research-article

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

Authors:
Fritz Alder

imec DistriNet, KU Leuven, Leuven, Belgium

imec DistriNet, KU Leuven, Leuven, Belgium
View Profile

,
N. Asokan

University of Waterloo & Aalto University, Waterloo, Canada

University of Waterloo & Aalto University, Waterloo, Canada
View Profile

,
Arseny Kurnikov

Ericsson & Aalto University, Espoo, Finland

Ericsson & Aalto University, Espoo, Finland
View Profile

,
Andrew Paverd

Microsoft Research & Aalto University, Cambridge, United Kingdom

Microsoft Research & Aalto University, Cambridge, United Kingdom
View Profile

,
Michael Steiner

Intel Labs, Hillsboro, OR, USA

Intel Labs, Hillsboro, OR, USA
View Profile

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security WorkshopNovember 2019Pages 185–199https://doi.org/10.1145/3338466.3358916

Published:11 November 2019Publication History

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Pages 185–199

ABSTRACT

Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage.

To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.

References

ConvNetJS, 2016. https://cs.stanford.edu/people/karpathy/convnetjs/.Google Scholar
Ankr network, 2019. https://www.ankr.com.Google Scholar
Intel TSX, 2019. https://www.intel.com/software/tsx.Google Scholar
Amazon Web Services. AWS EC2 Spot Pricing, 2018. https://aws.amazon.com/ec2/spot/pricing/.Google Scholar
Amazon Web Services. AWS Lambda Pricing, 2018. https://aws.amazon.com/lambda/pricing/.Google Scholar
Apache OpenWhisk, 2018. https://openwhisk.apache.org/.Google Scholar
Bauman, E., Wang, H., Zhang, M., and Lin, Z. SGXElide: Enabling Enclave Code Secrecy via Self-modification. In 2018 International Symposium on Code Generation and Optimization (2018), CGO 2018. https://doi.org/10.1145/3168833.Google ScholarDigital Library
Bowman, M., Miele, A., Steiner, M., and Vavala, B. Private Data Objects: an Overview. arXiv:1807.05686 [cs] (July 2018). http://arxiv.org/abs/1807.05686.Google Scholar
Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., and Sadeghi, A.-R. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Conference on Offensive Technologies (2017), WOOT'17. https://www.usenix.org/system/files/conference/woot17/woot17-paper-brasser.pdf.Google Scholar
Brenner, S., Goltzsche, D., and Kapitza, R. TrApps: Secure Compartments in the Evil Cloud. In 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (2017), XDOMO'17. https://doi.org/10.1145/3071064.3071069.Google ScholarDigital Library
Brenner, S., Hundt, T., Mazzeo, G., and Kapitza, R. Secure Cloud Micro Services Using Intel SGX. In Distributed Applications and Interoperable Systems (2017). https://doi.org/10.1007/978--3--319--59665--5_13.Google ScholarCross Ref
Brenner, S., and Kapitza, R. Trust More, Serverless. In 12th ACM International Conference on Systems and Storage (2019), SYSTOR '19. https://doi.org/10.1145/3319647.3325825.Google Scholar
Bulck, J. V., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck.Google Scholar
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In 2019 IEEE European Symposium on Security and Privacy (June 2019). https://doi.org/10.1109/EuroSP.2019.00020.Google ScholarCross Ref
Chen, G., Wang, W., Chen, T., Chen, S., Zhang, Y., Wang, X., Lai, T., and Lin, D. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In 2018 IEEE Symposium on Security and Privacy (SP) (2018). https://doi.org/10.1109/SP.2018.00024.Google Scholar
Chen, S., Zhang, X., Reiter, M. K., and Zhang, Y. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In 2017 ACM on Asia Conference on Computer and Communications Security (2017), ASIA CCS '17. https://doi.org/10.1145/3052973.3053007.Google Scholar
Cheng, R., Zhang, F., Kos, J., He, W., Hynes, N., Johnson, N., Juels, A., Miller, A., and Song, D. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. arXiv:1804.05141 [cs] (Apr. 2018). http://arxiv.org/abs/1804.05141.Google Scholar
ClimatePrediction.net, 2018. https://www.climateprediction.net/.Google Scholar
Dinh, T. T. A., Saxena, P., Chang, E.-C., Ooi, B. C., and Zhang, C. M2R: Enabling stronger privacy in MapReduce computation. In 24th USENIX Security Symposium (2015). https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-dinh.pdf.Google Scholar
Duktape, 2018. https://duktape.org/.Google Scholar
Folding@home, 2018. https://foldingathome.org/.Google Scholar
Golem Network, 2018. https://golem.network/.Google Scholar
Goltzsche, D., Wulf, C., Muthukumaran, D., Rieck, K., Pietzuch, P., and Kapitza, R. TrustJS: Trusted Client-side Execution of JavaScript. In European Workshop on Systems Security (2017). https://doi.org/10.1145/3065913.3065917.Google ScholarDigital Library
Google. Cloud Functions Pricing Summary, 2018. https://cloud.google.com/functions/pricing-summary/.Google Scholar
Google. Octane JavaScript Benchmark Suite, 2018. https://developers.google.com/octane/.Google Scholar
Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-gruss.pdf.Google ScholarDigital Library
Hunt, T., Zhu, Z., Xu, Y., Peter, S., and Witchel, E. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In 12th USENIX Conference on Operating Systems Design and Implementation (2016). https://www.usenix.org/system/files/conference/osdi16/osdi16-hunt.pdf.Google Scholar
IBM. Cloud Functions Pricing, 2018. https://console.bluemix.net/openwhisk/learn/pricing.Google Scholar
Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, 2018. https://software.intel.com/en-us/articles/intel-sdm.Google Scholar
Intel Corporation. Intel Software Guard Exentions (Intel SGX): Protected Code Loader (PCL) for Linux, 2018. https://github.com/intel/linux-sgx-pcl/blob/master/Intel(R)%20SGX%20Protected%20Code%20Loader%20for%20Linux%20User%20Guide.pdf.Google Scholar
Joanna Rutkowska. Introducing Graphene-ng: running arbitrary payloads in SGX enclaves, 2018. https://blog.golemproject.net/introducing-graphene-ng-running-arbitrary-payloads-in-sgx-enclaves-a03f219447a5.Google Scholar
Kaptchuk, G., Miers, I., and Green, M. Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers. Report 2017/201, Cryptology ePrint Archive, Apr. 2018. https://eprint.iacr.org/2017/201.Google Scholar
Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., and Vij, M. Integrating Remote Attestation with Transport Layer Security. Tech. Rep. arXiv:1801.05863v1 [cs.CR], arXiv.org, 2017. https://arxiv.org/abs/1801.05863.Google Scholar
Lee, S., Shih, M.-W., Gera, P., Kim, T., and Kim, H. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-sangho.pdf.Google Scholar
Microsoft. Azure Functions Pricing, 2018. https://azure.microsoft.com/en-us/pricing/details/functions/.Google Scholar
Microsoft. The Coco Framework: Technical Overview, 2018. https://github.com/Azure/coco-framework/.Google Scholar
Milutinovic, M., He, W., Wu, H., and Kanwal, M. Proof of Luck: An Efficient Blockchain Consensus Protocol. In 1st Workshop on System Software for Trusted Execution (2016), SysTEX '16. https://doi.org/10.1145/3007788.3007790.Google ScholarDigital Library
Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 USENIX Annual Technical Conference (2018). https://www.usenix.org/conference/atc18/presentation/oleksenko.Google Scholar
Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy (May 2015). https://doi.org/10.1109/SP.2015.10.Google ScholarDigital Library
Seo, J., Lee, B., Kim, S. M., Shih, M.-W., Shin, I., Han, D., and Kim, T. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS (2017). https://cps.kaist.ac.kr/papers/ndss17-sgxshield.pdf.Google Scholar
SETI@home, 2018. https://setiathome.berkeley.edu/.Google Scholar
Shen, Y., Chen, Y., Chen, K., Tian, H., and Yan, S. To Isolate, or to Share?: That is a Question for Intel SGX. In 9th Asia-Pacific Workshop on Systems (2018). https://doi.org/10.1145/3265723.3265727.Google ScholarDigital Library
Shih, M.-W., Lee, S., Kim, T., and Peinado, M. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs/.Google Scholar
Tople, S., Park, S., Kang, M. S., and Saxena, P. VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation. In Applied Cryptography and Network Security (2018). https://doi.org/10.1007/978-3-319-93387-0_34.Google ScholarDigital Library
Van Bulck, J., Piessens, F., and Strackx, R. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In 2nd Workshop on System Software for Trusted Execution (2017). https://doi.org/10.1145/3152701.3152706.Google ScholarDigital Library
Wahbe, R., Lucco, S., Anderson, T., and Graham, S. Efficient Software-Based Fault Isolation. In Fourteenth ACM Symposium on Operating Systems Principles (1993). https://doi.org/10.1145/168619.168635.Google Scholar
Wang, H., Bauman, E., Karande, V., Lin, Z., Cheng, Y., and Zhang, Y. Running Language Interpreters Inside SGX: A Lightweight,Legacy-Compatible Script Code Hardening Approach. In 2019 ACM Asia Conference on Computer and Communications Security (2019). https://doi.org/10.1145/3321705.3329848.Google ScholarDigital Library
Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy (2015). https://doi.org/10.1109/SP.2015.45.Google Scholar
Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., and Fullagar, N. Native Client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Research in Security and Privacy (2009). https://doi.org/10.1109/SP.2009.25.Google ScholarDigital Library
Zhang, F., Eyal, I., Escriva, R., Juels, A., and Renesse, R. V. REM: Resource-Efficient Mining for Blockchains. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/zhang.Google Scholar

