Civet: An Efficient Java Partitioning Framework for Hardware Enclaves

Authors: 

Chia-Che Tsai, Texas A&M University; Jeongseok Son, UC Berkeley; Bhushan Jain, The University of North Carolina at Chapel Hill; John McAvey, Hendrix College; Raluca Ada Popa, UC Berkeley; Donald E. Porter, The University of North Carolina at Chapel Hill

Abstract: 

Hardware enclaves are designed to execute small pieces of sensitive code or to operate on sensitive data, in isolation from larger, less trusted systems. Partitioning a large, legacy application requires significant effort. Partitioning an application written in a managed language, such as Java, is more challenging because of mutable language characteristics, extensive code reachability in class libraries, and the inevitability of using a heavyweight runtime.

Civet is a framework for partitioning Java applications into enclaves. Civet reduces the number of lines of code in the enclave and uses language-level defenses, including deep type checks and dynamic taint-tracking, to harden the enclave interface. Civet also contributes a partitioned Java runtime design, including a garbage collection design optimized for the peculiarities of enclaves. Civet is efficient for data-intensive workloads; partitioning a Hadoop mapper reduces the enclave overhead from 10× to 16–22% without taint-tracking or 70–80% with taint-tracking.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {244028,
author = {Chia-che Tsai and Jeongseok Son and Bhushan Jain and John McAvey and Raluca Ada Popa and Donald E. Porter},
title = {Civet: An Efficient Java Partitioning Framework for Hardware Enclaves},
booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},
year = {2020},
isbn = {978-1-939133-17-5},
pages = {505--522},
url = {https://www.usenix.org/conference/usenixsecurity20/presentation/tsai},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video