RELATED WORKIn this section, there is a review firstly for software methods which are securing applications from privileged code, subsequently for trusted hardware maintenance and at the end for the asynchronous system calls.• Software protection against privileged code. A long-standing research purpose constitutes the security in appli-cations and their data from malicious users by the privi-leged system software. Initial projects (such as NGSCB and Proxos) implement applications which produce security in the trusted operating system (OS), with trusted and un-trusted operating systems with virtualization. Following projects, comprising Overshadow, SP3, InkTag and Virtual Ghost, has focused on minimizing the size of the TCB by protecting application memory from a malicious operating system (OS) enter. The SEGO extends these methods by ensuring data managing and to all the devices where using trusted metadata. Minibox is a hypervisor sandbox which produces two-way security among native applications and the guest operating system.
In contrast with SCONE, those systems use a trusted virtualization layer and struggle to defend applications from malicious users with physical access to the machine or who controls the virtualization layer.• Trusted hardware can defend security-sensitive applications, and implementations which face performance issue, and security functionality. Tamper-proof physical and can host arbitrary functionality is provided by the secure co-processors.
Nevertheless, they usually are expensive, and their power is limited. In this application is guaranteed the security (e.g.
as cryptographic keys), Bajaj and Sion confirm that protected co-processors can be used to separate a database engine into trusted and untrusted parts. SCONE from the other side is providing security in containers by using SGX to achieve better performance. Trusted platform modules (TPM) give tailored services for ensuring commodity systems 1. They maintain isolated attestation, size-restricted trusted storage and sealing of application data. Flicker allows the multiplexing of protected modules that are probity protected by the TPM 1.
What limits Flicker’s usability for temporary applications is the high cost of switching among protected and unprotected processing modes due to the performance constraints of contemporary TPM implementations. TrustVisor and CloudVisor parry the obstacle of frequent TPM usage by adding the hypervisor inside the TCB using distant remote attestation. This virtualization layer extends the size of the TCB, and none solution can secure against a malicious user with physical access to the machine’s DRAM 1. ARM TrustZone has two system characters, protectedand regular world 1. This separation attends the requirements of mobile devices in which a rich operating system (OS) must be divided from the system software managing basic methods. Santos et al.
1 use TrustZone to build trusted elements for securing mobile applications. Nevertheless, separation of commonly distrustful elements needs a trusted language runtime in the TCB because there is only a single secure world. TrustZone also does not defend toward to malicious users with physical DRAM access. As we explained above, Intel SGX 2,5, 6 allows fine-grained probity and trustness at the enclave. Nevertheless, TrustZone’s secure world, enclaves cannot perform privileged code. Forward the lines of the original SGX design goals of defending tailor-made code for special security-sensitive tasks 1, Intel gives an SDK 1 to help the implementation of simple enclaves.
It emphasizes at an interface representation language mutually with a code generator and a necessary enclave library. Otherwise SCONE, the SDK needs help for system calls and produce only reduced functionality into the enclave. Haven aims to perform unmodified legacy Windows applications into SGX enclaves by porting a Windows library OS to SGX.
Relevant to the poor EPC size of modern SGX hardware, the memory specifications of a library OS are large. Also, porting a whole library operating system with a TCB including millions of LOC also ends in a huge attack cover. By using only a restricted C standard library, SCONE’s goal the requirements of Linux containers, retaining the TCB small and addressing modern SGX hardware constraints. Doing asynchronoussystem calls, SCONE minimizes enclave costs and puts importance on ensuring file and network communication for applications that are unprotected. VC3 uses also SGX to manage probity and trustness as a member of the MapReduce programming model. VC3 jobs attend the enforcer interface of Hadoop but are not allowed to execute system calls. SCONE directs on general system maintenance for container-based, interactive workloads but could be used as a basis for VC3 jobs that need expansive system functionality.
• Asynchronous system calls. FlexSC 52 batches system calls, reducing user/kernel transitions: when a batch is available, FlexSC signals the OS. In SCONE, application threads place system calls into a shared queue instead, which permits the OS threads to switch to other threads and stay inside the enclave. Moreover, SCONE uses a kernel module to execute system calls, while FlexSC requires invasive changes to the Linux kernel.
Earlier work such as ULRPC 7 improves the performance of inter-process communication (IPC) using asynchronous, cross address space procedure calls via shared memory. In contrast, SCONE uses asynchronous system calls for all privileged operations, not just IPC.