تقرير
A Comprehensive Trusted Runtime for WebAssembly with Intel SGX
| العنوان: | A Comprehensive Trusted Runtime for WebAssembly with Intel SGX |
|---|---|
| المؤلفون: | Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, Schiavoni, Valerio, Mazzeo, Giovanni, Hollum, Arne, Vaydia, Darshan |
| المصدر: | TDSC: IEEE Transactions on Dependable and Secure Computing, November, 2023 |
| سنة النشر: | 2023 |
| المجموعة: | Computer Science |
| مصطلحات موضوعية: | Computer Science - Cryptography and Security, Computer Science - Performance, Computer Science - Programming Languages |
| الوصف: | In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. Twine leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and language-agnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, Twine delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that Twine can be deployed in production with reasonable performance trade-offs, ranging from a 0.7x slowdown to a 1.17x speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1x speedup. Twine is open-source and has been upstreamed into the original Wasm runtime, WAMR. Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. arXiv admin note: text overlap with arXiv:2103.15860 |
| نوع الوثيقة: | Working Paper |
| DOI: | 10.1109/TDSC.2023.3334516 |
| URL الوصول: | http://arxiv.org/abs/2312.09087 |
| رقم الأكسشن: | edsarx.2312.09087 |
| قاعدة البيانات: | arXiv |
| DOI: | 10.1109/TDSC.2023.3334516 |
|---|