The rapid growth of the Java programming language has led to its wide adoption in cloud computing infrastructures.
However, Java applications running in untrusted clouds are susceptible to various forms of privileged attacks. The emergence
of trusted execution environments (TEEs), i.e., Intel SGX, mitigates this problem. TEEs protect code and data in
secure enclaves inaccessible to untrusted software, including the kernel or hypervisors. To efficiently use TEEs, developers
are required to manually partition their applications into trusted and untrusted parts. This decreases the trusted
computing base (TCB) and minimizes security vulnerabilities.
However, partitioning Java applications poses two important challenges: (1) ensuring efficient object communication between the partitioned components, and (2) ensuring garbage collection consistency between them.
We present Montsalvat, a tool which provides a practical and intuitive annotation-based partitioning approach for
Java applications using secure enclaves. Montsalvat provides an RMI-like mechanism to ensure inter-object communication,
as well as consistent garbage collection across the partitioned components. We implement Montsalvat with
GraalVM Native Image, a tool which ahead-of-time compiles Java applications into standalone native executables which
do not require a JVM at runtime. We perform extensive evaluations of Montsalvat using micro and macro benchmarks,
and show that our partitioning approach can lead to up to 6.6× and 2.9× performance boosts in real-world applications
(i.e., PalDB and GraphChi) respectively as compared to solutions that naively include the entire applications in the