面向Keystone TEE的高性能异步边缘调用机制

doi:10.3778/j.issn.1002-8331.2311-0312

摘要/Abstract

摘要： 基于硬件安全的可信执行环境是保护数据安全和隐私的重要技术手段，Keystone是RISC-V平台上最流行的TEE方案。但是目前Keystone只能实现从安全世界调用非安全世界的函数，无法执行相反的过程；并且一次OCALL操作至少需要八次特权级转换，性能开销很高。针对这些问题，提出了一种基于用户态中断的异步边缘调用机制，不仅实现了对ECALL操作的支持，而且避免了CPU的特权级切换，极大提高了ECALL/OCALL效率。为了实现异步边缘调用，在安全世界中实现了用户态中断的委托与触发机制，并利用核间中断实现了异步ECALL/OCALL的事件通知；在Keystone共享内存的基础上设计了内存管理器，提供了异步边缘调用时的数据传递方案，并改进了共享内存的安全设计；基于QEMU对系统原型进行了实现，测试结果表明，异步ECALL/OCALL相比Keystone的同步OCALL性能提升了4倍。

关键词: 用户态中断, 核间中断, 可信执行环境, 异步调用

Abstract: A hardware-based secure execution environment is an important technology for safeguarding data security and privacy. Keystone is the most popular trusted execution environment (TEE) solution for the RISC-V platform. However, the current version of Keystone can only invoke functions from the secure world to the non-secure world and lacks the capability to perform the reverse process. Furthermore, each OCALL operation in Keystone requires a minimum of eight privilege-level transitions, resulting in significant performance overhead. To address these challenges, a novel approach based on user-mode interrupts for asynchronous edge function call has been proposed. This mechanism not only enables support for ECALL operations but also eliminates the need for privilege-level switching. As a result, the efficiency of ECALL/OCALL is greatly enhanced. The implementation of asynchronous ECALL/OCALL involves several key steps. Firstly, a delegation and triggering mechanism for user-mode interrupts is implemented within the secure world. This mechanism leverages inter-processor interrupts to facilitate asynchronous ECALL/OCALL event notifications. Secondly, a memory manager is designed on the Keystone shared memory to enable efficient data transmission during asynchronous function calls. Lastly, a system prototype based on QEMU is developed and test results demonstrate that the asynchronous ECALL/OCALL approach achieves a 4 times performance improvement compared to the synchronous OCALL method in Keystone.

Key words: user-mode interrupt, inter-core interrupt, trusted execution environment (TEE), asynchronous function call

王占坤, 赵波. 面向Keystone TEE的高性能异步边缘调用机制[J]. 计算机工程与应用, 2025, 61(6): 328-340.

WANG Zhankun, ZHAO Bo. High-Performance Asynchronous Edge Call Mechanism for Keystone TEE[J]. Computer Engineering and Applications, 2025, 61(6): 328-340.

