S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX

Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, Michael Steiner

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference contributionScientificvertaisarvioitu

10 Sitaatiot (Scopus)

Abstrakti

Function-as-a-Service (FaaS) is a recent and popular cloud computing paradigm in which the function provider specifies a function to be run and is billed only for the computational resources used by that function. Compared to other cloud paradigms, FaaS requires significantly more fine-grained measurement of functions' compute time and memory usage. Since functions are short and stateless, small ephemeral entities (e.g. individuals or underutilized data centers) can become FaaS service providers. However, this exacerbates the already substantial challenges of 1) ensuring integrity of computation, 2) minimizing information revealed to the service provider, and 3) accurately measuring computational resource usage. To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees using Intel SGX. To match the dynamic event-driven nature of FaaS, we introduce a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of reusable resource measurement mechanisms that securely measure compute time and memory usage inside an enclave. We have integrated S-FaaS into the OpenWhisk FaaS framework and provide this as open source software.

AlkuperäiskieliEnglanti
OtsikkoCCSW 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop
KustantajaACM
Sivut185-199
Sivumäärä15
ISBN (elektroninen)9781450368261
DOI - pysyväislinkit
TilaJulkaistu - 11 marraskuuta 2019
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisuussa
TapahtumaACM Cloud Computing Security Workshop - London, Iso-Britannia
Kesto: 11 marraskuuta 201911 marraskuuta 2019
Konferenssinumero: 10

Julkaisusarja

NimiProceedings of the ACM Conference on Computer and Communications Security
ISSN (painettu)1543-7221

Workshop

WorkshopACM Cloud Computing Security Workshop
LyhennettäCCSW
MaaIso-Britannia
KaupunkiLondon
Ajanjakso11/11/201911/11/2019

Sormenjälki

Sukella tutkimusaiheisiin 'S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä