Mingqiu Sun (Dec 13 2023 at 00:45): Mingqiu Sun (Dec 13 2023 at 00:45):Salmin Sultana from Intel Labs will present "Secure process consolidation using TME-MK based fine-grained isolation", at 9am, Jan 9, 2024. This presentation is open to all BA community members. If you want to get invited, please drop me an email (mingqiu.sun@intel.com).
Abstract: In the modern datacenters, cloud providers run workloads in separate containers or virtual machines. Process based isolation, however, has latency concerns due to slow startup, context switching, and inter-process data communication. Recent work by Amazon, Google, Microsoft have shown a great promise in improving application latency and cost by collocating workloads within a shared process. Our research goal is to improve the performance and efficiency of OS processes while preserving the security and flexibility running within the same process address space. In this work, we propose a secure process consolidation architecture where multiple processes run within a shared address space, isolated via fine-grained cryptography. We show how Intel Total Memory Encryption Multi-key (TME-MK), available in commodity HW, can provide fine grain, sub-page isolation. Our performance analysis with micro-benchmarks shows orders of magnitude improvement in performance as well as saving memory.
Mingqiu Sun (Jan 03 2024 at 22:41):Ptresentation rescheduled to 9am, Jan 23.
Last updated: Nov 22 2024 at 17:03 UTC