form of terms with respect to an equational theory.
NBE constitutes of four components: a syntactic domain, a semantic domain, and a pair of translations between…
▽ More
This paper presents the insight that practical embedding techniques, commonly used for implementing Domain-Specific Languages, correspond to theoretical Normalisation-By-Evaluation (NBE) techniques, commonly used for deriving canonical form of terms with respect to an equational theory.
NBE constitutes of four components: a syntactic domain, a semantic domain, and a pair of translations between the two. Embedding also often constitutes of four components: an object language, a host language, encoding of object terms in the host, and extraction of object code from the host.
The correspondence is deep in that all four components in embedding and NBE correspond to each other. Based on this correspondence, this paper introduces Embedding-By-Normalisation (EBN) as a principled approach to study and structure embedding.
The correspondence is useful in that solutions from NBE can be borrowed to solve problems in embedding. In particular, based on NBE techniques, such as Type-Directed Partial Evaluation, this paper presents a solution to the problem of extracting object code from embedded programs involving sum types, such as conditional expressions, and primitives, such as literals and operations on them.
△ Less
Submitted 16 March, 2016;
originally announced March 2016.
-
Everything old is new again: Quoted Domain Specific Languages
Authors:
Shayan Najd,
Sam Lindley,
Josef Svenningsson,
Philip Wadler
Abstract:
We describe a new approach to domain specific languages (DSLs), called Quoted DSLs (QDSLs), that resurrects two old ideas: quotation, from McCarthy's Lisp of 1960, and the subformula property, from Gentzen's natural deduction of 1935. Quoted terms allow the DSL to share the syntax and type system of the host language. Normalising quoted terms ensures the subformula property, which guarantees that…
▽ More
We describe a new approach to domain specific languages (DSLs), called Quoted DSLs (QDSLs), that resurrects two old ideas: quotation, from McCarthy's Lisp of 1960, and the subformula property, from Gentzen's natural deduction of 1935. Quoted terms allow the DSL to share the syntax and type system of the host language. Normalising quoted terms ensures the subformula property, which guarantees that one can use higher-order types in the source while guaranteeing first-order types in the target, and enables using types to guide fusion. We test our ideas by re-implementing Feldspar, which was originally implemented as an Embedded DSL (EDSL), as a QDSL; and we compare the QDSL and EDSL variants.
△ Less
Submitted 4 August, 2015; v1 submitted 26 July, 2015;
originally announced July 2015.
-
Specification and Verification of Side Channel Declassification
Authors:
Josef Svenningsson,
David Sands
Abstract:
Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems -- in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but with careful coding and program transformation techniques it may be possible to verify security in the presence of specific side-channel attacks. But what if a p…
▽ More
Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems -- in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but with careful coding and program transformation techniques it may be possible to verify security in the presence of specific side-channel attacks. But what if a program intentionally makes a tradeoff between security and efficiency and leaks some information through a side channel? In this paper we study such tradeoffs using ideas from recent research on declassification. We present a semantic model of security for programs which allow for declassification through side channels, and show how side-channel declassification can be verified using off-the-shelf software model checking tools. Finally, to make it simpler for verifiers to check that a program conforms to a particular side-channel declassification policy we introduce a further tradeoff between efficiency and verifiability: by writing programs in a particular "manifest form" security becomes considerably easier to verify.
△ Less
Submitted 15 December, 2009;
originally announced December 2009.
