Note: PANOPLY: Low-TCB Linux Applications with SGX Enclaves

PANOPLY provides middleware for SGX and Linux operating systems.

What

PANOPLY provides middleware for SGX and Linux operating systems which has low TCB and support all standard POSIX APIs.

Why

• Enclaves have severely limited capabilities: no native access to system calls and standard OS abstractions.
• Current systems have a large TCB which leads to too much overhead.
• There are security risks in Multi-Enclave applications.

How

• Using microns (micro-container) keep libc outside the enclave.
• micron is a unit of application logic which runs on the Intel SGX hardware enclaves.

Some Detail

• Evaluation on four real world software (Tor v0.2.5.11 , H2O v2.0.0 , OpenSSL v1.0.1m , FreeTDS v0.95.81 ):
  • Expressiveness & Security.
  • TCB -> How much TCB reduction achieve over Library OSes
  • Performance -> Perform compared to Library OSes

Note: PANOPLY: Low-TCB Linux Applications with SGX Enclaves

原文：https://www.cnblogs.com/tinoryj/p/10607456.html