ABSTRACT
Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage.
To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.
- ConvNetJS, 2016. https://cs.stanford.edu/people/karpathy/convnetjs/.Google Scholar
- Ankr network, 2019. https://www.ankr.com.Google Scholar
- Intel TSX, 2019. https://www.intel.com/software/tsx.Google Scholar
- Amazon Web Services. AWS EC2 Spot Pricing, 2018. https://aws.amazon.com/ec2/spot/pricing/.Google Scholar
- Amazon Web Services. AWS Lambda Pricing, 2018. https://aws.amazon.com/lambda/pricing/.Google Scholar
- Apache OpenWhisk, 2018. https://openwhisk.apache.org/.Google Scholar
- Bauman, E., Wang, H., Zhang, M., and Lin, Z. SGXElide: Enabling Enclave Code Secrecy via Self-modification. In 2018 International Symposium on Code Generation and Optimization (2018), CGO 2018. https://doi.org/10.1145/3168833.Google ScholarDigital Library
- Bowman, M., Miele, A., Steiner, M., and Vavala, B. Private Data Objects: an Overview. arXiv:1807.05686 [cs] (July 2018). http://arxiv.org/abs/1807.05686.Google Scholar
- Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., and Sadeghi, A.-R. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Conference on Offensive Technologies (2017), WOOT'17. https://www.usenix.org/system/files/conference/woot17/woot17-paper-brasser.pdf.Google Scholar
- Brenner, S., Goltzsche, D., and Kapitza, R. TrApps: Secure Compartments in the Evil Cloud. In 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (2017), XDOMO'17. https://doi.org/10.1145/3071064.3071069.Google ScholarDigital Library
- Brenner, S., Hundt, T., Mazzeo, G., and Kapitza, R. Secure Cloud Micro Services Using Intel SGX. In Distributed Applications and Interoperable Systems (2017). https://doi.org/10.1007/978--3--319--59665--5_13.Google ScholarCross Ref
- Brenner, S., and Kapitza, R. Trust More, Serverless. In 12th ACM International Conference on Systems and Storage (2019), SYSTOR '19. https://doi.org/10.1145/3319647.3325825.Google Scholar
- Bulck, J. V., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck.Google Scholar
- Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In 2019 IEEE European Symposium on Security and Privacy (June 2019). https://doi.org/10.1109/EuroSP.2019.00020.Google ScholarCross Ref
- Chen, G., Wang, W., Chen, T., Chen, S., Zhang, Y., Wang, X., Lai, T., and Lin, D. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In 2018 IEEE Symposium on Security and Privacy (SP) (2018). https://doi.org/10.1109/SP.2018.00024.Google Scholar
- Chen, S., Zhang, X., Reiter, M. K., and Zhang, Y. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In 2017 ACM on Asia Conference on Computer and Communications Security (2017), ASIA CCS '17. https://doi.org/10.1145/3052973.3053007.Google Scholar
- Cheng, R., Zhang, F., Kos, J., He, W., Hynes, N., Johnson, N., Juels, A., Miller, A., and Song, D. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. arXiv:1804.05141 [cs] (Apr. 2018). http://arxiv.org/abs/1804.05141.Google Scholar
- ClimatePrediction.net, 2018. https://www.climateprediction.net/.Google Scholar
- Dinh, T. T. A., Saxena, P., Chang, E.-C., Ooi, B. C., and Zhang, C. M2R: Enabling stronger privacy in MapReduce computation. In 24th USENIX Security Symposium (2015). https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-dinh.pdf.Google Scholar
- Duktape, 2018. https://duktape.org/.Google Scholar
- Folding@home, 2018. https://foldingathome.org/.Google Scholar
- Golem Network, 2018. https://golem.network/.Google Scholar
- Goltzsche, D., Wulf, C., Muthukumaran, D., Rieck, K., Pietzuch, P., and Kapitza, R. TrustJS: Trusted Client-side Execution of JavaScript. In European Workshop on Systems Security (2017). https://doi.org/10.1145/3065913.3065917.Google ScholarDigital Library
- Google. Cloud Functions Pricing Summary, 2018. https://cloud.google.com/functions/pricing-summary/.Google Scholar
- Google. Octane JavaScript Benchmark Suite, 2018. https://developers.google.com/octane/.Google Scholar
- Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-gruss.pdf.Google ScholarDigital Library
- Hunt, T., Zhu, Z., Xu, Y., Peter, S., and Witchel, E. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In 12th USENIX Conference on Operating Systems Design and Implementation (2016). https://www.usenix.org/system/files/conference/osdi16/osdi16-hunt.pdf.Google Scholar
- IBM. Cloud Functions Pricing, 2018. https://console.bluemix.net/openwhisk/learn/pricing.Google Scholar
- Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, 2018. https://software.intel.com/en-us/articles/intel-sdm.Google Scholar
- Intel Corporation. Intel Software Guard Exentions (Intel SGX): Protected Code Loader (PCL) for Linux, 2018. https://github.com/intel/linux-sgx-pcl/blob/master/Intel(R)%20SGX%20Protected%20Code%20Loader%20for%20Linux%20User%20Guide.pdf.Google Scholar
