1. Civet: An Efficient Java Partitioning Framework for Hardware Enclaves 2020 IntelSGX Usenix
    Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, Donald E. Porter
    [View PDF on usenix.org]
    [Show BibTex Citation]

    @inproceedings {244028,
    title = {Civet: An Efficient Java Partitioning Framework for Hardware Enclaves},
    booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},
    year = {2020},
    address = {Boston, MA},
    url = {https://www.usenix.org/conference/usenixsecurity20/presentation/tsai},
    publisher = {{USENIX} Association},
    month = aug,

Hardware enclaves are designed to execute small pieces of sensitive code or to operate on sensitive data, in isolation from larger, less trusted systems. Partitioning a large, legacy application requires significant effort. Partitioning an application written in a managed language, such as Java, is more challenging because of mutable language characteristics, extensive code reachability in class libraries, and the inevitability of using a heavyweight runtime.

Civet is a framework for partitioning Java applications into enclaves. Civet reduces the number of lines of code in the enclave and uses language-level defenses, including deep type checks and dynamic taint-tracking, to harden the enclave interface. Civet also contributes a partitioned Java runtime design, including a garbage collection design optimized for the peculiarities of enclaves. Civet is efficient for data-intensive workloads; partitioning a Hadoop mapper reduces the enclave overhead from 10× to 16–22% without taint-tracking or 70–80% with taint-tracking.