Seong-Joong Kim
ABSTRACT
Recent research has proposed the use of trusted execution environments (TEEs), such as SGX, in serverless computing to safeguard against threats from insecure system software, malicious co-located tenants, or suspicious cloud operators. However, integrating SGX, one of the most mature TEE, with serverless computing results in significant performance degradation due to the function startup latency caused by enclave creation. This performance degradation arises because SGX is not designed with serverless function startup procedures in mind, where numerous application codes, libraries, and data are re-initialized upon each function invocation. The inherent limitations of SGX contribute to significant performance degradation, whether through the addition of every page into the enclave, or the restriction of page permissions, which ultimately cause TLB flushes, context switches, and re-entering the enclave. In this paper, we first take key observations resident in the intrinsic features of the server-less function and propose Cryonics, a method of serving snapshot-based enclave that accelerates the startup time of the function instance by creating a future-proof working set of that. We consider the page locality and obsolete pages of the enclaved function instance to create a lightweight working set used for serving requests. Our evaluation shows that Cryonics achieves up to 100x outperformed startup time compared to existing cold-start-based methods and reveals the stability of the startup time.
- Istemi Ekin Akkus, Ruichuan Chen, Ivica Rimac, Manuel Stein, Klaus Satzke, Andre Beck, Paarijaat Aditya, and Volker Hilt. 2018. SAND: Towards High-Performance Serverless Computing. In Proceedings of USENIX Annual Technical Conference (ATC '18).Google Scholar
- Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX. In Proceedings of ACM SIGSAC Conference on Cloud Computing Security Workshop (CCSW '19).Google ScholarDigital Library
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI '16).Google Scholar
- Ioana Baldini, Paul Castro, Kerry Chang, Perry Cheng, Stephen Fink, Vatche Ishakian, Nick Mitchell, Vinod Muthusamy, Rodric Rabbah, Aleksander Slominski, and Philippe Suter. 2017. Serverless Computing: Current Trends and Open Problems. In Research Advances in Cloud Computing.Google Scholar
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding Applications from an Untrusted Cloud with Haven. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation (OSDI '14).Google Scholar
- Stefan Brenner and Rüdiger Kapitza. 2019. Trust more, serverless. In Proceedings of ACM International Systems and Storage Conference (SYSTOR '19).Google ScholarDigital Library
- J. V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. 2019. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of Order Execution. In Proceedings of USENIX Annual Technical Conference (ATC '19).Google Scholar
- J. V. Bulck, D. Moghimi, M. Schwarz, M. Lipp, M. Minkin, D. Genkin, Y. Yarom, B. Sunar, D. Gruss, and F. Piessens. 2020. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In Proceedings of 41st IEEE Symposium on Security and Privacy (S&P '20)'.Google Scholar
- James Cadden, Thomas Unger, Yara Awad, Han Dong, Orran Krieger, and Jonathan Appavoo. 2020. SEUSS: skip redundant paths to make serverless fast. In Proceedings of European Conference on Computer Systems (EuroSys '20).Google ScholarDigital Library
- Paul Castro, Vatche Isahagian, Vinod Muthusamy, and Aleksander Slominski. 2022. Hybrid Serverless Computing: Opportunities and Challenges. arXiv:2208.04213 [cs.DC]Google Scholar
- Sam Corcos. 2022. How to Keep Your AWS Lambda Functions Warm. Retrieved May 31, 2023 from Available:https://acloudguru.com/blog/engineering/how-to-keep-your-lambda-functions-warmGoogle Scholar
- Victor Costan and Srinivas Devadas. 2016. Intel SGX explained.Google Scholar
- Yu Ding, Ran Duan, Long Li, Yueqiang Cheng, Yulong Zhang, Tanghui Chen, Tao Wei, and Huibo Wang. 2017. POSTER: Rust SGX SDK: Towards Memory Safety in Intel SGX Enclave. In Proceedings of The ACM Conference on Computer and Communications Security (CCS '17).Google ScholarDigital Library
