• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE Symposium on Reliable Distributed Systems >Security, Performance and Energy Trade-Offs of Hardware-Assisted Memory Protection Mechanisms
【24h】

Security, Performance and Energy Trade-Offs of Hardware-Assisted Memory Protection Mechanisms

机译:硬件辅助的内存保护机制的安全性,性能和能量折衷

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are ADD described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several tradeoffs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro-and macro-benchmarks.
机译:如今,由于对云运营商的信任日益缺乏,严重阻碍了大规模分布系统的部署,例如使用公共云提供商的基础架构对敏感数据进行操作的发布-订阅平台。尽管存在纯基于软件的解决方案来保护数据和处理本身的机密性(例如同态加密方案),但是在实际工作负载下,它们的性能远非实用。在这种实践经验中,ADD描述了两种新颖的硬件辅助内存保护机制(即AMD SEV和Intel SGX)的性能折衷。具体来说,我们实现并评估发布/订阅用例,并评估内存保护机制的影响以及由此产生的性能。本文报告了构建该系统时获得的经验,尤其是在必须应对SEV和SGX施加的技术限制时。通过微基准测试和宏基准测试,展示了一些折衷方案,这些折衷方案提供了有关延迟,吞吐量,处理时间和能源需求方面的宝贵见解。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号