Four core technologies are introduced to make the application load of running users more efficient
Dec 12, 2022| First of all, Occlum v1.0 puts forward an asynchronous design idea and re-designs the entire Occlum code architecture. By using the asynchronous property of Rust language, Occlum implements an efficient thread scheduling mechanism in Enclave based on the Rust lightweight coroutine and asynchronous runtime. Especially for large applications such as machine learning and distributed choreography, it can greatly improve computing performance.
Second, io_uring, a new generation of asynchronous I/O operation interfaces of Linux, is introduced in Occlum v1.0 and supports most IO operations (including network IO/disk IO). Using this new feature, coupled with Rust asynchronous runtime, Occlum has close to Linux native network I/O performance.
Third, Occlum v1.0 absorbed the new-generation trusted virtual block devices based on log structure independently developed by Ant Group, which can make the existing mainstream file system have the security protection capability of disk I/O, and the security is higher than that of various file I/O or disk I/O protection schemes in the Linux kernel. At the same time, the protection scheme is higher than that of similar TEE, such as SGX-PFS. Since the trusted virtual block device adopts the new append log structure design, the I/O performance will be greatly improved.
Fourth, using the dynamic memory management design based on on-demand allocation, Occlum v1.0 not only increases the utilization of Enclave physical memory but also greatly shortens the loading time of applications to the TEE.
Occlum v1.0 and the previous community release 0.29 performance test data were compared. The thread scheduling performance of Occlum v1.0 is 5 times that of the previous version. When the number of application threads increases, the scheduling performance advantage of v1.0 becomes more obvious. In terms of network transfer speed and file I/O throughput, compared with the previous version, it also has 2x and 3x performance improvement, especially in terms of network IO, which can approach the native Linux network transfer speed under the same environment.