- Dong Du, Tianyi Yu, Yubin Xia, Binyu Zang, Guanglu Yan, Chenggang Qin, Qixuan Wu, and Haibo Chen. 2020. Catalyzer: Sub-millisecond startup for serverless computing with initialization-less booting. In Proceedings of 25th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '20).Google ScholarDigital Library
- Nicolas A. Economou and Enrique E. Nissim. 2016. Getting Physical: Extreme abuse of Intel based Paging Systems. Retrieved June 4, 2023 from Available:https://www.coresecurity.com/sites/default/files/private-files/publications/2016/05/CSW2016%20-%20Getting%20Physical%20-%20Extended%20Version.pdfGoogle Scholar
- Xing Gao, Zhongshu Gu, Zhengfa Li, Hani Jamjoom, and Cong Wang. 2019. Houdini's Escape: Breaking the Resource Rein of Linux Control Groups. In Proceedings of the 26th ACM Conference on Computer and Communications (CCS '19).Google ScholarDigital Library
- David Goltzsche, Colin Wulf, Divya Muthukumaran, Konrad Rieck, Peter Pietzuch, and Rüdiger Kapitza. 2017. TrustJS: Trusted Client-side Execution of JavaScript. In European Workshop on Systems Security (EuroSec '17).Google ScholarDigital Library
- Google. 2022. Google Cloud Functions. Retrieved April 5, 2023 from https://cloud.google.com/functionsGoogle Scholar
- K. Indrasiri and D. Kuruppu. 2020. gRPC: Up and Running: Building Cloud Native Applications with Go and Java for Docker and Kubernetes. O'Reilly Media.Google Scholar
- Simon Johnson, Raghunandan Makaram, Amy Santoni, and Vinnie Scarlet. 2022. Supporting Intel SGX on Multi-Socket Platforms. Retrieved April 5, 2023 from Available:https://www.intel.com/content/dam/www/public/us/en/documents/whitepapers/supporting-intel-sgx-on-mulit-socket-platforms.pdfGoogle Scholar
- Jeongchul Kim and Kyungyong Lee. 2019. FunctionBench: A Suite of Workloads for Serverless Cloud Function Service. In Proceedings of IEEE International Conference on Cloud Computing (CLOUD '19).Google ScholarCross Ref
- Taehoon Kim, Joongun Park, Jaewook Woo, Seungheun Jeon, and Jaehyuk Huh. 2019. ShieldStore: Shielded In-memory Key-value Storage with SGX. In Proceedings of the The European Conference on Computer Systems (EuroSys '19).Google ScholarDigital Library
- Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of 40th IEEE Symposium on Security and Privacy (S&P '19).Google ScholarCross Ref
- Junfeng Li, Sameer G. Kulkarni, K. K. Ramakrishnan, and Dan Li. 2019. Understanding Open Source Serverless Platforms: Design Considerations and Performance. In Proceedings of the 5th International Workshop on Serverless Computing (WoSC '19).Google ScholarDigital Library
- Mingyu Li, Yubin Xia, and Haibo Chen. 2021. Confidential serverless made efficient with plug-in enclaves. In Proceedings of the International Symposium on Computer Architecture (ISCA '21).Google ScholarDigital Library
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative Instructions and Software Model for Isolated Execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP).Google Scholar
- Microsoft. 2022. Azure Functions. Retrieved April 5, 2023 from https://azure.microsoft.com/en-us/products/functionsGoogle Scholar
- MITRE. 2014. CVE-2014-9357. Retrieved April 5, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9357Google Scholar
- MITRE. 2015. CVE-2015-3456. Retrieved April 5, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456Google Scholar
- MITRE. 2015. CVE-2015-5154. Retrieved April 5, 2023 from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154Google Scholar
- Anup Mohan, Harshad Sane, Kshitij Doshi, Saikrishna Edupuganti, Naren Nayak, and Vadim Sukhomlinov. 2019. Agile Cold Starts for Scalable Serverless. In Proceedings of the 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud '19).Google ScholarDigital Library
- Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proceedings of USENIX Annual Technical Conference (ATC '18).Google Scholar
- Christian Priebe, Divya Muthukumaran, Joshua Lind, Huanzhou Zhu, Shujie Cui, and Vasily A. Sartakovand Peter Pietzuch. 2019. SGX-LKL: Securing the Host OS Interface for Trusted Execution. In arXiv:1908.11143.Google Scholar
- Christian Priebe, Kapil Vaswani, and Manuel Costa. 2018. EnclaveDB: A secure database using SGX. In Proceedings of 39th IEEE Symposium on Security and Privacy (S&P '18).Google ScholarCross Ref
