Sgx-dl: Dynamic loading and hot-patching for secure applications: Experience paper

Weichbrodt N, Heinemann J, Almstedt L, Aublin PL, Kapitza R (2021)

Publication Type: Conference contribution

Publication year: 2021

Publisher: Association for Computing Machinery, Inc

Pages Range: 91-103

Conference Proceedings Title: Middleware 2021 - Proceedings of the 22nd International Middleware Conference

Event location: Virtual, Online, CAN

ISBN: 9781450385343

DOI: 10.1145/3464298.3476134

Abstract

Trusted execution as offered by Intel's Software Guard Extensions (SGX) is considered as an enabler to protect the integrity and confidentiality of stateful workloads such as key-value stores and databases in untrusted environments. These systems are typically long running and require extension mechanisms built on top of dynamic loading as well as hot-patching to avoid downtimes and apply security updates faster. However, such essential mechanisms are currently neglected or even missing in combination with trusted execution. We present sgx-dl, a lean framework that enables dynamic loading of enclave code at the function level and hot-patching of dynamically loaded code. Additionally, sgx-dl is the first framework to utilize the new SGX version 2 features and also provides a versioning mechanism for dynamically loaded code. Our evaluation shows that sgx-dl introduces a performance overhead of less than 5% and shrinks application downtime by an order of magnitude in the case of a database system.

Authors with CRIS profile

Rüdiger Kapitza

Related research project(s)

PRIMaTE: PRIvacy preserving Multi-compartment Trusted Execution (PRIMaTE) Oct. 16, 2017 - Aug. 31, 2023

Involved external institutions

Technische Universität Braunschweig DE Germany (DE) IIJ Innovation Institute JP Japan (JP)

How to cite

APA:

Weichbrodt, N., Heinemann, J., Almstedt, L., Aublin, P.L., & Kapitza, R. (2021). Sgx-dl: Dynamic loading and hot-patching for secure applications: Experience paper. In Middleware 2021 - Proceedings of the 22nd International Middleware Conference (pp. 91-103). Virtual, Online, CAN: Association for Computing Machinery, Inc.

MLA:

Weichbrodt, Nico, et al. "Sgx-dl: Dynamic loading and hot-patching for secure applications: Experience paper." Proceedings of the 22nd International Middleware Conference, Middleware 2021, Virtual, Online, CAN Association for Computing Machinery, Inc, 2021. 91-103.

BibTeX: Download