research-article

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

Authors:

Arseny Kurnikov,

Michael SteinerAuthors Info & Claims

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Pages 185 - 199

https://doi.org/10.1145/3338466.3358916

Published: 11 November 2019 Publication History

Abstract

Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage.

To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.

References

[1]

ConvNetJS, 2016. https://cs.stanford.edu/people/karpathy/convnetjs/.

[2]

Ankr network, 2019. https://www.ankr.com.

[3]

Intel TSX, 2019. https://www.intel.com/software/tsx.

[4]

Amazon Web Services. AWS EC2 Spot Pricing, 2018. https://aws.amazon.com/ec2/spot/pricing/.

[5]

Amazon Web Services. AWS Lambda Pricing, 2018. https://aws.amazon.com/lambda/pricing/.

[6]

Apache OpenWhisk, 2018. https://openwhisk.apache.org/.

[7]

Bauman, E., Wang, H., Zhang, M., and Lin, Z. SGXElide: Enabling Enclave Code Secrecy via Self-modification. In 2018 International Symposium on Code Generation and Optimization (2018), CGO 2018. https://doi.org/10.1145/3168833.

Digital Library

[8]

Bowman, M., Miele, A., Steiner, M., and Vavala, B. Private Data Objects: an Overview. arXiv:1807.05686 [cs] (July 2018). http://arxiv.org/abs/1807.05686.

[9]

Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., and Sadeghi, A.-R. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Conference on Offensive Technologies (2017), WOOT'17. https://www.usenix.org/system/files/conference/woot17/woot17-paper-brasser.pdf.

[10]

Brenner, S., Goltzsche, D., and Kapitza, R. TrApps: Secure Compartments in the Evil Cloud. In 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (2017), XDOMO'17. https://doi.org/10.1145/3071064.3071069.

Digital Library

[11]

Brenner, S., Hundt, T., Mazzeo, G., and Kapitza, R. Secure Cloud Micro Services Using Intel SGX. In Distributed Applications and Interoperable Systems (2017). https://doi.org/10.1007/978--3--319--59665--5_13.

[12]

Brenner, S., and Kapitza, R. Trust More, Serverless. In 12th ACM International Conference on Systems and Storage (2019), SYSTOR '19. https://doi.org/10.1145/3319647.3325825.

[13]

Bulck, J. V., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck.

[14]

Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In 2019 IEEE European Symposium on Security and Privacy (June 2019). https://doi.org/10.1109/EuroSP.2019.00020.

[15]

Chen, G., Wang, W., Chen, T., Chen, S., Zhang, Y., Wang, X., Lai, T., and Lin, D. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In 2018 IEEE Symposium on Security and Privacy (SP) (2018). https://doi.org/10.1109/SP.2018.00024.

[16]

Chen, S., Zhang, X., Reiter, M. K., and Zhang, Y. Detecting Privileged Side-Channel Attacks in Shielded Execution with DéJà Vu. In 2017 ACM on Asia Conference on Computer and Communications Security (2017), ASIA CCS '17. https://doi.org/10.1145/3052973.3053007.

[17]

Cheng, R., Zhang, F., Kos, J., He, W., Hynes, N., Johnson, N., Juels, A., Miller, A., and Song, D. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. arXiv:1804.05141 [cs] (Apr. 2018). http://arxiv.org/abs/1804.05141.

[18]

ClimatePrediction.net, 2018. https://www.climateprediction.net/.

[19]

Dinh, T. T. A., Saxena, P., Chang, E.-C., Ooi, B. C., and Zhang, C. M2R: Enabling stronger privacy in MapReduce computation. In 24th USENIX Security Symposium (2015). https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-dinh.pdf.

[20]

Duktape, 2018. https://duktape.org/.

[21]

Folding@home, 2018. https://foldingathome.org/.

[22]

Golem Network, 2018. https://golem.network/.

[23]

Goltzsche, D., Wulf, C., Muthukumaran, D., Rieck, K., Pietzuch, P., and Kapitza, R. TrustJS: Trusted Client-side Execution of JavaScript. In European Workshop on Systems Security (2017). https://doi.org/10.1145/3065913.3065917.

Digital Library

[24]

Google. Cloud Functions Pricing Summary, 2018. https://cloud.google.com/functions/pricing-summary/.

[25]

Google. Octane JavaScript Benchmark Suite, 2018. https://developers.google.com/octane/.

[26]

Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-gruss.pdf.

