Go to OpenReview Public Article DBLP homepageA Comparative Analysis of Rust-Based SGX Frameworks: Implications for Building SGX Applications
Abstract: The widespread adoption of Intel Software Guard Extensions (SGX) technology has garnered significant attention, primarily owing to its robust hardware-based data-in-use protection. To alleviate the complexities of SGX application development, an approach involving the incorporation of a Library Operating System (LibOS) within an enclave has gained prominence. This strategy enables SGX utilization without necessitating extensive modifications to legacy code. However, this approach increases the potential attack surface and may be susceptible to memory corruption vulnerabilities. To address this challenge, the trend of leveraging Rust programming language offering memory safety guarantees for implementing system components has prompted the development of Rust-based SGX frameworks. But still, a gap exists in providing guidelines or systematic analyses to aid developers in selecting a suitable Rust-based SGX framework, considering factors like implementation cost and runtime overhead. This study undertakes a comprehensive comparative analysis of three representative SGX frameworks implemented with Rust: Rust SGX SDK, Occlum, and Fortanix EDP. Our analysis encompasses an exploration of their internal implementations, focusing on their impact on both performance and security. Additionally, we quantify the engineering effort required for migrating legacy Rust applications and evaluate the supplementary overhead incurred when subjecting these frameworks to CPU and memory-intensive workloads. By conducting this analysis, we aim to provide valuable guidance to developers seeking to choose a Rust-based SGX framework that aligns with their application’s specific purpose and workload characteristics.
External IDs:dblp:conf/icisc/ShinONK23
Loading