Scalable Memory Protection in the PENGLAI Enclave

Explore a 14-minute conference talk from USENIX OSDI '21 that delves into scalable memory protection in the PENGLAI Enclave. Learn about innovative software-hardware co-design techniques addressing limitations in secure memory protection for cloud-based applications. Discover two new hardware primitives: Guarded Page Table (GPT) and Mountable Merkle Tree (MMT), which enable dynamic, fine-grained, and large-scale secure memory with fast initialization. Understand how these advancements support thousands of concurrent enclaves, improve resource utilization, and eliminate high-cost initialization using fork-style enclave creation. Examine the implementation results, including support for 1,000s of concurrent enclave instances, scalability up to 512GB secure memory, and significant performance improvements in memory initialization and real-world applications like MapReduce.

Intro
Enclave / TEE (Trusted Execution Environment)
Existing Enclaves and Usages in Cloud
Restrictions of Current Enclaves
Non-scalable Secure Memory Protection
Scalable Memory Protection: Overview
Non-scalable Memory Isolation
Fine-grained Flexible Memory Isolation
Guarded Page Table (GPT)
Non-scalable Integrity Protection
Scale the Traditional Merkle Tree
Mountable Merkle Tree (MMT)
Non-scalable Memory Initialization
Boost Secure Memory Initialization
Evaluation
Enclave Startup Latency
Conclusion