Digital Library

[27]

Hunt, T., Zhu, Z., Xu, Y., Peter, S., and Witchel, E. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In 12th USENIX Conference on Operating Systems Design and Implementation (2016). https://www.usenix.org/system/files/conference/osdi16/osdi16-hunt.pdf.

[28]

IBM. Cloud Functions Pricing, 2018. https://console.bluemix.net/openwhisk/learn/pricing.

[29]

Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, 2018. https://software.intel.com/en-us/articles/intel-sdm.

[30]

Intel Corporation. Intel Software Guard Exentions (Intel SGX): Protected Code Loader (PCL) for Linux, 2018. https://github.com/intel/linux-sgx-pcl/blob/master/Intel(R)%20SGX%20Protected%20Code%20Loader%20for%20Linux%20User%20Guide.pdf.

[31]

Joanna Rutkowska. Introducing Graphene-ng: running arbitrary payloads in SGX enclaves, 2018. https://blog.golemproject.net/introducing-graphene-ng-running-arbitrary-payloads-in-sgx-enclaves-a03f219447a5.

[32]

Kaptchuk, G., Miers, I., and Green, M. Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers. Report 2017/201, Cryptology ePrint Archive, Apr. 2018. https://eprint.iacr.org/2017/201.

[33]

Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., and Vij, M. Integrating Remote Attestation with Transport Layer Security. Tech. Rep. arXiv:1801.05863v1 [cs.CR], arXiv.org, 2017. https://arxiv.org/abs/1801.05863.

[34]

Lee, S., Shih, M.-W., Gera, P., Kim, T., and Kim, H. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium (2017). https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-sangho.pdf.

[35]

Microsoft. Azure Functions Pricing, 2018. https://azure.microsoft.com/en-us/pricing/details/functions/.

[36]

Microsoft. The Coco Framework: Technical Overview, 2018. https://github.com/Azure/coco-framework/.

[37]

Milutinovic, M., He, W., Wu, H., and Kanwal, M. Proof of Luck: An Efficient Blockchain Consensus Protocol. In 1st Workshop on System Software for Trusted Execution (2016), SysTEX '16. https://doi.org/10.1145/3007788.3007790.

Digital Library

[38]

Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., and Fetzer, C. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 USENIX Annual Technical Conference (2018). https://www.usenix.org/conference/atc18/presentation/oleksenko.

[39]

Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., and Russinovich, M. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy (May 2015). https://doi.org/10.1109/SP.2015.10.

Digital Library

[40]

Seo, J., Lee, B., Kim, S. M., Shih, M.-W., Shin, I., Han, D., and Kim, T. SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs. In NDSS (2017). https://cps.kaist.ac.kr/papers/ndss17-sgxshield.pdf.

[41]

SETI@home, 2018. https://setiathome.berkeley.edu/.

[42]

Shen, Y., Chen, Y., Chen, K., Tian, H., and Yan, S. To Isolate, or to Share?: That is a Question for Intel SGX. In 9th Asia-Pacific Workshop on Systems (2018). https://doi.org/10.1145/3265723.3265727.

Digital Library

[43]

Shih, M.-W., Lee, S., Kim, T., and Peinado, M. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs/.

[44]

Tople, S., Park, S., Kang, M. S., and Saxena, P. VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation. In Applied Cryptography and Network Security (2018). https://doi.org/10.1007/978-3-319-93387-0_34.

Digital Library

[45]

Van Bulck, J., Piessens, F., and Strackx, R. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In 2nd Workshop on System Software for Trusted Execution (2017). https://doi.org/10.1145/3152701.3152706.

Digital Library

[46]

Wahbe, R., Lucco, S., Anderson, T., and Graham, S. Efficient Software-Based Fault Isolation. In Fourteenth ACM Symposium on Operating Systems Principles (1993). https://doi.org/10.1145/168619.168635.

[47]

Wang, H., Bauman, E., Karande, V., Lin, Z., Cheng, Y., and Zhang, Y. Running Language Interpreters Inside SGX: A Lightweight,Legacy-Compatible Script Code Hardening Approach. In 2019 ACM Asia Conference on Computer and Communications Security (2019). https://doi.org/10.1145/3321705.3329848.

Digital Library

[48]

Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy (2015). https://doi.org/10.1109/SP.2015.45.

[49]

Yee, B., Sehr, D., Dardyk, G., Chen, J. B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., and Fullagar, N. Native Client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Research in Security and Privacy (2009). https://doi.org/10.1109/SP.2009.25.

Digital Library

[50]

Zhang, F., Eyal, I., Escriva, R., Juels, A., and Renesse, R. V. REM: Resource-Efficient Mining for Blockchains. In 26th USENIX Security Symposium (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/zhang.