参考文献

[1] SABT M, ACHEMLAL M, BOUABDALLAH A. Trusted execution environment: what it is, and what it is not[C]//Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, 2015: 57-64.
[2] JIA Y, LIU S, WANG W, et al. HyperEnclave: an open and cross-platform trusted execution environment[C]//Proceedings of the 2022 USENIX Annual Technical Conference (USENIX ATC 22), 2022: 437-454.
[3] COSTAN V, DEVADAS S. Intel SGX explained[EB/OL]. [2023-06-01]. https://eprint.iacr.org/2016/086.pdf.
[4] CHENG P C, OZGA W, VALDEZ E, et al. Intel TDX demystified: a top-down approach[J]. arXiv:2303.15540, 2023.
[5] PINTO S, SANTOS N. Demystifying arm TrustZone: a comprehensive survey[J]. ACM Computing Surveys, 2019, 51(6): 1-36.
[6] ZHAO S, LI M, ZHANGYZ Y, et al. vSGX: virtualizing SGX enclaves on AMD SEV[C]//Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), 2022: 321-336.
[7] LEE D, KOHLBRENNER D, SHINDE S, et al. Keystone: an open framework for architecting trusted execution environments[C]//Proceedings of the Fifteenth European Conference on Computer Systems. New York, NY, USA: Association for Computing Machinery, 2020: 1-16.
[8] 赵波, 袁安琪, 安杨. SGX在可信计算中的应用分析[J]. 网络与信息安全学报, 2021, 7(6): 126-142.
ZHAO B, YUAN A Q, AN Y. Application progress of SGX in trusted computing area[J]. Chinese Journal of Network and Information Security, 2021, 7(6): 126-142.
[9] 董春涛, 沈晴霓, 罗武, 等. SGX应用支持技术研究进展[J]. 软件学报, 2021, 32(1): 137-166.
DONG C T, SHEN Q N, LUO W, et al. Research progress of SGX application supporting techniques[J]. Journal of Software, 2021, 32(1): 137-166.
[10] KAMINSKY S. Secure multi-threading in keystone enclaves[EB/OL]. (2021-05-17). http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-136. html.
[11] PARKER M. A case for user-level interrupts[J]. ACM SIGARCH Computer Architecture News, 2002, 30(3): 17-18.
[12] LARABEL M. Intel posts initial code for x86 user interrupts on linux - shows great performance potential[EB/OL]. [2023-06-30]. https://www.phoronix.com/news/Linux-RFC-x86-User-Interrupts.
[13] 田凯夫. RISC-V 用户态中断扩展设计与实现[D]. 北京: 清华大学, 2023.
TIAN K F. Design and implementation of RISC-V user mode interrupt specification[D] Beijing: Tsinghua University, 2023.
[14] TIAN K F. RISC-V user interrupt specification[EB/OL]. (2023-02-19)[2024-01-24]. https://github.com/U-interrupt/uintr/blob/main/doc/spec.md.
[15] WATERMAN A, ASANOVIC K, HAUSER J, et al. Volume II: privileged architecture[EB/OL]. (2021-12-03). https://riscv.org/technical/specifications/.
[16] LEE D, KOHLBRENNER D, SHINDE S, et al. Keystone enclave 1.0.0 documentation[EB/OL]. (2021)[2023-06-02]. http://docs.keystone-enclave.org/en/latest/Getting-Started/index.html.
[17] MEHTA S. x86 User interrupts support[EB/OL]. [2023-06-30]. https://lore.kernel.org/lkml/20210913200132.3396598-1-sohil.mehta@intel.com/.
[18] BELLARD F. QEMU, a fast and portable dynamic translator[C]//Proceedings of the 2005 USENIX Annual Technical Conference, 2005: 41-46.
[19] TIAN H, ZHANG Q, YAN S, et al. Switchless calls made practical in Intel SGX[C]//Proceedings of the 3rd Workshop on System Software for Trusted Execution. New York, NY, USA: Association for Computing Machinery, 2018: 22-27.
[20] WEISSE O, BERTACCO V, AUSTIN T. Regaining lost cycles with HotCalls: a fast interface for SGX secure enclaves[C]//Proceedings of the 44th Annual International Symposium on Computer Architecture. New York, NY, USA: Association for Computing Machinery, 2017: 81-93.
[21] NYE J, KHAN O. SSE: security service engines to accelerate enclave performance in secure multicore processors[J]. IEEE Computer Architecture Letters, 2022, 21(2): 129-132.
[22] SHAFI O, BASHIR J. SecSched: flexible scheduling in secure processors[C]//Proceedings of the ACM International Conference on Parallel Architectures and Compilation Techniques. New York, NY, USA: Association for Computing Machinery, 2020: 229-240.
[23] ASMUSSEN N, V?LP M, N?THEN B, et al. M3: a hardware/operating-system co-design to tame heterogeneous manycores[J]. ACM SIGPLAN Notices, 2016, 51(4): 189-203.
[24] NARLIKAR G J, BLELLOCH G E. Pthreads for dynamic and irregular parallelism[C]//Proceedings of the 1998 ACM/IEEE Conference on Supercomputing(SC’98), 1998.
[25] ANDERSON T E. The performance of spin lock alternatives for shared-memory multiprocessors[J]. IEEE Transactions on Parallel and Distributed Systems, 1990, 1(1): 6-16.
[26] WATERMAN A, ASANOVIC K, DIVISION C. Volume I: unprivileged ISA[EB/OL]. https://riscv. org/technical/specifications/.
[27] MCKENNEY P E. Memory barriers: a hardware view for software hackers[R]. Linux Technology Center, IBM Beaverton, 2010.
[28] BOVET D P, CESATI M. Understanding the Linux kernel[M]. Cambridge, Mass: O’Reilly, 2001.
[29] NAKAO R. ali[CP/OL]. (2023-11-13)[2023-11-15]. https://github.com/nakabonne/ali.
[30] BELSON B, HOLDSWORTH J, XIANG W, et al. A survey of asynchronous programming using coroutines in the internet of things and embedded systems[J]. ACM Transactions on Embedded Computing Systems, 2019, 18(3): 1-21.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	0	0	0	22

	来源	本网站

	次数	22
	比例	100%

摘要

最新录用	在线预览	正式出版

0	0	13

	来源	本网站

	次数	13
	比例	100%