Elasticlave
Elasticlave is a Trusted Execution Environment (TEE) design which enables efficient cross-enclave data sharing. This repository contains the prototype implementation based on Keystone as described in "Elasticlave : An Efficient Memory Model for Enclaves" at Usenix Security Symposium 2022). For simplicity, we directly refer to this prototype implementation as Elasticlave in this document.
We support two options for running Elasticlave:
- On a RISC-V SoC simulated with FireSim. This can give accurate performance data and is therefore suitable for performance benchmarking. However, it is generally much slower than the second option.
- On a system emulated with QEMU. It cannot provide accurate performance data but runs fast and is great for testing the functionality.
The setup of Elasticlave differs depending on the option chosen.
On FireSim
Requirements and Dependencies
You need to set up FireSim on AWS EC2. Elasticlave and the associated scripts in this repository
have been tested on FireSim 1.9.0, which is included as a submodule in firesim/ along with the
Elasticlave-specific configuration files.
Please refer to the FireSim documentation for instructions.
We have dockerised the remaining software dependencies. See the official website of Docker for instructions on installing Docker on your system.
Building
git clone https://github.com/jasonyu1996/elasticlave.git --recursive --shallow-submodules
cd elasticlave
git submodule update --init --recursive
./docker.sh MAKE_FIRESIM=1Launching
./run-firesim.shBy default, this uses FireSim in firesim/. If you have set up FireSim in a different directory,
specify the FIRESIM_HOME environment variable:
FIRESIM_HOME=<your-firesim-directory> ./run-firesim.shOn QEMU
Requirements and Dependencies
We have dockerised most of the software dependencies, so there should be little problem running Elasticlave on any x86-64 Linux distribution with Docker installed. See the official website of Docker for instructions on installing Docker on your system.
Building
git clone https://github.com/jasonyu1996/elasticlave.git
cd elasticlave
git submodule update --init --recursive
./docker.shLaunching
./docker-run.sh ./run.shWhen prompted for the login, enter root. The corresponding password is sifive.
Benchmarks
Configuration
You can configure which benchmarks to include in the built file system. To achieve this, edit the file KEYSTONE_FOLDER/tests/tests/mkconfig.mk and uncomment the names of the benchmarks you want to include.
Available Benchmarks
Below are lists of the benchmarks included in this repository.
Synthetic Benchmarks
Thread Synchronisation
| Benchmark set | Elasticlave (spinlock) | Elasticlave (futex) | Spatial isolation | Native non-TEE |
|---|---|---|---|---|
| Lock | lock | lock-futex | lock-spatial | lock-native |
Data Sharing Patterns
| Benchmark set | Elasticlave | Elasticlave (no lock bit) | Spatial isolation |
|---|---|---|---|
| Producer-consumer | icall-consumer | icall-consumer-ne | icall-consumer-baseline |
||
| Client-server | icall-server | icall-server-ne | icall-server-baseline |
||
| Proxy | icall-proxy-3 | icall-proxy-3-ne | icall-proxy-3-baseline |
IOZone
| Benchmark set | Elasticlave | Spatial isolation | Native non-TEE |
|---|---|---|---|
| IOZone | iozone | iozone-baseline | iozone-native |
Third-Party Components
The implementation provided in this repository is based on Keystone.
This repository includes the third-party benchmark IOZone. The licence is included in its source files.
Below is the original README from Keystone, which can also be valuable fo reference.
Keystone: An Open-Source Secure Enclave Framework for RISC-V Processors
Visit Project Website for more information.
master branch is for public releases.
dev branch is for development use (up-to-date but may not fully documented until merged into master).
Documentation
See docs for getting started.
Contributing
See CONTRIBUTING.md