This paper is really interesting. It can be seen as addressing the “credible conditional recall” problem in an SGX enclave, because it implements a rapid “snapshot” and “reset” functionality. It’s implemented as a virtual machine layer for running guest processes within an SGX enclave.
There’s a lot of other insights on hardening too, including when running Wasm code compiled to native. @tolak
The implementation is summarized in this instructions page (other in forked version of other projects).
The paper is framed as about “serverless” functions, but my intended use would rather be to “clone” of a long-running program, getting a copy of its active stack/heap memory. But the paper seems to be about resetting to a nearly-initial state, so there isn’t as much to copy. I was hoping for something that worked like copy-on-write to get the best of both, so maybe that still remains open to try.
@socrates1024 Really interesting cause Phala also reuses enclave in our Phat contract implementation, each worker runs an enclave instance and lives all the time to service multiple smart contracts execution. We don’t implement stack/heap memory copy too, only the contract state be updated to blockchain by the transactions. But indeed this is worth trying, from my previous development experience with our contract, I do struggle with writing stateless query logic (like the view function in Solidity which doesn’t change contract state) because only 10s is allowed to execute the query and always being interrupted, it would be great if we have stack/heap saved, things could be more complicated though in a distributed workers network.
Another one is this paper also implements MLIEC for memory isolation inside an enclave and nested attestation, which is pretty inspired, we currently rely on WASM virtual machine for memory isolation, which theoretically needs trust assumption for their implementation
