eSilo: Making Silo Secure with SGX

Masahide Fukuyama, Masahiro Tanaka, Ryota Ogino, Hideyuki Kawashima


In the cloud computing environment, it is not easy to prove that an adversary with administrator privileges does not attack database systems. To address this issue, EnclaveDB is proposed, which applies an enclave to the database. Its logging mechanism runs sequentially and does not introduce a parallel scheme to exploit modern storage devices with parallel I/O. In this paper, we propose eSilo, which is the Silo transaction processing system with an enclave. The eSilo ensures the confidentiality of sensitive records and procedures by storing, processing, encrypting, and exporting logs inside the enclave provided by Intel SGX. Since standard C/C++ libraries are not supported by SGX, we implemented the eSilo system by replacing the alternative library included in the SGX SDK provided by Intel. We implemented the core of eSilo, extending the CCBench Silo system by adding a logging module. In the experiment with YCSB-A workload, eSilo peaked at 2.30 M tps throughput with sixty worker threads and four logger threads. Our eSilo demonstrated 9.35% performance improvement over the vanilla Silo, thanks to the superior performance of the SGX dedicated library.


Silo; transaction processing system; database system; SGX; enclave; security

Full Text:



  • There are currently no refbacks.