YoVDO

Scalable Memory Protection in the PENGLAI Enclave

Offered By: USENIX via YouTube

Tags

OSDI (Operating Systems Design and Implementation) Courses Cloud Security Courses Serverless Computing Courses RISC-V Courses

Course Description

Overview

Explore a 14-minute conference talk from USENIX OSDI '21 that delves into scalable memory protection in the PENGLAI Enclave. Learn about innovative software-hardware co-design techniques addressing limitations in secure memory protection for cloud-based applications. Discover two new hardware primitives: Guarded Page Table (GPT) and Mountable Merkle Tree (MMT), which enable dynamic, fine-grained, and large-scale secure memory with fast initialization. Understand how these advancements support thousands of concurrent enclaves, improve resource utilization, and eliminate high-cost initialization using fork-style enclave creation. Examine the implementation results, including support for 1,000s of concurrent enclave instances, scalability up to 512GB secure memory, and significant performance improvements in memory initialization and real-world applications like MapReduce.

Syllabus

Intro
Enclave / TEE (Trusted Execution Environment)
Existing Enclaves and Usages in Cloud
Restrictions of Current Enclaves
Non-scalable Secure Memory Protection
Scalable Memory Protection: Overview
Non-scalable Memory Isolation
Fine-grained Flexible Memory Isolation
Guarded Page Table (GPT)
Non-scalable Integrity Protection
Scale the Traditional Merkle Tree
Mountable Merkle Tree (MMT)
Non-scalable Memory Initialization
Boost Secure Memory Initialization
Evaluation
Enclave Startup Latency
Conclusion


Taught by

USENIX

Related Courses

Introduction to RISC-V
Linux Foundation via edX
Building a RISC-V CPU Core
Linux Foundation via edX
RISC-V Toolchain and Compiler Optimization Techniques
Linux Foundation via edX
Microcontroller Applications with RISC-V
Linux Foundation via edX
Stanford Seminar - Instruction Sets Should Be Free- The Case for RISC-V
Stanford University via YouTube