| Carl-Friedrich-Gauß-Fakultät | Informatik

Enhancing Intel SGX Paging with Machine Learning

BetreuerNico Weichbrodt
ProfessorProf. Dr. Rüdiger Kapitza
IBR GruppeDS (Prof. Kapitza)


In the last years, a need for secure computing on untrusted host has come up. To achieve this, Intel developed Software Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. Enclaves operate in completely encrypted memory that only they can access. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

Problem statement

Using SGX enclaves in applications necessitates the use of the Enclave Page Cache (EPC), a special memory area that holds all enclave pages. The EPC has a fixed size of 128MiB of which 91MiB are usable, as some memory is needed for integrity protection. If enclaves are bigger than the EPC size, the SGX driver will swap pages to main memory. If a swapped page is accessed, a fault occurs and the page is paged back in.

Since paging is costly, we want to analyse different access patterns of applications and prefetch pages that might be needed in the future. To achieve this.

Task description

To increase performance, we want to develop a way to trace an applications page accesses and prefetch needed pages based on knowledge gained by using machine learning. Therefore the following tasks have to be worked on:

  • Analysis of the SGX drivers architecture
  • Analysis of the current paging algorithm in the driver
  • Tracing Page accesses dynamically and statically of an enclave
  • Using machine learning algorithms to find out which pages sets are potentially needed at which time
  • Evaluation of the system under different access patterns and comparison with the default paging by Intel


  • Knowledge of Linux systems as we work with SGX exclusively on Linux
  • Good knowledge of C/C++
  • Experience in writing Linux Kernel code is of advantage


[0] https://01.org/intel-softwareguard-extensions
[1] https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
[2] https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf

aktualisiert am 17.08.2018, 10:14 von Nico Weichbrodt