S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX

Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, Michael Steiner

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

9 Citations (Scopus)

Abstract

Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage. To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.

Original languageEnglish
Title of host publicationCCSW 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop
PublisherACM
Pages185-199
Number of pages15
ISBN (Electronic)9781450368261
DOIs
Publication statusPublished - 11 Nov 2019
MoE publication typeA4 Article in a conference publication
EventACM Cloud Computing Security Workshop - London, United Kingdom
Duration: 11 Nov 201911 Nov 2019
Conference number: 10

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Workshop

WorkshopACM Cloud Computing Security Workshop
Abbreviated titleCCSW
CountryUnited Kingdom
CityLondon
Period11/11/201911/11/2019

Keywords

  • Function-as-a-service
  • Intel SGX
  • Resource measurement

Fingerprint Dive into the research topics of 'S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX'. Together they form a unique fingerprint.

Cite this