TFaaS: Trusted Sandboxed Execution of Serverless Functions

News

• April 2020: The TFaaS project recieved funding for the third year!
• March 2020: The code of AccTEE is now publicy available!
• September 2019: Our paper AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting has been accepted at Middleware'19!
• June 2019: The TFaaS project recieved funding for the second year!
• May 2019: Our paper Trust more, serverless has been accepted at SYSTOR'19!

Project Description

Serverless cloud computing promises to be an attractive offering to both cloud users and providers. Existing serverless frameworks, including AWS Lambda, Apache OpenWhisk and OpenFaaS, follow a function-as-a-service (FaaS) model in which users express the business logic of their cloud applications as a sequence of function invocations, written in popular languages such as Java, JavaScript, and Python. Partly due to the immaturity of existing FaaS platforms, security aspects, in particular related to isolation of functions and their integrity during execution, have large been unexplored by the research community. This introduces risks, both to cloud users and cloud providers, as open source FaaS platforms gain in adoption.

We propose to explore and enhance the security of today’s FaaS platforms both for cloud users and cloud providers using a two-pronged approach: (i) from the perspective of cloud users, we plan to investigate how trusted execution capabilities of modern CPUs, can be used to shield serverless functions from the rest of the cloud FaaS stack. The goal is to develop new practical approaches to guarantee the data confidentiality and integrity of function computation. A specific research challenge will be to support short-lived functions efficiently within a trusted execution environment (TEE) with substantially larger set-up times. In addition, we will provide protocols that enhance a TEE’s attestation mechanism to efficiently and securely provide guarantees for serveless functions; and (ii) from the perspective of cloud providers, we will explore more lightweight sandboxing mechanisms for serverless functions that go beyond containers and employ language-based isolation. We will enhance modern programming language runtimes such as Python and JavaScript with isolation abstractions and investigate WebAssembly as a new portable format for executable code that is claimed to nearly run as fast as native machine code. The designed abstractions will enable the scalable execution of serverless functions, while offering security guarantees that are at least as effective as those of containers.

We will make an open-source proof-of-concept implementation of the above research ideas available as part of an extension of the OpenFaaS platform. At the hardware level, we will base our implementation on Intel SGX but also investigate the use of related more lightweight but less powerful technologies such as Intel MKTME and AMD SEV. In addition, we will publicise our research results through paper submissions to top-tier systems and security conferences.

Publication List

• David Goltzsche, Manuel Nieke, Thomas Knauth and Rüdiger Kapitza: AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting, in Proceedings of the 20th International Middleware Conference, Middleware '19, Davis, CA, USA, ACM, 2019 (goltzsche2019acctee, DOI, BibTeX, Slides)
• Stefan Brenner and Rüdiger Kapitza: Trust More, Serverless, in Proceedings of the 12th ACM International Conference on Systems and Storage (SysTor'19), Haifa, Israel, pages 33-43, 2019 (systor19lambda, DOI, BibTeX)

Publication Summaries

"AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting" published at Middleware'19

Download the paper!

Abstract: Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios -- volunteer computing, serverless computing, and pay-by-computation for the web -- shows a maximum accounting overhead of 10%.

Presentation at SYSYOR 2019

Funded by Intel

Project Partners

• TU Braunschweig, Institute of Operating Systems and Computer Networks, Distributed Systems Group
• Imperial College London, Large-Scale Data Systems Group

Project Members at IBR

Theses

If you are interested in writing a thesis regarding this project, please feel free to contact us.