Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms
Christian G\"ottel, Rafael Pires, Isabelly Rocha, S\'ebastien Vaucher,, Pascal Felber, Marcelo Pasin, Valerio Schiavoni

TL;DR
This paper evaluates the performance, energy, and security trade-offs of AMD SEV and Intel SGX hardware-assisted memory protection mechanisms in a publish-subscribe system, highlighting practical limitations and insights for real-world deployment.
Contribution
It provides a practical assessment of SEV and SGX in a real-world publish/subscribe system, revealing their performance and energy trade-offs and technical limitations.
Findings
SEV and SGX introduce latency and throughput impacts.
Technical limitations affect system scalability and efficiency.
Trade-offs vary depending on workload and configuration.
Abstract
The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
