clemmys
play

Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , - PowerPoint PPT Presentation

Nov 01, 2022 •349 likes •1.34k views

Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia, Christof Fetzer ACM SYSTOR 2019 FaaS Paradigm of Cloud Computing Function Runtime Guest OS Function Hypervisor Host OS FaaS

  1. Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach , Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia, Christof Fetzer ACM SYSTOR 2019

  2. FaaS Paradigm of Cloud Computing Function Runtime Guest OS Function Hypervisor Host OS

  3. FaaS Paradigm of Cloud Computing ● Less boilerplate work ☺ Function Runtime Easy autoscaling ☺ ● Guest OS Hypervisor Host OS

  4. How does FaaS work? Worker 1 Function A Gateway Controller Function B Worker 2 Function C

  5. How does FaaS work? Controller Worker 1 Function A Gateway Function B Worker 2 Function C

  6. How does FaaS work? Worker 1 Function A Gateway Controller Function B Worker 2 Function C

  7. How does FaaS work? Worker 1 itQX/e8= Function A Gateway Controller Function B Worker 2 Function C

  8. How does FaaS work? Worker 1 Secret Function A Gateway Controller Function B Worker 2 Function C

  9. How does FaaS work? Worker 1 A(Secret) Function A Gateway Controller Function B Worker 2 Function C Support for function chaining is an important requirement for serverless computing

  10. How does FaaS work? Worker 1 Function A Gateway Controller Function B B(A(Secret)) Worker 2 Function C Support for function chaining is an important requirement for serverless computing

  11. How does FaaS work? Worker 1 Function A Gateway Controller Function B Worker 2 Function C C(B(A(Secret))) Support for function chaining is an important requirement for serverless computing

  12. How does FaaS work? Worker 1 C(B(A(Secret))) Function A Gateway Controller Function B Worker 2 Function C

  13. How does FaaS work? Worker 1 IysMdOmldNYL Function A Gateway Controller Function B Worker 2 Function C

  14. Is Faas secure? ● Less boilerplate work ☺ ● Easy autoscaling ☺ Worker 1 Function A Gateway Controller Function B Worker 2 Function C

  15. Is Faas secure? ● Less boilerplate work ☺ ● Easy autoscaling ☺ ● Low-trust environment Worker 1 Function A Gateway Controller Function B Worker 2 Function C

  16. Why is FaaS insecure? Inspect Network Traffic Worker 1 Function A Gateway Controller Function B Worker 2 Function C

  17. Why is FaaS insecure? Inspect Network Traffic Worker 1 Function A Gateway Controller Function B Worker 2 Function C Inspect Process Memory

  18. State-of-the-Art: Computing on Untrusted Systems Multiparty Computations Homomorphic Encryption Function Runtime ● High performance overhead Guest OS Low flexibility ● Hypervisor Related Work: Host OS ● nGraph-HE [IACR 2019/350] PySyft ●

  19. State-of-the-Art: Computing on Untrusted Systems Intel SGX Function Runtime ● Acceptable overhead ☺ Guest OS Arbitrary workloads ☺ ● Hypervisor Related Work: Host OS ● S-FaaS [CoRR abs/1810.06080]

  20. What is Intel SGX? User Application (Untrusted Memory) Operating System

  21. What is Intel SGX? ● Adds enclave abstraction User Application (Untrusted Memory) Enclave Operating System/Hypervisor

  22. What is Intel SGX? ● Adds enclave abstraction User Application (Untrusted Memory) Encrypted in RAM only ○ Enclave Encrypted in RAM Unencrypted in CPU cache Operating System/Hypervisor

  23. What is Intel SGX? ● Adds enclave abstraction User Application (Untrusted Memory) Encrypted in RAM only ○ Enclave ○ Not accessible from outside Read, Write Read, Write Operating System/Hypervisor

  24. What is Intel SGX? ● Adds enclave abstraction User Application (Untrusted Memory) Encrypted in RAM only ○ Enclave ○ Not accessible from outside ○ Developer-specified entry points Call Exit Call Enter Operating System/Hypervisor

