sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves

Novel trusted execution technologies such as Intel's Software Guard Extensions (SGX) are considered a cure to many security risks in clouds. This is achieved by offering trusted execution contexts, so called enclaves, that enable confidentiality and integrity protection of code and data even from privileged software and physical attacks. To utilise this new abstraction, Intel offers a dedicated Software Development Kit (SDK). While it is already used to build numerous applications, understanding the performance implications of SGX and the offered programming support is still in its infancy. This inevitably leads to time-consuming trial-and-error testing and poses the risk of poor performance. To enable the development of well-performing SGX-based applications, this paper makes the following three contributions: First, it summarises identified performance critical factors of SGX. Second, it presents sgx-perf, a collection of tools for high-level dynamic performance analysis of SGX-based applications. In particular, sgx-perf performs not only fined-grained profiling of performance critical events in enclaves but also offers recommendations on how to improve enclave performance. Third, it demonstrates how we used sgx-perf in four non-trivial SGX workloads to increase their performance by up to 2.16x.