Index Terms

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
1. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols
  2. Systems security

Recommendations

BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2

Function-as-a-service (FaaS), an emerging cloud computing paradigm, is expected to provide strong elasticity due to its promise to auto-scale fine-grained functions rapidly. Although appealing for applications with good parallelism and dynamic ...
Read More
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel Processing

Serverless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...
Read More
A SPEC RG Cloud Group's Vision on the Performance Challenges of FaaS Cloud Architectures
ICPE '18: Companion of the 2018 ACM/SPEC International Conference on Performance Engineering

As a key part of the serverless computing paradigm, Function-as-a-Service (FaaS) platforms enable users to run arbitrary functions without being concerned about operational issues. However, there are several performance-related issues surrounding the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop
November 2019
209 pages
ISBN:9781450368261
DOI:10.1145/3338466
Program Chairs:
Radu Sion
Stony Brook University, USA
,
Charalampos Papamanthou
University of Maryland, College Park, USA
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
function-as-a-service
intel sgx
resource measurement
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate37of108submissions,34%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 35
  Total Citations
  View Citations
- 969
  Total Downloads
- Downloads (Last 12 months)149
- Downloads (Last 6 weeks)23
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution

Supporting Multi-Provider Serverless Computing on the Edge

A SPEC RG Cloud Group's Vision on the Performance Challenges of FaaS Cloud Architectures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution

Supporting Multi-Provider Serverless Computing on the Edge

A SPEC RG Cloud Group's Vision on the Performance Challenges of FaaS Cloud Architectures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media