Trusted Execution Environments (TEEs) suffer from performance issues when executing certain management instructions, such as creating an enclave, context switching in and out of protected mode, and swapping cached pages. This is especially problematic for short-running, interactive functions in Function-as-a-Service (FaaS) platforms, where existing techniques to address enclave overheads are insufficient. We find FaaS functions can spend more time managing the enclave than executing application instructions. In this work, we propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms. TGh moves computation out of the enclave onto the untrusted host using garbled circuits (GC), a cryptographic construction for secure function evaluation. Our approach retains the security guarantees of enclaves while avoiding the performance issues associated with enclave management instructions.

翻译：可信执行环境（Trusted Execution Environments, TEEs）在执行特定管理指令（如创建飞地、进出保护模式的上下文切换及缓存页面交换）时存在性能问题。这对函数即服务（Function-as-a-Service, FaaS）平台中短时运行的交互式函数尤为突出，现有降低飞地开销的技术尚不足以应对。我们发现，FaaS函数在管理飞地上花费的时间可能超过执行应用程序指令的时间。本文提出一种TEE/GC混合协议（TGh），旨在构建机密FaaS平台。TGh利用乱码电路（Garbled Circuits, GC）——一种用于安全函数评估的密码学构造——将计算从飞地迁移至不可信主机。该方法在保持飞地安全性的同时，规避了飞地管理指令相关的性能问题。