  25. What are the limitations of Intel SGX? ● High overheads for: User Application (Untrusted Memory) Secure memory paging ○ Enclave ○ Enclave startup with large heap 94MB of HW-encrypted memory available Operating System/Hypervisor

  26. Why do Intel SGX limitations matter? Function startup time as an optimization target: ● SAND, SOCK [ATC’18]

  27. Why do Intel SGX limitations matter? Function startup time as an optimization target: ● SAND, SOCK [ATC’18] Problem for SGXv1 enclaves

  28. Why do Intel SGX limitations matter? Function startup time as an optimization target: ● SAND, SOCK [ATC’18] Problem for SGXv1 enclaves ● Can be solved with SGXv2 Additional optimizations are worth investigating.

  29. Problem Statement How to execute a wide range of user functions in FaaS in a trustworthy and efficient manner?

  30. Outline ● Motivation Design ● ● Evaluation ● Summary

  31. What is Clemmys? Function A TLS Gateway Controller Function B Function C Based on Apache OpenWhisk SGX Enclave Native Application

  32. What is Clemmys? 1. Trustworthy environment for function execution Key Mgmt Service Function A TLS Gateway Controller Function B Function C Based on Apache OpenWhisk SGX Enclave Native Application

  33. What is Clemmys? 1. Trustworthy environment for function execution Key Mgmt Service Function A TLS Plaintext Metadata + Plaintext Metadata + Gateway Controller Function B + Encrypted Data + Encrypted Data Function C Based on Apache OpenWhisk 2. Message format for secure function chaining SGX Enclave Native Application

  34. What is Clemmys? 1. Trustworthy environment for function execution Key Mgmt Service Function A TLS Plaintext Metadata + Plaintext Metadata + Gateway Controller Function B + Encrypted Data + Encrypted Data Function C Based on Apache OpenWhisk 2. Message format for secure function chaining 3. Function startup time optimizations (SGXv2) SGX Enclave Native Application

  35. What is Clemmys? 1. Trustworthy environment for function execution 4. Key management and deployment scheme Key Mgmt Service Function A TLS Plaintext Metadata + Plaintext Metadata + Gateway Controller Function B + Encrypted Data + Encrypted Data Function C Based on Apache OpenWhisk 2. Message format for secure function chaining 3. Function startup time optimizations (SGXv2) SGX Enclave Native Application

  36. What is Clemmys? 1. Trustworthy environment for function execution 4. Key management and deployment scheme Key Mgmt Service Function A TLS Plaintext Metadata + Plaintext Metadata + Gateway Controller Function B + Encrypted Data + Encrypted Data Function C Based on Apache OpenWhisk 2. Message format for secure function chaining 3. Function startup time optimizations (SGXv2) SGX Enclave Native Application

  37. What is Clemmys? 1. Trustworthy environment for function execution 4. Key management and deployment scheme Key Mgmt Service Function A TLS Plaintext Metadata + Plaintext Metadata + Gateway Controller Function B + Encrypted Data + Encrypted Data Function C Based on Apache OpenWhisk 2. Message format for secure function chaining 3. Function startup time optimizations (SGXv2) SGX Enclave Native Application

  38. Components of Clemmys ● Internal encryption Function chain verification ● ● Function startup optimizations ● Function deployment and key management

  39. How does Clemmys secure communication? EPC paging → slow! Function A TLS TLS TLS Gateway Controller Function B Function C SGX Enclave Native Application

  40. How does Clemmys secure communication? Function A TLS ??? ??? Gateway Controller Function B Function C SGX Enclave Native Application

  41. How does Clemmys secure communication? Idea: separate controller metadata (plaintext) from function arguments (encrypted) Function A TLS ??? ??? Gateway Controller Function B Function C SGX Enclave Native Application

  42. How does Clemmys secure communication? Idea: separate controller metadata (plaintext) from function arguments (encrypted) Function A TLS Plaintext Metadata + Gateway Controller Function B + Encrypted Data Function C Plaintext Metadata + + Encrypted Data SGX Enclave Native Application

  43. Components of Clemmys ● Internal encryption Function chain verification ● ● Function startup optimizations ● Function deployment and key management

