Securing Enclaves: Balancing Speed and Safety

Let's talk about secure enclaves. These are like safe zones in computers where sensitive programs can hide. The problem is, even these safe zones can be tricked with sneaky attacks called transient execution attacks. Full separation from the rest of the computer isn't the best idea because it slows things down and makes apps less useful. Instead, what if we had super-smart chips that could control when and what is exposed? This way, we can keep the balance between speed and security. We need a plan to share memory safely between these enclaves and the rest of the computer, even when everything is happening out of order. Two methods were tried out: one that limits what attackers see, and another that controls how programs run. Together, they work really well to keep safe from attacks without slowing things down too much. Citadel is like a test run of this idea. It's a computer chip that can run multiple tasks at once and boot up an untrusted system. It has all the features needed for secure enclaves, like shared memory and ways to check if things are running safely. This is the first time anyone's shown that such a system can work on a powerful, multitasking computer chip while still protecting against common attacks.