- Anjo Vahldiek-Oberwagner Thomas Knauth Pramod Bhatotia Christof Fetzer Robert Krahn, Bohdan Trach. 2018. Pesos: Policy Enhanced Secure Object Store. In ACM EuroSys.Google Scholar
- Peter Sbarski and Sam Kroonenburg. 2017. Serverless architectures on AWS: with examples using Aws Lambda. Manning Publications, New York.Google Scholar
- Felix Schuster, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Marcus Peinado, Gloria Mainar-Ruiz, and Mark Russinovich. 2015. VC3: Trustworthy Data Analytics in the Cloud using SGX. In Proceedings of 36th IEEE Symposium on Security and Privacy (S&P '15).Google ScholarDigital Library
- Mohammad Shahrad, Rodrigo Fonseca, Íñigo Goiri, Gohar Chaudhry, Paul Batum, Jason Cooke, Eduardo Laureano, Colby Tresness, Mark Russinovich, and Ricardo Bianchini. 2020. Serverless in the Wild: Characterizing and Optimizing the Serverless Workload at a Large Cloudd Provider. In Proceedings of USENIX Annual Technical Conference (ATC '20).Google Scholar
- Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. 2017. Panoply: Low-TCB Linux Applications With SGX Enclaves. In Proceedings of the Network and Distributed System Security (NDSS) Symposium (NDSS '17).Google ScholarCross Ref
- Paulo Silva, Daniel Fireman, and Thiago Emmanuel Pereira. 2020. Prebaking Functions to Warm the Serverless Cold Start. In Proceedings of the annual ACM/IFIP Middleware conference (Middleware '20).Google ScholarDigital Library
- ASYLO TEAM. 2019. Real-World Applications in Enclaves. Retrieved April 5, 2023 from https://asylo.dev/blog/2019/asylo-redis-sqlite.htmlGoogle Scholar
- Dave (Jing) Tian, Joseph Choi, Grant Hernandez, Patrick Traynor, and Kevin Butler. 2019. A practical intel sgx setting for linux containers in the cloud. In Proceedings of ACM Conference on Data and Application Security and Privacy (CODASPY '19).Google ScholarDigital Library
- Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. 2018. ShieldBox: Secure Middle-boxes using Shielded Execution. In Proceedings of Symposium on SDN Research (SOSR '18).Google ScholarDigital Library
- Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia, and Christof Fetzer. 2019. Clemmys: Towards Secure Remote Execution in FaaS. In Proceedings of the ACM International Systems and Storage Conference (SYSTOR '19).Google ScholarDigital Library
- Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, and Prateek Saxena. 2018. Obscuro: A Bitcoin Mixer using Trusted Execution Environments. In Proceedings of the Annual Computer Security Applications Conference (ACSAC '18).Google ScholarDigital Library
- Chia-Che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In Proceedings of USENIX Annual Technical Conference (ATC '17).Google Scholar
- Dmitrii Ustiugov, Plamen Petrov, Marios Kogias, Edouard Bugnion, and Boris Grot. 2021. Benchmarking, Analysis, and Optimization of Serverless Function Snapshots. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '21).Google ScholarDigital Library
- Ofir Weisse, Valeria Bertacco, and Todd Austin. 2017. Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves. In Proceedings of the 44th Annual International Symposium on Computer Architecture (ISCA '17).Google ScholarDigital Library
- Matthew Wilcox. 2018. XArray. Retrieved April 5, 2023 from Available: https://docs.kernel.org/core-api/xarray.htmlGoogle Scholar
- Y. Xu, W. Cui, and M. Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In Proceedings of 36th IEEE Symposium on Security and Privacy (S&P '15).Google Scholar
Index Terms
- Cryonics: Trustworthy Function-as-a-Service using Snapshot-based Enclaves
Recommendations
Hardware-hardened Sandbox Enclaves for Trusted Serverless Computing
In cloud-based serverless computing, an application consists of multiple functions provided by mutually distrusting parties. For secure serverless computing, the hardware-based trusted execution environment (TEE) can provide strong isolation among ...
Security Vulnerabilities of SGX and Countermeasures: A Survey
Invited TutorialTrusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of ...
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel ProcessingServerless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...
Comments