  44. Why should function chain order be enforced? ● Naive encryption does not preserve function order. Scale TLS Plaintext Metadata + Gateway Controller Detect Features + Encrypted Data Report & Log SGX Enclave Native Application

  45. Why should function chain order be enforced? ● Naive encryption does not preserve function order. Scale TLS Plaintext Metadata + Gateway Controller Detect Features + Encrypted Data Report & Log Plaintext Metadata + + Encrypted Data SGX Enclave Native Application

  46. Why should function chain order be enforced? ● Naive encryption does not preserve function order. Message format should preclude these attack vector. ● Scale TLS Plaintext Metadata + Gateway Controller Detect Features + Encrypted Data Report & Log Plaintext Metadata + + Encrypted Data SGX Enclave Native Application

  47. Why should function chain order be enforced? ● Naive encryption does not preserve function order. Message format should preclude these attack vector. ● See paper for technical details Scale TLS Plaintext Metadata + Gateway Controller Detect Features + Encrypted Data Report & Log Plaintext Metadata + + Encrypted Data SGX Enclave Native Application

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tennessee Nursing Facility Case Mix Rate Setting Training May 21, 2018 Presented by: Daniel

Tennessee Nursing Facility Case Mix Rate Setting Training May 21, 2018 Presented by: Daniel

Tennessee Nursing Facility Case Mix Rate Setting Training May 21, 2018 Presented by: Daniel Brendel Kevin Londeen, CPA CONTACT INFORMATION Myers and Stauffer 700 W. 47 th Street, Suite 1100 Kansas City, MO 64112 PH: (800) 374-6858 Email:

1.17k views • 91 slides
From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model

From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model

From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model Checking for MDPnP Tao Li*, Qixin Wang*, Feng Tan*, Lei Bu, Jian-nong Cao*, Xue Liu, Yufei Wang*, Rong Zheng *The Hong Kong Polytechnic Univ. CPS Week

1.04k views • 66 slides
Perioperative Care in OSA Surgery Disclosures Apnicure Minor stock holder sleep apnea device

Perioperative Care in OSA Surgery Disclosures Apnicure Minor stock holder sleep apnea device

Perioperative Care in OSA Surgery Disclosures Apnicure Minor stock holder sleep apnea device Siesta Medical Minor stock holder sleep apnea device Patent Pending 61/624,105 Sinus diagnostics and therapeutics Andrew N. Goldberg, MD,

87 views • 8 slides
January 24, 2019 Thank You for the Generous Support of Our Event Sponsors 2 The Childrens

January 24, 2019 Thank You for the Generous Support of Our Event Sponsors 2 The Childrens

86th Session Briefing for Legislative Staff January 24, 2019 Thank You for the Generous Support of Our Event Sponsors 2 The Childrens Health Coverage Coalition was formed in 1998 (as the Texas CHIP Coalition) to work for the

1.07k views • 86 slides
SCONE: S ecure Linux Con tainer E nvironments with Intel SGX S. Arnautov, B. Trach, F. Gregor,

SCONE: S ecure Linux Con tainer E nvironments with Intel SGX S. Arnautov, B. Trach, F. Gregor,

SCONE: S ecure Linux Con tainer E nvironments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth , and A. Martin, Technische Universitt Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe, and M. Stillwell, Imperial College

820 views • 52 slides
SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii , Oleksii Oleksenko ,

SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii , Oleksii Oleksenko ,

SGXBounds Memory Safety for Shielded Execution Dmitrii Kuvaiskii , Oleksii Oleksenko , Sergei Arnautov , Bohdan Trach , Pramod Bhatotia * , Pascal Felber , Christof Fetzer TU Dresden, * The University of Edinburgh,

1.51k views • 87 slides
EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA

Institute of Operating Systems and Computer Networks EndBox: Scalable M iddlebox Functions Using Client-Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rsch, 1 Manuel Nieke, 1 Sbastien Vaucher, 2 Nico Weichbrodt, 1

630 views • 46 slides
E Actors: an actor-based programming framework for Intel SGX Dr.-Eng. V. A. Sartakov 01.02.2x20

