Serverless cloud computing promises to be an attractive offering to both cloud users and providers. Existing serverless frameworks, including AWS Lambda, Apache OpenWhisk and OpenFaaS, follow a function-as-a-service (FaaS) model in which users express the business logic of their cloud applications as a sequence of function invocations, written in popular languages such as Java, JavaScript, and Python. Partly due to the immaturity of existing FaaS platforms, security aspects, in particular related to isolation of functions and their integrity during execution, have large been unexplored by the research community. This introduces risks, both to cloud users and cloud providers, as open source FaaS platforms gain in adoption.
We propose to explore and enhance the security of today’s FaaS platforms both for cloud users and cloud providers using a two-pronged approach: (i) from the perspective of cloud users, we plan to investigate how trusted execution capabilities of modern CPUs, can be used to shield serverless functions from the rest of the cloud FaaS stack. The goal is to develop new practical approaches to guarantee the data confidentiality and integrity of function computation. A specific research challenge will be to support short-lived functions efficiently within a trusted execution environment (TEE) with substantially larger set-up times. In addition, we will provide protocols that enhance a TEE’s attestation mechanism to efficiently and securely provide guarantees for serveless functions; and (ii) from the perspective of cloud providers, we will explore more lightweight sandboxing mechanisms for serverless functions that go beyond containers and employ language-based isolation. We will enhance modern programming language runtimes such as Python and JavaScript with isolation abstractions and investigate WebAssembly as a new portable format for executable code that is claimed to nearly run as fast as native machine code. The designed abstractions will enable the scalable execution of serverless functions, while offering security guarantees that are at least as effective as those of containers.
We will make an open-source proof-of-concept implementation of the above research ideas available as part of an extension of the OpenFaaS platform. At the hardware level, we will base our implementation on Intel SGX but also investigate the use of related more lightweight but less powerful technologies such as Intel MKTME and AMD SEV. In addition, we will publicise our research results through paper submissions to top-tier systems and security conferences.
Abstract: Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios -- volunteer computing, serverless computing, and pay-by-computation for the web -- shows a maximum accounting overhead of 10%.
Abstract: The increasingly popular and novel Function-as-a-Service (FaaS) clouds allow users the deployment of single functions. Compared to Infrastructure-as-a-Service or Platform-as-a-Service , this enables providers even more aggressive and rigorous resource sharing and liberates customers from tedious maintenance tasks. However, as a crucial factor of cloud adoption, FaaS clouds need to provide security and privacy guarantees in order to allow sensitive data processing. In this paper, we investigate securing FaaS clouds for sensitive data processing, while respecting their new features, capabilities and benefits in a technology-aware manner. We start with the proposal of a generic approach for a JavaScript-based secure FaaS platform, then get more specific and discuss the implementation of two distinct approaches based on (a) a lightweight and (b) a high performance JavaScript engine. Our prototype implementation shows promising performance while efficiently utilising resources, thereby keeping the penalties of the added security low.
| Title | Type | Supervisor | Status |
|---|---|---|---|
| Enabling peer-to-peer communication between cooperative trusted web applications | Bachelor Thesis | Dr. David Goltzsche | finished |
| Secure Volunteer Computing | Master Thesis | Dr. David Goltzsche | finished |
| Evaluation von WebAssembly Instruktionen | Bachelor Thesis | Dr. David Goltzsche | finished |
If you are interested in writing a thesis regarding this project, please feel free to contact us.