Cited By

Song JKim BKwak MLee BSeo EJeong JBagchi SZhang Y(2024)A secure, fast, and resource-efficient serverless platform with function REWINDProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692029(597-613)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692029
Segarra CFeldman-Fitzthum TBuono DPietzuch P(2024)Serverless Confidential Containers: Challenges and OpportunitiesProceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologies10.1145/3642977.3652097(32-40)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642977.3652097
Liu THuang ZLi JNiu JChen GZhang Y(2024)SoK: Opportunities for Accelerating Multi - Party Computation via Trusted Hardware2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00024(143-154)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00024
Show More Cited By

Index Terms

S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
1. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
      1. Hardware-based security protocols
  2. Systems security

Recommendations

Enhancing Effective Bidirectional Isolation for Function Fusion in Serverless Architectures
Middleware '24: Proceedings of the 25th International Middleware Conference

Serverless computing has emerged as a popular paradigm in modern cloud environments, offering flexibility and scalability to tenants. A serverless function might handle sensitive tenant data. Employing Trusted Execution Environment (TEE) techniques to ...
BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2

Function-as-a-service (FaaS), an emerging cloud computing paradigm, is expected to provide strong elasticity due to its promise to auto-scale fine-grained functions rapidly. Although appealing for applications with good parallelism and dynamic ...
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel Processing

Serverless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

November 2019

209 pages

ISBN:9781450368261

DOI:10.1145/3338466

Program Chairs:
Radu Sion
Stony Brook University, USA
,
Charalampos Papamanthou
University of Maryland, College Park, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Business Finland
US-UK Fulbright Commission
Intel Corporation

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11, 2019

London, United Kingdom

Acceptance Rates

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
1,063
Total Downloads

Downloads (Last 12 months)160
Downloads (Last 6 weeks)15

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Song JKim BKwak MLee BSeo EJeong JBagchi SZhang Y(2024)A secure, fast, and resource-efficient serverless platform with function REWINDProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692029(597-613)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692029
Segarra CFeldman-Fitzthum TBuono DPietzuch P(2024)Serverless Confidential Containers: Challenges and OpportunitiesProceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologies10.1145/3642977.3652097(32-40)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642977.3652097
Liu THuang ZLi JNiu JChen GZhang Y(2024)SoK: Opportunities for Accelerating Multi - Party Computation via Trusted Hardware2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00024(143-154)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00024
Zhang ZXue JBaker TChen TZhao YMeng W(2024)FMC-CEE: A Collaborative Execution Environment with Flash Memory Controllers in IoT2024 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)10.1109/PerComWorkshops59983.2024.10502685(88-93)Online publication date: 11-Mar-2024
https://doi.org/10.1109/PerComWorkshops59983.2024.10502685
Yagawa TTeruya TSuzaki KAbe H(2024)Delegating Verification for Remote Attestation Using TEE2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00025(186-192)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00025
Zhang ZXue JChen TZhao YMeng W(2024)Flash controller-based secure execution environment for protecting code confidentialityJournal of Systems Architecture10.1016/j.sysarc.2024.103172152(103172)Online publication date: Jul-2024
https://doi.org/10.1016/j.sysarc.2024.103172
Shamendra APeries BSeneviratne GRathnayake S(2024)TruFaaS - Trust Verification Framework for FaaSUbiquitous Security10.1007/978-981-97-1274-8_20(304-318)Online publication date: 13-Mar-2024
https://doi.org/10.1007/978-981-97-1274-8_20
Constable SVan Bulck JCheng XXiao YXing CAlexandrovich IKim TPiessens FVij MSilberstein MCalandrino JTroncoso C(2023)AEX-NotifyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620464(4051-4068)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620464
Howard HAlder FAshton EChamayou AClebsch SCosta MDelignat-Lavaud AFournet CJeffery AKerner MKounelis FKuppe MMaffre JRussinovich MWintersteiger C(2023)Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High AvailabilityProceedings of the VLDB Endowment10.14778/3626292.362630417:2(225-240)Online publication date: 1-Oct-2023
https://dl.acm.org/doi/10.14778/3626292.3626304
Park JKang SLee SKim TPark JKwon YHuh J(2023)Hardware Hardened Sandbox Enclaves for Trusted Serverless ComputingACM Transactions on Architecture and Code Optimization10.1145/3632954Online publication date: 14-Nov-2023
https://dl.acm.org/doi/10.1145/3632954
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents