B. Application benchmarks
According to the experiments that were carried out some conclusions have been achieved. For Apache, the variable SCONE-async, achieves performance the same as with that of the native version. It was expected the better performance emerged concerning SCONE-async variable compared with SCONE-sync. SCONE-async can change and go to some other Apache thread as long as waiting for system call results.
Limited advantage is produced by asynchronous system call in single-threaded applications (e.g., Redis), this is mainly the case because of the faster response times compared with the synchronous system calls. Nevertheless, if SCONE-async is waiting for the result of a system call cannot execute other application threads. Despite the fact that NGINX supporting multiple threads the same is true in this case too. From the expeririments also is obvious that Apache had a better scalling compared with NGINX altough both had the same number of threads. There is a summary of results for all the throughput-oriented applications below in Table 1.
C. File system shield
In this subsection an evaluation of performance is conducted concerning shield of file system with the use of with micro-benchmarks. IOZone filesystem benchbark is used in order to check the shield into random and sequential reads/writes. By the help of this file system a comparison is conducted based on the throughput of three different IOZone versions. The first version is related with native glibc have the ability of access to a tmpfs file system. The second vesion is SCONE with the passing file systemwhich is not include security. The third and last one version is SCONE with a passing file system which include security.
By the evaluation is conducted that IOZone on a passing file system have a higher throughput compared witb the native glibc IOZone on tmpfs. This result is due to the fact that application does not process any system calls while accessing data on the ephemeral file system contrariwise, have a direct access to the untrusted memory (DRAM) without the need for exiting the enclave. By enabling the encryption on the passing file system, minimize the throughput by the size order.
D. Asynchronous system calls
In this section an evaluation of asynchronous system calls (SCONE-async) is conducted. This evaluation show that SCONE-async arrives nearly the same number of system calls per second as glibc for one operating system thread. There is a possibility of scalability by specifying this implementation of the lock-free FIFO queue.