Trust More, Serverless SysTor2019 Stefan Brenner, June 3rd, 2019 - - PowerPoint PPT Presentation

trust more serverless
SMART_READER_LITE
LIVE PREVIEW

Trust More, Serverless SysTor2019 Stefan Brenner, June 3rd, 2019 - - PowerPoint PPT Presentation

May 28, 2023 389 likes •708 views

Institute of Operating Systems and Computer Networks Trust More, Serverless SysTor2019 Stefan Brenner, June 3rd, 2019 Technische Universitt Braunschweig, Institute of Operating Systems and Computer Networks Introduction Background

slide-1
SLIDE 1

Trust More, Serverless

SysTor’2019

Stefan Brenner, June 3rd, 2019

Technische Universität Braunschweig, Institute of Operating Systems and Computer Networks

Institute of Operating Systems and Computer Networks

slide-2
SLIDE 2

Introduction Background Design & Implementation Evaluation Conclusion

Cloud Popularity Impacted by Security Issues

Increasing popularity of clouds Cloud security challenges

→ Hinder cloud adoption

Vision: Trusted cloud

Enables currently impossible use cases Usage of trusted execution technology

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 2

Institute of Operating Systems and Computer Networks

slide-3
SLIDE 3

Introduction Background Design & Implementation Evaluation Conclusion

Usage of Trusted Execution Technology

Creation of a Trusted Execution Environment (TEE)

Goal: Small sensitive compartments inside TEE

Holistic approach (legacy applications)

Large Trusted Computing Base (TCB)

Application partitioning (tailored)

High porting effort

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 3

Institute of Operating Systems and Computer Networks

slide-4
SLIDE 4

Introduction Background Design & Implementation Evaluation Conclusion

Software Design: Monolithic = Modern

Modern modular architectures

e.g. micro services, functions Small independent components Clearly defined interfaces Selective scalability Simpler and independent development

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 4

Institute of Operating Systems and Computer Networks

slide-5
SLIDE 5

Introduction Background Design & Implementation Evaluation Conclusion

Software Design: Monolithic = Modern

Modern modular architectures

e.g. micro services, functions Small independent components Clearly defined interfaces Selective scalability Simpler and independent development

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 4

Institute of Operating Systems and Computer Networks

Trusted FaaS

Trusted serverless or Function-as-a-Service (FaaS) cloud!

slide-6
SLIDE 6

Introduction Background Design & Implementation Evaluation Conclusion

Trust More, Serverless

Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 5

Institute of Operating Systems and Computer Networks

slide-7
SLIDE 7

Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing

Trust More, Serverless

Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 6

Institute of Operating Systems and Computer Networks

slide-8
SLIDE 8

Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing

Intel Software Guard Extensions

Intel Software Guard Extensions (SGX)

CPU instruction set extension for trusted execution “Secure enclaves” inside user processes Transparent memory encryption (with integrity) Remote Attestation via Intel Attestation Service

Application Enclave Priviledged System Code Hardware Create Enclave Execute Execute

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 7

Institute of Operating Systems and Computer Networks

slide-9
SLIDE 9

Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing

Serverless and FaaS

Evolution of cloud computing

  • 1. Infrastructure-as-a-Service (IaaS)
  • 2. Platform-as-a-Service (PaaS)
  • 3. Function-as-a-Service (FaaS)

– Single standalone functions → Lambdas – Fine-grained accounting, no idle cost – Most maintenance done by provider

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 8

Institute of Operating Systems and Computer Networks

slide-10
SLIDE 10

Introduction Background Design & Implementation Evaluation Conclusion

Trust More, Serverless

Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 9

Institute of Operating Systems and Computer Networks

slide-11
SLIDE 11

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Platform Vision

Basic Properties

Lambda inside enclave Parallel (competing) Lambda execution Resource efficiency Transparent Lambda attestation

Challenges:

Selection of suitable programming language and Lambda library support Design of a secure and efficient Lambda execution platform Transparent remote attestation of Lambdas

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 10

Institute of Operating Systems and Computer Networks

slide-12
SLIDE 12

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-13
SLIDE 13

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox?

TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-14
SLIDE 14

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox?

TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr.

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-15
SLIDE 15

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB

TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr.

