Clemmys: Towards Secure Remote Execution in FaaS
Research output: Contribution to book/Conference proceedings/Anthology/Report › Conference contribution › Contributed › peer-review
Contributors
Abstract
We introduce Clemmys, a security-first serverless platform that ensures confidentiality and integrity of users' functions and data as they are processed on untrusted cloud premises, while keeping the cost of protection low. We provide a design for hardening FaaS platforms with Intel SGX---a hardware-based shielded execution technology. We explain the protocol that our system uses to ensure confidentiality and integrity of data, and integrity of function chains. To overcome performance and latency issues that are inherent in SGX applications, we apply several SGX-specific optimizations to the runtime system: we use SGXv2 to speed up the enclave startup and perform batch EPC augmentation. To evaluate our approach, we implement our design over Apache Open-Whisk, a popular serverless platform. Lastly, we show that Clemmys achieved same throughput and similar latency as native Apache OpenWhisk, while allowing it to withstand several new attack vectors.
Details
Original language | English |
---|---|
Title of host publication | SYSTOR '19: Proceedings of the 12th ACM International Conference on Systems and Storage |
Pages | 44-54 |
Number of pages | 11 |
Volume | 2019 |
ISBN (electronic) | 978-1-4503-6749-3 |
Publication status | Published - 2019 |
Peer-reviewed | Yes |
Publication series
Series | SYSTOR: ACM International Systems and Storage Conference |
---|
External IDs
Scopus | 85067111785 |
---|
Keywords
Research priority areas of TU Dresden
DFG Classification of Subject Areas according to Review Boards
Keywords
- Security, privacy, Distributed systems security