SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Stefan Steinegger*, David Schrammel, Samuel Weiser, Pascal Nasahl, Stefan Mangard

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Isolation is a long-standing security challenge. Privilege rings and virtual memory are increasingly augmented with capabilities, protection keys, and powerful enclaves. Moreover, we are facing an increased need for physical protection, e.g., via transparent memory encryption, resulting in a complex interplay of various security mechanisms. In this work, we tackle the isolation challenge with a new extensible isolation primitive called authenticryption shield that unifies various isolation policies. By using authenticated memory encryption, we streamline the security reasoning towards cryptographic guarantees. We showcase the versatility of our approach by designing and prototyping SERVAS – a novel enclave architecture for RISC-V. SERVAS facilitates a new efficient and secure enclave memory sharing mechanism. While the memory encryption constitutes the main overhead, invoking SERVAS enclave requires only 3.5x of a simple syscall instead of 71x for Intel SGX.
Original languageEnglish
Title of host publicationComputer Security – ESORICS 2021
Subtitle of host publication26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II
EditorsElisa Bertino, Haya Shulman, Michael Waidner
Place of PublicationCham
Number of pages22
ISBN (Print)978-3-030-88427-7
Publication statusPublished - 2 Oct 2021
Event26th European Symposium on Research in Computer Security: ESORICS 2021 - Darmstadt
Duration: 4 Oct 20218 Oct 2021

Publication series

NameLecture Notes in Computer Science


Conference26th European Symposium on Research in Computer Security
Abbreviated titleESORICS 2021

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this