Squeezing sparks out of sgx - the maru project

The Maru project between Imperial College, Cambridge, and the Turing Institute, has just completed the
task of getting Spark to run using Intel's SGX - this was a couple of years work, and involved
a lot of systems partitioning to get map/reduce type tasks to run in the secure enclave's very limited
memory. Along the way parallel work on getting the linux kernel library and secure communications and
storage to fly was required. Some of this may have been partially undermined by the reveleations about
vulnerabilities in Intel CPU's microarchitecture due to speculation exposing ephemeral state outside of
the
enclave (and other related problems. I'll briefly talk about other work to help mitigate this using
finer grain access control within the enclave, and on other CPUs.