The popularity of the Java programming language has led to its wide adoption in cloud computing infrastructures. However, Java applications running in untrusted clouds are vulnerable to various forms of privileged attacks. The emergence of trusted execution environments (TEEs) such as Intel SGX mitigates this problem. TEEs protect code and data in secure enclaves inaccessible to untrusted software, including the kernel and hypervisors. To efficiently use TEEs, developers must manually partition their applications into trusted and untrusted parts, in order to reduce the size of the trusted computing base (TCB) and minimise the risks of security vulnerabilities. However, partitioning applications poses two important challenges: (i) ensuring efficient object communication between the partitioned components, and (ii) ensuring the consistency of garbage collection between the parts, especially with memory-managed languages such as Java. We present Montsalvat, a tool which provides a practical and intuitive annotation-based partitioning approach for Java applications destined for secure enclaves. Montsalvat provides an RMI-like mechanism to ensure inter-object communication, as well as consistent garbage collection across the partitioned components. We implement Montsalvat with GraalVM native-image, a tool for compiling Java applications ahead-of-time into standalone native executables that do not require a JVM at runtime. Our extensive evaluation with micro- and macro-benchmarks shows our partitioning approach to boost performance in real-world applications

翻译：Java编程语言的广泛普及使其在云计算基础设施中得到大量应用。然而，运行在不可信云环境中的Java应用程序容易遭受各种形式的特权攻击。以Intel SGX为代表的可信执行环境（TEE）的出现缓解了这一问题。TEE能够在安全飞地中保护代码和数据，使其对包括内核和虚拟机监控器在内的不可信软件不可访问。为高效使用TEE，开发者需手动将应用程序划分为可信部分和不可信部分，以缩减可信计算基（TCB）规模并最小化安全漏洞风险。然而，应用分区面临两大关键挑战：（i）确保分区组件间的对象高效通信，（ii）确保各组件间垃圾回收的一致性，特别是对于Java这类具有内存管理机制的语言。我们提出Montsalvat工具，为面向安全飞地的Java应用程序提供一种实用且直观的基于注解的分区方法。Montsalvat采用类RMI机制确保对象间通信，并支持跨分区组件的一致性垃圾回收。我们基于GraalVM原生镜像实现Montsalvat——该工具可将Java应用提前编译为无需运行时JVM的独立原生可执行文件。通过微基准与宏基准测试的全面评估表明，我们的分区方法能够有效提升实际应用的性能表现。