- Joanna Rutkowska. Introducing Graphene-ng: running arbitrary payloads in SGX enclaves, 2018. https://blog.golemproject.net/introducing-graphene-ng-running-arbitrary-payloads-in-sgx-enclaves-a03f219447a5.Google Scholar
- Kaptchuk, G., Miers, I., and Green, M. Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers. Report 2017/201, Cryptology ePrint Archive, Apr. 2018. https://eprint.iacr.org/2017/201.Google Scholar
- Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., and Vij, M. Integrating Remote Attestation with Transport Layer Security. Tech. Rep. arXiv:1801.05863v1 [cs.CR], arXiv.org, 2017. https://arxiv.org/abs/1801.05863.Google Scholar
- Lee, S., Shih, M.-W., Gera, P., Kim, T., and Kim, H. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-sangho.pdf.Google Scholar
- Microsoft. Azure Functions Pricing, 2018. https://azure.microsoft.com/en-us/pricing/details/functions/.Google Scholar
- Microsoft. The Coco Framework: Technical Overview, 2018. https://github.com/Azure/coco-framework/.Google Scholar
- Milutinovic, M., He, W., Wu, H., and Kanwal, M. Proof of Luck: An Efficient Blockchain Consensus Protocol. In 1st Workshop on System Software for Trusted Execution (2016), SysTEX '16. https://doi.org/10.1145/3007788.3007790.Google ScholarDigital Library
- Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 USENIX Annual Technical Conference (2018). https://www.usenix.org/conference/atc18/presentation/oleksenko.Google Scholar
- Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy (May 2015). https://doi.org/10.1109/SP.2015.10.Google ScholarDigital Library
- Seo, J., Lee, B., Kim, S. M., Shih, M.-W., Shin, I., Han, D., and Kim, T. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS (2017). https://cps.kaist.ac.kr/papers/ndss17-sgxshield.pdf.Google Scholar
- SETI@home, 2018. https://setiathome.berkeley.edu/.Google Scholar
- Shen, Y., Chen, Y., Chen, K., Tian, H., and Yan, S. To Isolate, or to Share?: That is a Question for Intel SGX. In 9th Asia-Pacific Workshop on Systems (2018). https://doi.org/10.1145/3265723.3265727.Google ScholarDigital Library
- Shih, M.-W., Lee, S., Kim, T., and Peinado, M. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs/.Google Scholar
- Tople, S., Park, S., Kang, M. S., and Saxena, P. VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation. In Applied Cryptography and Network Security (2018). https://doi.org/10.1007/978-3-319-93387-0_34.Google ScholarDigital Library
- Van Bulck, J., Piessens, F., and Strackx, R. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In 2nd Workshop on System Software for Trusted Execution (2017). https://doi.org/10.1145/3152701.3152706.Google ScholarDigital Library
- Wahbe, R., Lucco, S., Anderson, T., and Graham, S. Efficient Software-Based Fault Isolation. In Fourteenth ACM Symposium on Operating Systems Principles (1993). https://doi.org/10.1145/168619.168635.Google Scholar
- Wang, H., Bauman, E., Karande, V., Lin, Z., Cheng, Y., and Zhang, Y. Running Language Interpreters Inside SGX: A Lightweight,Legacy-Compatible Script Code Hardening Approach. In 2019 ACM Asia Conference on Computer and Communications Security (2019). https://doi.org/10.1145/3321705.3329848.Google ScholarDigital Library
- Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy (2015). https://doi.org/10.1109/SP.2015.45.Google Scholar
- Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., and Fullagar, N. Native Client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Research in Security and Privacy (2009). https://doi.org/10.1109/SP.2009.25.Google ScholarDigital Library
- Zhang, F., Eyal, I., Escriva, R., Juels, A., and Renesse, R. V. REM: Resource-Efficient Mining for Blockchains. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/zhang.Google Scholar
Index Terms
- S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
Recommendations
BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2Function-as-a-service (FaaS), an emerging cloud computing paradigm, is expected to provide strong elasticity due to its promise to auto-scale fine-grained functions rapidly. Although appealing for applications with good parallelism and dynamic ...
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel ProcessingServerless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...
A SPEC RG Cloud Group's Vision on the Performance Challenges of FaaS Cloud Architectures
ICPE '18: Companion of the 2018 ACM/SPEC International Conference on Performance EngineeringAs a key part of the serverless computing paradigm, Function-as-a-Service (FaaS) platforms enable users to run arbitrary functions without being concerned about operational issues. However, there are several performance-related issues surrounding the ...
Comments