Schnelle Inter-Enklaven Kommunikation mit Intel SGXFast Inter-Enclave Communication with Intel SGX

Introduction

With the rise of cloud computing in the last years, a need for secure computing on untrusted hosts has come up. To achieve this, Intel developed Secure Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

Problem statement

Enclaves are meant to be small, self-contained units. They can communicate with the untrusted side to pass data which is made easy by using the SDK. However, enclaves cannot communicate directly with each other as they cannot directly access each others memory. There is always an additional jump into the untrusted SDK runtime before entering an enclave and exiting an enclave, so transitioning from one enclave to another involves some overhead.

Task description

In this thesis, multiple ways of direct inter-enclave communication are to be developed and evaluated. The main task is to remove the overhead of the SDK by developing different techniques of inter-enclave communication. There already exist some ideas on how to achieve this, but no implementation work has been done so far.

Prerequisites

• Basic knowledge of Linux systems as we work with SGX exclusively on Linux
• Good knowledge of C/C++ as those are used to develop enclaves