E Actors: an actor-based programming framework for Intel SGX Dr.-Eng. V. A. Sartakov 01.02.2x20

E Actors: an actor-based programming framework for Intel SGX Dr.-Eng. V. A. Sartakov 01.02.2x20 Imperial College London Plan Why do we need another framework? The framework Fundamentals Messaging System Components Benchmark Examples

527 views • 38 slides
Canadian Society of Internal Medicine Annual Meeting 2018 Banff, AB MEDICAL ASSISTANCE IN DYING

Canadian Society of Internal Medicine Annual Meeting 2018 Banff, AB MEDICAL ASSISTANCE IN DYING

Canadian Society of Internal Medicine Annual Meeting 2018 Banff, AB MEDICAL ASSISTANCE IN DYING (MAID) Dr. Kim Wiebe WRHA & CAMAP CSIM Annual Meeting 2018 The following presentation represents the views of the speaker at the time of the

397 views • 28 slides
Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1 Fengwei Zhang 1 Weisong Shi 1 Larry Shi 2 1 Wayne State University 2 University of Houston November 21, 2019 1 Overview of The Talk Motivation

575 views • 24 slides
Hardening Application Security using Intel SGX Max Plauth, Frederik T eschke, Daniel Richter,

Hardening Application Security using Intel SGX Max Plauth, Frederik T eschke, Daniel Richter,

Hardening Application Security using Intel SGX Max Plauth, Frederik T eschke, Daniel Richter, and Andreas Polze Operating Systems & Middleware Group Hasso Plattner Institute at University of Potsdam, Germany Motivation data security:

423 views • 31 slides
Disclaimer Jim is employed by Diversey. His expenses to attend this meeting (travel,

Disclaimer Jim is employed by Diversey. His expenses to attend this meeting (travel,

2019-11-19 Bending The Rules Without Breaking the Principles Jim Gauthier, MLT, CIC Senior Clinical Advisor, Infection Prevention Disclaimer Jim is employed by Diversey. His expenses to attend this meeting (travel, accommodation, and

667 views • 31 slides
Ausgew ahlte Kapitel der Systemsoftware Skalierbare und energiebewusste Datenzentren Tobias

Ausgew ahlte Kapitel der Systemsoftware Skalierbare und energiebewusste Datenzentren Tobias

Ausgew ahlte Kapitel der Systemsoftware Skalierbare und energiebewusste Datenzentren Tobias Distler, Benedict Herzog, Michael Eischer Lehrstuhl f ur Informatik 4 Verteilte Systeme und Betriebssysteme Friedrich-Alexander-Universit at

155 views • 13 slides
29/07/2012 School of Biotechnology and Food Technology - Hanoi University of Science and

29/07/2012 School of Biotechnology and Food Technology - Hanoi University of Science and

29/07/2012 School of Biotechnology and Food Technology - Hanoi University of Science and Technology HANOI UNIVERSITY OF SCIENCE AND TECHNOLOGY School of Biotechnology and Food Technology - Hanoi University of Science and Technology

56 views • 5 slides
IB 1A5 (=E1R86), 1L1 (=E1R05) , IIB E2R40 , 2011 L6 URL

IB 1A5 (=E1R86), 1L1 (=E1R05) , IIB E2R40 , 2011 L6 URL

IB 1A5 (=E1R86), 1L1 (=E1R05) , IIB E2R40 , 2011 L6 URL : http://clsl.hi.h.kyoto-u.ac.jp/~kkuroda/lectures/11B-KU/KU-2011B-L06-slides.pdf ( ) substituting for

682 views • 44 slides
in the Pediatric Emergency Department Edward Ferenczy, MD Rady Childrens Hospital Department

in the Pediatric Emergency Department Edward Ferenczy, MD Rady Childrens Hospital Department

Endotracheal Tube Cuff Pressure in the Pediatric Emergency Department Edward Ferenczy, MD Rady Childrens Hospital Department of Critical Care Michael Stoner MD, Sandra Spencer MD, DJ Scherzer MD, Samantha Gee MD, Joseph Tobias MD

