Clemmys: Towards Secure Remote Execution in FaaS

Research output: Contribution to book/Conference proceedings/Anthology/ReportConference contributionContributedpeer-review

Contributors

Abstract

We introduce Clemmys, a security-first serverless platform that ensures confidentiality and integrity of users' functions and data as they are processed on untrusted cloud premises, while keeping the cost of protection low. We provide a design for hardening FaaS platforms with Intel SGX---a hardware-based shielded execution technology. We explain the protocol that our system uses to ensure confidentiality and integrity of data, and integrity of function chains. To overcome performance and latency issues that are inherent in SGX applications, we apply several SGX-specific optimizations to the runtime system: we use SGXv2 to speed up the enclave startup and perform batch EPC augmentation. To evaluate our approach, we implement our design over Apache Open-Whisk, a popular serverless platform. Lastly, we show that Clemmys achieved same throughput and similar latency as native Apache OpenWhisk, while allowing it to withstand several new attack vectors.

Details

Original languageEnglish
Title of host publicationSYSTOR '19: Proceedings of the 12th ACM International Conference on Systems and Storage
Pages44-54
Number of pages11
Volume2019
ISBN (electronic)978-1-4503-6749-3
Publication statusPublished - 2019
Peer-reviewedYes

Publication series

SeriesSYSTOR: ACM International Systems and Storage Conference

External IDs

Scopus 85067111785

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards

Keywords

  • Security, privacy, Distributed systems security