Due to the special hardware requirments we provide ssh access to our evalution machines. Please contact the paper author to obtain ssh access. The machines will have the correct hardware and kernel version to run the experiments. If you run into any problems you can write an email to the authors.
- AMD EPYC 7713P with AMD SEV-SNP support enabled
- Linux kernel 6.8 with Wallet specific patches
- Nix for dependency management
The first step is to get the source code for Wallet.
git clone https://github.com/TUM-DSE/Wallet-VMPL.gitIn order to get everthing ready the next step is to run the initialization.
make initializeThis step will fetch and build the dependecies to run a simple Trustlet. In the next step we run the VM with Wallet's Monitor.
make runAfter the VM has started it can be accessed either via ssh (make ssh) or
by login in with root:root. Since the Montior also logs to the same output
ssh is recommended.
In the VM the module directory should be available.
make vmpl.ko
insmod vmpl.koThis will load the kernel module used to commuicate with the Monitor.
In the next step the user space library can be build.
make libwallet/libwallet.so
make libwallet/libwallet.aAnd in module/python the python library can be build.
python3 -m pip install pybind11 pytest fire
python3 setup.py installAt this point the preperation are completed and the runtime can be tested.
With the script at module/example a simple Trustlet can be created
and excecuted.
python3 test.pyThis will exectue the following in VMPL2 as a Trustlet.
def handler(event):
i = int(event["Input"]) * 2
return {"Output": i}resulting in the following output.
Result: {'Output': 10}
Run the following to setup all required dependencies and Zygote images.
make initialize_experimentsAt this point the steps in getting started should have build all required binaries used the experiments.
Use the Makefile to run the experiments.
make run_sebs_wallet
make run_sebs_vm
make run_sebs_cvm
make run_sebs_kata
make run_sebs_gramine
make run_sebs_nativeEach will run all SeBS benchmarks and provide the logs of all. Figure 7 can be generated with the following command.
make plot_end_to_endThe data produced by the benchmarks of the previous step can also be use to create Figure 8a.
make plot_invocation_latencyFor Figure 8b additinal benchmarks are required.
make run_sebs_wallet_breakdownThis will run the SeBS benchmarks with the Monitor configured to log each step of the function creation.
make plot_runtime_breakdownFor Figure 8c the benchmarks is required to log the CoW and non-CoW pages.
make run_sebs_wallet_memorymake plot_memory_usageThis benchmark does test communication overhead for the different baselines.
make run_comm_latency_wallet
make run_comm_latency_kata
make run_comm_latency_vm
make run_comm_latency_cvmWith the following Figure 9 can be generated.
make plot_comm_latency For this part public Azure traces are used. The extend traces should already be part of the data prepared in the Getting Started section. How the traces were extended can be found under here. The simulations can be run with the following command.
make run_simulationAnd Figure 10 can be created via the following.
make plot_simulationThe data for Figure 1a can be generated via the following commands.
make run_boottime_native
make run_boottime_kata
make run_boottime_gramine
make run_boottime_cvm
make run_boottime_walletThis will measure the boot time for each baseline including all parts of the wallet bootup, e.g. cold, lukewarm and warm.
make plot_boottime_motivationFor Figure 1b the following is required.
make run_comm_native
make run_comm_gramine
make run_comm_kata
make run_comm_vm
make run_comm_cvm
make run_comm_walletThis will run the communication benchmark with increased transfer size for each baseline.
make plot_comm_motivationInformation on how to generate Figure 1c can be found here
Figure 2a can be created with the following command.
make plot_cdf_motivationFor Figure 2b the following is required.
make run_scale_kata
make run_scale_vm
make run_scale_cvm
make run_scale_walletmake plot_scaling_motivationFor Figure 2c the plot can be created with this command.
make plot_attest_motivationThe protocol analysis for Wallet can be cound here
It can happen that the KVM version of Wallet was not loaded. In this case please make sure to load it via make load_kvm.
In the current version/kernel used for Wallet regular CVMs without a Monitor can't be run. In order to run all the benchmarks either the kernel needs to be changed or a second system is required.