SecSched: Flexible scheduling in secure processors

Abstract

Trusted execution environments (TEEs) are an integral part ofmodern processors because security has become a very importantconcern. However, many such environments are bedeviled by thehigh cost of context switches, particularly when there is a switchfrom secure mode to non-secure mode owing primarily to cachepollution and TLB-flushing overheads. State-of-the-art implementations create a secure shared memory channel between a threadrunning in secure mode and a thread running in non-secure mode,which invokes system calls on its behalf. We argue that this is inefficient, and it is possible to reduce the overheads significantlyby efficiently storing the context of secure threads and intelligentscheduling. In this paper, we propose a new scheduling algorithmSecSched that uses Cuckoo filters to capture the context of a thread.We schedule threads with similar contexts on the same core toleverage the effects of the locality. Our algorithm requires minimalhardware enhancements that are limited to maintaining a Cuckoofilter per core and a thread with the addition of few performancecounters per thread to keep track of the miss counts. We show thatwith these minimal changes we can increase the performance ofa suite of OS-intensive workloads by 27.6% with a minimal areaoverhead (around 0.04%).