Is it possible to get trusted performance counter?

28 views
Skip to first unread message

Hang Yin

unread,
Dec 1, 2021, 6:29:17 AM12/1/21
to us...@gramineproject.io
Hi Gramine users,

I'm looking for solutions to measure the execution time of the program inside the enclave in a trusted way for resource accounting, because we don't want to trust the system admin.

It's easy to check the performance counters or the wall time in the untrusted world, but I'm wondering if we can get the trusted measurements when we don't trust users. I noticed the sgx profiling section in the docs. Can it be attested, or is it still the metrics from the OS?

Thanks for your advice.

--
Hang Yin

Michał Kowalczyk

unread,
Dec 5, 2021, 1:28:25 PM12/5/21
to Hang Yin, us...@gramineproject.io
Hi,

As far as I know it's not possible, at least not directly. There was some paper about in-enclave time accounting, but I don't remember its name and it didn't seem practical to me. Maybe just estimate the resources based on the workload size/complexity sent?

Best,
Michał
--

Vij, Mona

unread,
Dec 5, 2021, 2:41:03 PM12/5/21
to Kowalczyk, Michal, Hang Yin, us...@gramineproject.io

You can use perf counters for profiling and debugging with vtune. No good solution for trusted time. With the latest gen hardware you can call RDTSC instruction directly inside an enclave, but OS/VMM still control the offset and scaling, so it can’t be trusted.

 

There are some academic papers on some software solutions that use a busy look inside an enclave to measure the execution time and protect that thread using  TSX. You can find the paper at Déjà vu paper at  http://web.cse.ohio-state.edu/~zhang.5840/assets/AsiaCCS2017/asia318-chen.pdf

 

Thanks

Mona

--
You received this message because you are subscribed to the Google Groups "Gramine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/9e163c0c-ed4d-9088-baa1-2566beee78b0%40invisiblethingslab.com.

Hang Yin

unread,
Dec 17, 2021, 7:02:07 AM12/17/21
to Vij, Mona, Kowalczyk, Michal, us...@gramineproject.io
Cool, thanks! I'm going to read the paper.

It looks like we have to look into software instrumentation instead. We have seen some interesting tools like Intel's PinTool as a x86 to x86 jit that offers some capability to do dynamic code analysis and trace. I haven't taken a close look. Do you think it's something viable?

Best,
--
Hang Yin
尹航

Co-founder, Lead Developer
Phala Network | https://phala.network
Reply all
Reply to author
Forward
0 new messages