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-16
SLIDE 16

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB → JavaScript

TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-17
SLIDE 17

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB → JavaScript

MuJS: language support TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-18
SLIDE 18

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB → JavaScript

MuJS: language support Duktape: lean TCB TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-19
SLIDE 19

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB → JavaScript

MuJS: language support Duktape: lean TCB Google V8: high performance TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

slide-20
SLIDE 20

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Programming Language & Runtime

Native: sandbox? CPython: large TCB → JavaScript

MuJS: language support Duktape: lean TCB Google V8: high performance TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox Interpreted CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11

Institute of Operating Systems and Computer Networks

Selected Variants:

Pure JavaScript Lambdas on Duktape and Google V8.

slide-21
SLIDE 21

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Architecture

JavaScript Runtime in enclave

Lightweight JavaScript interpreter: Duktape Additional: Fast but large Google V8 Lambdas executed in interpreter sandbox

Secure Lambdas:

Signed Lambda bundles Load and verify on demand

Enclave Runtime (JavaScript Interpreter) Sandbox λ1.js.bdl.sig Sandbox λ2.js.bdl.sig Connection Management λ Store λ1.js library3.js library2.js library1.js λ1.js.bdl λ1.js.bdl.sig Webpack Sign Load & Verify Request Request June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 12

Institute of Operating Systems and Computer Networks

slide-22
SLIDE 22

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Trust Model

How to establish trust into Lambdas?

  • 1. Signed Lambda is loaded
  • 2. Attester verifies enclave
  • 3. Attester verifies Lambda based on its signature
  • 4. Attester uploads TLS key

⇒ Implicit attestation on every request

Cloud Provider .git Enclave TLS Key λ1 λ2 Platform Provider .git λ-Provider 1 .git λ-Provider 2 .git User 1 User 2

Verify Build & launch R e q u e s t Request

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 13

Institute of Operating Systems and Computer Networks

slide-23
SLIDE 23

Introduction Background Design & Implementation Evaluation Conclusion

Trust More, Serverless

Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 14

Institute of Operating Systems and Computer Networks

slide-24
SLIDE 24

Introduction Background Design & Implementation Evaluation Conclusion

Evaluation Methodology and Trusted Computing Base

Methodology

Clients issue TLS-encrypted requests to trusted Lambda platform TCB, throughput and enclave memory footprint measurement

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 15

Institute of Operating Systems and Computer Networks

slide-25
SLIDE 25

Introduction Background Design & Implementation Evaluation Conclusion

Evaluation Methodology and Trusted Computing Base

Methodology

Clients issue TLS-encrypted requests to trusted Lambda platform TCB, throughput and enclave memory footprint measurement

Trusted Computing Base

Google V8 TCB 7× larger than Duktape Duktape V8 Interpreter 185,392 1,308,702 Environment 214,156 17,193,624 Platform 1,529 1,002 Sum 401,077 18,503,328

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 15

Institute of Operating Systems and Computer Networks

slide-26
SLIDE 26

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Performance

Low overhead of secure Duktape (echo) Secure Google V8 almost 16× faster than secure Duktape Secure Google V8 ≈50% of baseline Secure Duktape only ≈ 3%

1 10 100 1000 10000 100000 echo fibonacci jpeg base64 3dcube Requests/s Scriptname Baseline Duktape GoogleV8 556% 67% 6.5% 5.2% 7.1% (base64 and 3dcube are part of the JetStream JavaScript benchmark suite)

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 16

Institute of Operating Systems and Computer Networks

slide-27
SLIDE 27

Introduction Background Design & Implementation Evaluation Conclusion

Secure Serverless Computing Memory Footprint

No excessive SGX paging due to lean memory footprint Secure Duktape ≈ 38% lower memory footprint than secure Google V8

20 40 60 80 100 120 140 160 180 1 2 3 4 5 6 7 8 9 10 Working Set Memory (MB) Fixed Number of Contexts echo fibonacci jpeg base64 3dcube

Secure Google V8 memory footprint

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 17

Institute of Operating Systems and Computer Networks

slide-28
SLIDE 28

Introduction Background Design & Implementation Evaluation Conclusion

Trust More, Serverless

Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 18

Institute of Operating Systems and Computer Networks

slide-29
SLIDE 29

Introduction Background Design & Implementation Evaluation Conclusion

Conclusion

Secure Lambda execution platform based on Intel SGX Execution of pure JavaScript Lambda inside SGX enclave Secure Duktape is much slower than secure Google V8 …but requires significantly less memory …and comprises a much smaller TCB ⇒ A price tag for transparent security in the FaaS cloud! ⇒ This project was funded by Intel in the TFaaS project!

June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 19

Institute of Operating Systems and Computer Networks