S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage. To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.

[1]  Frank Piessens,et al.  SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control , 2017, SysTEX@SOSP.

[2]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[3]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[4]  Christof Fetzer,et al.  Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks , 2018, USENIX ATC.

[5]  Insik Shin,et al.  SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs , 2017, NDSS.

[6]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[7]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[8]  Hongliang Liang,et al.  Bring the Missing Jigsaw Back: TrustedClock for SGX Enclaves , 2018, EuroSec@EuroSys.

[9]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[10]  Matthew Green,et al.  Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers , 2019, NDSS.

[11]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[12]  Rüdiger Kapitza,et al.  TrustJS: Trusted Client-side Execution of JavaScript , 2017, EUROSEC.

[13]  Rüdiger Kapitza,et al.  TrApps: Secure Compartments in the Evil Cloud , 2017, IWSEC 2017.

[14]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[15]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[16]  Mic Bowman,et al.  Private Data Objects: an Overview , 2018, ArXiv.

[17]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[18]  Valerio Schiavoni,et al.  SecureCloud: Secure big data processing in untrusted clouds , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[19]  Rüdiger Kapitza,et al.  Trust more, serverless , 2019, SYSTOR.

[20]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[21]  Li Lei,et al.  Integrating Remote Attestation with Transport Layer Security , 2018, ArXiv.

[22]  Prateek Saxena,et al.  VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation , 2018, ACNS.

[23]  Dongdai Lin,et al.  Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[24]  Christof Fetzer,et al.  SecureKeeper: Confidential ZooKeeper using Intel SGX , 2016, Middleware.

[25]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[26]  Warren He,et al.  Proof of Luck: an Efficient Blockchain Consensus Protocol , 2016, SysTEX@Middleware.

[27]  Shoumeng Yan,et al.  To Isolate, or to Share?: That is a Question for Intel SGX , 2018, APSys.

[28]  Mingwei Zhang,et al.  SGXElide: enabling enclave code secrecy via self-modification , 2018, CGO.

[29]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[30]  Valerio Schiavoni,et al.  SGX-Aware Container Orchestration for Heterogeneous Clusters , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[31]  Zhiqiang Lin,et al.  Running Language Interpreters Inside SGX: A Lightweight,Legacy-Compatible Script Code Hardening Approach , 2019, AsiaCCS.

[32]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[33]  Yuan Xiao,et al.  SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[34]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[35]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[36]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[37]  Rüdiger Kapitza,et al.  Secure Cloud Micro Services Using Intel SGX , 2017, DAIS.

[38]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.