| Carl Friedrich Gauß Faculty | Department of Computer Science

Intel Visual Compute Accelerator and Intel SGX

Student(anonymous, Login required)
SupervisorNico Weichbrodt
ProfessorProf. Dr. Rüdiger Kapitza
IBR GroupDS (Prof. Kapitza)
TypeMaster Thesis


In the last years, a need for secure computing on untrusted host has come up. To achieve this, Intel developed Software Guard Extensions (SGX) [1,2] that allows developers to create secure compartments for their applications, called enclaves. Enclaves are a secure part of applications that can be entered to perform security critical computations while being guarded from an untrusted operating system and attackers by the processor itself. Enclaves operate in completely encrypted memory that only they can access. To ease development of enclaves, Intel released a Software Development Kit (SDK) [0].

SGX is normally only available on Desktop and Mobile-class CPUs. However, there is a special PCIe-card called the Intel Visual Compute Accelerator (VCA). [4] This card contains three Intel Xeon E3 processors that have SGX support. We have such a card and can utilise SGX on it.

Problem statement

The nodes on the card talk with each other and with the host over TCP/IP via a kind-of virtual network interface on top of PCIe. We want to increase performance by removing the TCP/IP stack and doing something RDMA-like.

Task description

Build a framework that alows the use of RDMA-like communication via PCIe between the nodes and the host.


  • Basic knowledge of Linux systems as we work with SGX exclusively on Linux
  • Good knowledge of C/C++
  • Knowledge of Linux Kernel modules and custom modules
  • Knowledge of x86-64 assembler is of advantage


[0] https://01.org/intel-softwareguard-extensions
[1] https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
[2] https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf
[4] Intel VCA

last changed 2019-01-21, 13:31 by Nico Weichbrodt