DM-TEE: Trusted Execution Environment for Disaggregated Memory
Authors: 
Ke Xia, Sheng WeiAuthors Info & Claims
Ke Xia, Sheng WeiAuthors Info & ClaimsPages 204 - 209
Abstract
Trusted execution environments (TEEs) can provide hardware and system-level protection for sensitive data and computations. However, the security perimeter of existing TEEs is limited to a single centralized machine, which contradicts with the growing trend of employing disaggregated computing resources (e.g., disaggregated memory) to achieve high performance and resource utilization. To address this limitation, we develop DM-TEE, a customized trusted execution environment supporting the emerging disaggregated memory architecture. DM-TEE extends the traditional TEEs from local memory to remote disaggregated memory, which is achieved by a newly designed secure memory allocation and access workflow to ensure the data confidentiality and integrity in the disaggregated memory. We implement DM-TEE on real hardware using Intel SGX and a state-of-the-art memory disaggregation system. Our evaluations on memory allocation, read/write operations, and benchmark program executions indicate that DM-TEE achieves the desired disaggregated memory security with minimal performance overhead.
References
[1]
2005. ARM Security Technology: Building a Secure System using TrustZone Technology. https://developer.arm.com/documentation/PRD29-GENC-009492/latest/.
[2]
2015. JSON Web Token. https://datatracker.ietf.org/doc/html/rfc7519.
[3]
2022. Enclave Development Overview. https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-computing-enclaves.
[4]
2023. Intel Software Guard Extensions Enclave Memory Manager. https://github.com/intel/sgx-emm/tree/main.
[5]
2023. Runtime Encryption of Memory with Intel Total Memory Encryption–Multi-Key (Intel TME-MK). https://www.intel.com/content/www/us/en/developer/articles/news/runtime-encryption-of-memory-with-intel-tme-mk.html.
[6]
Marcos K Aguilera, Kimberly Keeton, Stanko Novakovic, and Sharad Singhal. 2019. Designing far memory data structures: Think outside the box. In Workshop on Hot Topics in Operating Systems (HotOS). 120–126.
[7]
Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A security architecture with customizable and resilient enclaves. In USENIX Security Symposium. 1073–1090.
[8]
Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive (2016).
[9]
Reouven Elbaz, David Champagne, Catherine Gebotys, Ruby B Lee, Nachiketh Potlapally, and Lionel Torres. 2009. Hardware mechanisms for memory authentication: A survey of existing techniques and engines. Transactions on Computational Science IV: Special Issue on Security in Computing (2009), 1–22.
[10]
Erhu Feng, Xu Lu, Dong Du, Bicheng Yang, Xueqiang Jiang, Yubin Xia, Binyu Zang, and Haibo Chen. 2021. Scalable memory protection in the PENGLAI enclave. In USENIX Symposium on Operating Systems Design and Implementation (OSDI). 275–294.
[11]
Juncheng Gu, Youngmoon Lee, Yiwen Zhang, Mosharaf Chowdhury, and Kang G Shin. 2017. Efficient memory disaggregation with infiniswap. In USENIX Symposium on Networked Systems Design and Implementation (NSDI). 649–667.
[12]
Zhiyuan Guo, Yizhou Shan, Xuhao Luo, Yutong Huang, and Yiying Zhang. 2022. Clio: A hardware-software co-designed disaggregated memory system. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 417–433.
[13]
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News 42, 3 (2014), 361–372.
[14]
Youngeun Kwon and Minsoo Rhu. 2019. A disaggregated memory system for deep learning. IEEE Micro 39, 5 (2019), 82–90.
[15]
Xin Lin, Lingguang Lei, Yuewu Wang, Jiwu Jing, Kun Sun, and Quan Zhou. 2018. A measurement study on linux container security: Attacks and countermeasures. In Annual Computer Security Applications Conference (ACSAC). 418–429.
