000268171 001__ 268171
000268171 005__ 20190812204805.0
000268171 020__ $$a978-1-939133-03-8
000268171 037__ $$aCONF
000268171 245__ $$aSecured Routines: Language-based Construction of Trusted Execution Environments
000268171 260__ $$c2019
000268171 269__ $$a2019
000268171 336__ $$aConference Papers
000268171 520__ $$aTrusted Execution Environments (TEEs), such as Intel SGX enclaves, use hardware to ensure the confidentiality and integrity of operations on sensitive data. While the technology is available on many processors, the complexity of its programming model and its performance overhead have limited adoption. TEEs provide a new and valuable hardware functionality that has no obvious analogue in programming languages, which means that developers must manually partition their application into trusted and untrusted components. This paper describes an approach that fully integrates trusted execution into a language. We extend the Go language to allow a programmer to execute a goroutine within an enclave, to use low-overhead channels to communicate between the trusted and untrusted environments, and to rely on a compiler to automatically extract the secure code and data. Our prototype compiler and runtime, GOTEE, is a backward-compatible fork of the Go compiler. The evaluation shows that our compiler-driven code and data partitioning efficiently executes both microbenchmarks and applications. On the former, GOTEE achieves a 5.2×throughput and a 2.3× latency improvement over the Intel SGX SDK. Our case studies, a Go ssh server, the Go tls package, and a secured keystore inspired by the go-ethereum project, demonstrate that minor source-code modifications suffice to provide confidentiality and integrity guarantees with only moderate performance overheads.
000268171 700__ $$0250313$$aGhosn, Adrien$$g202189
000268171 700__ $$0247612$$aLarus, James$$g240726
000268171 700__ $$0246592$$aBugnion, Edouard$$g229105
000268171 7112_ $$aUSENIX Annual Technical Conference 2019$$cRenton, WA, USA$$dJuly 10-12, 2019
000268171 8560_ $$fjames.larus@epfl.ch
000268171 8564_ $$uhttps://infoscience.epfl.ch/record/268171/files/atc19-gosecure.pdf$$s725609
000268171 909C0 $$xU12634$$pDCSL$$0252469$$medouard.bugnion@epfl.ch$$zGrolimund, Raphael
000268171 909C0 $$yApproved$$pUPLARUS$$xU12814$$mjames.larus@epfl.ch$$zGrolimund, Raphael$$0252497
000268171 909CO $$pconf$$pIC$$ooai:infoscience.epfl.ch:268171
000268171 960__ $$aedouard.bugnion@epfl.ch
000268171 961__ $$afantin.reichler@epfl.ch
000268171 973__ $$aEPFL$$rREVIEWED
000268171 980__ $$aCONF
000268171 981__ $$aoverwrite