| Carl-Friedrich-Gauß-Fakultät | Informatik

Entwicklung eines besseren Pagingalgorithmus für Intel SGX Enklaven

Bearbeiter(anonym, Login erforderlich)
BetreuerNico Weichbrodt
ProfessorProf. Dr. Rüdiger Kapitza
IBR GruppeDS (Prof. Kapitza)
ArtBachelorarbeit, Masterarbeit, Projektarbeit


In the last years, a need for secure computing on untrusted host has come up. To achieve this, Intel developed Software Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. Enclaves operate in completely encrypted memory that only they can access. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

Problem statement

Using SGX enclaves in applications necessitates the use of the Enclave Page Cache (EPC), a special memory area that holds all enclave pages. The EPC has a fixed size of 128MiB of which 91MiB are usable, as some memory is needed for integrity protection. If enclaves are bigger than the EPC size, the SGX driver will swap pages to main memory. If a swapped page is accessed, a fault occurs and the page is paged back in. However, the algorithm that decides which pages should be swapped out is very simple and even swaps out pages that have been recently accessed.

Task description

To increase performance, we want to develop one or multiple improved paging algorithms. Therefore the following tasks have to be worked on:

  • Analysis of the current paging algorithm
  • Analysis of paging algorithms used in modern operating systems for possible adaptation
  • Finding criteria that influence paging and analysing how to access those inside the kernel driver
  • Development of one or more paging algorithms
  • Evaluation of the algorithm(s) under different access patterns and comparison with the default one by Intel


  • Basic knowledge of Linux systems as we work with SGX exclusively on Linux
  • Good knowledge of C/C++
  • Experience in writing Linux Kernel code is of advantage


[0] https://01.org/intel-softwareguard-extensions
[1] https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
[2] https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf

aktualisiert am 27.11.2017, 14:32 von Nico Weichbrodt