ELASTICLAVE: An Efficient Memory Model for Enclaves

Trusted execution environments (TEEs) isolate user-space applications into secure enclaves without trusting the OS. Existing TEE memory models are rigid-they do not allow an enclave to share memory with other enclaves. This lack of essential functionality breaks compatibility with several constructs such as shared memory, pipes, and fast mutexes that are frequently required in data intensive use-cases. In this work, we present ELASTICLAVE, a new TEE memory model which allows sharing. ELASTICLAVE strikes a balance between security and flexibility in managing access permissions. Our implementation of ELASTICLAVE on RISC-V achieves performance overheads of about 10% compared to native (non- FEE) execution for data sharing workloads. In contrast, a similarly secure implementation on a rigid TEE design incurs 1-2 orders of magnitude overheads for these workloads. Thus, ELASTICLAVE enables cross-enclave data sharing with much better performance.