404 views • 17 slides
Non-Medical Transportation For HARP Enrollees January 2017 January 2017 General Transportation

Non-Medical Transportation For HARP Enrollees January 2017 January 2017 General Transportation

Non-Medical Transportation For HARP Enrollees January 2017 January 2017 General Transportation Provider Certification Information REMINDER: To provide this service you must be or become a certified Medicaid transportation provider If

308 views • 17 slides
Data Management for Transportation Performance Management Peer Exchange Washington State DOT

Data Management for Transportation Performance Management Peer Exchange Washington State DOT

Data Management for Transportation Performance Management Peer Exchange Washington State DOT Experience Roger Millar, P.E., AICP Keith Metcalf, P.E. Secretary Deputy Secretary Sreenath Gangula, P.E., PTOE Multimodal Mobility and Traffic

311 views • 27 slides
Landesnetz RLP Educational Network Rhineland Palatinate Rhineland-Palatinate Juergen Weiss

Landesnetz RLP Educational Network Rhineland Palatinate Rhineland-Palatinate Juergen Weiss

Landesnetz RLP Educational Network Rhineland Palatinate Rhineland-Palatinate Juergen Weiss Johannes Gutenberg-Universitaet Mainz weiss@uni-mainz.de April 8 2015 SIG-NOC Workshop Stuttgart 1 The Network The Network 4 universities

758 views • 7 slides
TRACTION: WEEK 6 HE IS A GOD TO THANK Thankfulness/Gratitude Psalm 100, Romans 8:28

TRACTION: WEEK 6 HE IS A GOD TO THANK Thankfulness/Gratitude Psalm 100, Romans 8:28

TRACTION: WEEK 6 HE IS A GOD TO THANK Thankfulness/Gratitude Psalm 100, Romans 8:28 INTRODUCTION AND LOGISTICS FOR THE REMAINING WEEKS Logistics/Ground Rules: Rhythm Each Week: Small Group, Large Group, Small Group, Push-Ups throughout the

142 views • 3 slides
otorcycle ider entor Program . A Low Tech, Targeted Approach to Reducing Motorcycle Accident

otorcycle ider entor Program . A Low Tech, Targeted Approach to Reducing Motorcycle Accident

otorcycle ider entor Program . A Low Tech, Targeted Approach to Reducing Motorcycle Accident Causal Factors USAF 49th Fighter Wing, Holloman AFB, NM Presented by Dick Garrett MRM PROGRAM GOAL Reduce motorcycle accidents by modifying the

411 views • 12 slides
Car Design Google Slides The Materials We Used Knex Motor Knex treads Knex

Car Design Google Slides The Materials We Used Knex Motor Knex treads Knex

Car Design Google Slides The Materials We Used Knex Motor Knex treads Knex pieces Cotton Balls Egg Bumpers The Bumpers are used to This is because of Newtons stop the car once it hits the third law of

208 views • 8 slides
JUST THE MATHS SLIDES NUMBER 9.1 MATRICES 1 (Definitions & elementary matrix algebra)

JUST THE MATHS SLIDES NUMBER 9.1 MATRICES 1 (Definitions & elementary matrix algebra)

JUST THE MATHS SLIDES NUMBER 9.1 MATRICES 1 (Definitions & elementary matrix algebra) by A.J.Hobson 9.1.1 Introduction 9.1.2 Definitions 9.1.3 The algebra of matrices (part one) UNIT 9.1 - MATRICES 1 - DEFINITIONS AND ELEMENTARY

568 views • 11 slides
HIGH POWER IGBT TRACTION DRIVES Marc DEBRUYNE Master Expert Traction Systems NIX Converter

HIGH POWER IGBT TRACTION DRIVES Marc DEBRUYNE Master Expert Traction Systems NIX Converter

November 2001 HIGH POWER IGBT TRACTION DRIVES Marc DEBRUYNE Master Expert Traction Systems NIX Converter range 4000 ONIX 3000 Converter Voltage (V) 2000 ONIX 1500 1000 ONIX 800 500 Onix 350 100 200 500 1000 1500 Converter Power

399 views • 21 slides

More recommend