Montsalvat: Intel SGX Shielding for GraalVM Native Images

Montsalvat: Intel SGX Shielding for GraalVM Native Images

Hugo Guiroux, Jean-Pierre Lozi, Peterson Yuhala, Jämes Ménétrey, Pascal Felber, Valerio Schiavoni, Alain Tchana, Gaël Thomas

11 December 2021

The rapid growth of the Java programming language has led to its wide adoption in cloud computing infrastructures. However, Java applications running in untrusted clouds are susceptible to various forms of privileged attacks. The emergence of trusted execution environments (TEEs), i.e., Intel SGX, mitigates this problem. TEEs protect code and data in secure enclaves inaccessible to untrusted software, including the kernel or hypervisors. To efficiently use TEEs, developers are required to manually partition their applications into trusted and untrusted parts. This decreases the trusted computing base (TCB) and minimizes security vulnerabilities. However, partitioning Java applications poses two important challenges: (1) ensuring efficient object communication between the partitioned components, and (2) ensuring garbage collection consistency between them. We present Montsalvat, a tool which provides a practical and intuitive annotation-based partitioning approach for Java applications using secure enclaves. Montsalvat provides an RMI-like mechanism to ensure inter-object communication, as well as consistent garbage collection across the partitioned components. We implement Montsalvat with GraalVM Native Image, a tool which ahead-of-time compiles Java applications into standalone native executables which do not require a JVM at runtime. We perform extensive evaluations of Montsalvat using micro and macro benchmarks, and show that our partitioning approach can lead to up to 6.6× and 2.9× performance boosts in real-world applications (i.e., PalDB and GraphChi) respectively as compared to solutions that naively include the entire applications in the enclave.


Venue : MIDDLEWARE 2021 - 22nd ACM/IFIP International Conference