The recently introduced second generation of Intel SGX (SGXv2) lifts the memory size limitations of the first generation. Theoretically, this promises to enable secure and highly efficient analytical DBMSs in the cloud. To validate this promise, in this paper, we conduct the first in-depth evaluation study of running analytical query processing algorithms inside SGXv2. Our study reveals that state-of-the-art query operators like radix joins and SIMD-based scans can indeed achieve high performance inside SGXv2 enclaves. These operations are orders of magnitude faster than joins optimized for the discontinued SGXv1 hardware. However, substantial performance overheads are still caused by subtle hardware and software differences influencing code execution inside an SGX enclave. We investigate these differences and propose new optimizations to bring the performance inside the enclave on par with native code execution outside an enclave.

翻译：最新推出的第二代英特尔SGX（SGXv2）突破了第一代的内存容量限制。理论上，这有望在云端实现安全高效的分析型数据库管理系统。为验证这一前景，本文首次对SGXv2内运行分析查询处理算法进行了深入评估研究。研究揭示，基数连接和基于SIMD的扫描等先进查询算子确实能在SGXv2飞地内实现高性能。这些操作的速度较之专为已停产的SGXv1硬件优化的连接算法提升了数个数量级。然而，影响SGX飞地内代码执行的细微软硬件差异仍会导致显著的性能开销。我们深入探究了这些差异，并提出新优化方案，使飞地内的性能可媲美飞地外原生代码执行。