[16]
Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. 2020. Darknetz: Towards model privacy at the edge using trusted execution environments. In International Conference on Mobile Systems, Applications, and Services (MobiSys). 161–174.
[17]
Mendel Rosenblum and Tal Garfinkel. 2005. Virtual machine monitors: Current technology and future trends. Computer 38, 5 (2005), 39–47.
[18]
Moritz Schneider, Aritra Dhar, Ivan Puddu, Kari Kostiainen, and Srdjan Čapkun. 2022. Composite Enclaves: Towards Disaggregated Trusted Execution. IACR Transactions on Cryptographic Hardware and Embedded Systems (2022), 630–656.
[19]
Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W Fletcher. 2019. Microscope: Enabling microarchitectural replay attacks. In International Symposium on Computer Architecture (ISCA). 318–331.
[20]
Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-SGX: A practical library OS for unmodified applications on SGX. In USENIX Annual Technical Conference (ATC). 645–658.
[21]
Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted execution environments on GPUs. In USENIX Symposium on Operating Systems Design and Implementation (OSDI). 681–696.
[22]
Chenxi Wang, Haoran Ma, Shi Liu, Yuanqi Li, Zhenyuan Ruan, Khanh Nguyen, Michael D Bond, Ravi Netravali, Miryung Kim, and Guoqing Harry Xu. 2020. Semeru: A Memory-Disaggregated managed runtime. In USENIX Symposium on Operating Systems Design and Implementation (OSDI). 261–280.
[23]
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A Gunter. 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In Computer and Communications Security (CCS). 2421–2434.
[24]
Samuel Weiser and Mario Werner. 2017. SGXIO: Generic trusted I/O path for Intel SGX. In ACM Conference on Data and Application Security and Privacy (CODASPY). 261–268.
[25]
Ke Xia, Yukui Luo, Xiaolin Xu, and Sheng Wei. 2021. SGX-FPGA: Trusted execution environment for CPU-FPGA heterogeneous architecture. In Design Automation Conference (DAC). 301–306.
[26]
Ke Xia and Sheng Wei. 2023. DF-TEE: Trusted Execution Environment for Disaggregated Multi-FPGA Cloud Systems. In Asian Hardware Oriented Security and Trust Symposium (AsianHOST). 1–6.
[27]
Jianping Zhu, Rui Hou, XiaoFeng Wang, Wenhao Wang, Jiangfeng Cao, Boyan Zhao, Zhongpu Wang, Yuhui Zhang, Jiameng Ying, Lixin Zhang, 2020. Enabling rack-scale confidential computing using heterogeneous trusted execution environment. In IEEE Symposium on Security and Privacy (S&P). 1450–1465.
Index Terms
- DM-TEE: Trusted Execution Environment for Disaggregated Memory
Recommendations
Efficient Remote Memory Paging for Disaggregated Memory Systems
Algorithms and Architectures for Parallel ProcessingAbstractMemory disaggregation has attracted increasing attention in recent years because it is a cost-efficient approach to scale memory capacity for applications in a data center. However, the latency of remote memory access is a major concern in ...
DRAM Translation Layer: Software-Transparent DRAM Power Savings for Disaggregated Memory
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer ArchitectureMemory disaggregation is a promising solution to scale memory capacity and bandwidth shared by multiple server nodes in a flexible and cost-effective manner. DRAM power consumption, which is reported to be around 40% of the total system power in the ...
Rethinking software runtimes for disaggregated memory
ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating SystemsDisaggregated memory can address resource provisioning inefficiencies in current datacenters. Multiple software runtimes for disaggregated memory have been proposed in an attempt to make disaggregated memory practical. These systems rely on the virtual ...
Comments
Information & Contributors
Information
Published In
June 2024
797 pages
ISBN:9798400706059
DOI:10.1145/3649476
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
GLSVLSI '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 312 of 1,156 submissions, 27%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 386Total Downloads
- Downloads (Last 12 months)386
- Downloads (Last 6 weeks)87
Reflects downloads up to 13 Jan 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in