trust more serverless
play

Trust More, Serverless SysTor2019 Stefan Brenner, June 3rd, 2019 - PowerPoint PPT Presentation

May 28, 2023 •389 likes •691 views

Institute of Operating Systems and Computer Networks Trust More, Serverless SysTor2019 Stefan Brenner, June 3rd, 2019 Technische Universitt Braunschweig, Institute of Operating Systems and Computer Networks Introduction Background

  1. Institute of Operating Systems and Computer Networks Trust More, Serverless SysTor’2019 Stefan Brenner, June 3rd, 2019 Technische Universität Braunschweig, Institute of Operating Systems and Computer Networks

  2. Introduction Background Design & Implementation Evaluation Conclusion Cloud Popularity Impacted by Security Issues Increasing popularity of clouds Cloud security challenges → Hinder cloud adoption Vision: Trusted cloud Enables currently impossible use cases Usage of trusted execution technology June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 2 Institute of Operating Systems and Computer Networks

  3. Introduction Background Design & Implementation Evaluation Conclusion Usage of Trusted Execution Technology Creation of a Trusted Execution Environment (TEE) Goal: Small sensitive compartments inside TEE Holistic approach (legacy applications) Large Trusted Computing Base (TCB) Application partitioning (tailored) High porting effort June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 3 Institute of Operating Systems and Computer Networks

  4. Introduction Background Design & Implementation Evaluation Conclusion Software Design: Monolithic � = Modern Modern modular architectures e.g. micro services, functions Small independent components Clearly defined interfaces Selective scalability Simpler and independent development June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 4 Institute of Operating Systems and Computer Networks

  5. Introduction Background Design & Implementation Evaluation Conclusion Software Design: Monolithic � = Modern Modern modular architectures e.g. micro services, functions Small independent components Trusted FaaS Clearly defined interfaces Trusted serverless or Function-as-a-Service (FaaS) cloud! Selective scalability Simpler and independent development June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 4 Institute of Operating Systems and Computer Networks

  6. Introduction Background Design & Implementation Evaluation Conclusion Trust More, Serverless Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 5 Institute of Operating Systems and Computer Networks

  7. Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing Trust More, Serverless Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 6 Institute of Operating Systems and Computer Networks

  8. Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing Intel Software Guard Extensions Intel Software Guard Extensions (SGX) Application Enclave CPU instruction set extension for trusted execution Execute Create Enclave “Secure enclaves” inside user processes Transparent memory encryption (with integrity) Execute Remote Attestation via Intel Attestation Service Priviledged System Code Hardware June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 7 Institute of Operating Systems and Computer Networks

  9. Introduction Background Design & Implementation Evaluation Conclusion Intel SGX Serverless Computing Serverless and FaaS Evolution of cloud computing 1. Infrastructure-as-a-Service (IaaS) 2. Platform-as-a-Service (PaaS) 3. Function-as-a-Service (FaaS) – Single standalone functions → Lambdas – Fine-grained accounting, no idle cost – Most maintenance done by provider June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 8 Institute of Operating Systems and Computer Networks

  10. Introduction Background Design & Implementation Evaluation Conclusion Trust More, Serverless Background Intel SGX Serverless Computing Design & Implementation Evaluation Conclusion June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 9 Institute of Operating Systems and Computer Networks

  11. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Platform Vision Basic Properties Lambda inside enclave Parallel (competing) Lambda execution Resource efficiency Transparent Lambda attestation Challenges : Selection of suitable programming language and Lambda library support Design of a secure and efficient Lambda execution platform Transparent remote attestation of Lambdas June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 10 Institute of Operating Systems and Computer Networks

  12. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Single Enclave Native Sandbox June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  13. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  14. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox Interpreted CPython Sub Interpr. June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  15. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox CPython: large TCB Interpreted CPython Sub Interpr. June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  16. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox CPython: large TCB Interpreted → JavaScript CPython Sub Interpr. JavaScript MuJS Context Duktape Context Google V8 V8 Isolate June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  17. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox CPython: large TCB Interpreted → JavaScript CPython Sub Interpr. MuJS: language support JavaScript MuJS Context Duktape Context Google V8 V8 Isolate June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  18. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox CPython: large TCB Interpreted → JavaScript CPython Sub Interpr. MuJS: language support JavaScript Duktape: lean TCB MuJS Context Duktape Context Google V8 V8 Isolate June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  19. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox CPython: large TCB Interpreted → JavaScript CPython Sub Interpr. MuJS: language support JavaScript Duktape: lean TCB MuJS Context Google V8: high performance Duktape Context Google V8 V8 Isolate June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

  20. Introduction Background Design & Implementation Evaluation Conclusion Secure Serverless Computing Programming Language & Runtime TCB Isolation Sharing Native Multiple Enclaves Process Native: sandbox? Single Enclave Native Sandbox Selected Variants: CPython: large TCB Interpreted Pure JavaScript Lambdas on Duktape and Google V8. → JavaScript CPython Sub Interpr. MuJS: language support JavaScript Duktape: lean TCB MuJS Context Google V8: high performance Duktape Context Google V8 V8 Isolate June 3rd, 2019 Stefan Brenner Trust More, Serverless Page 11 Institute of Operating Systems and Computer Networks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Serverless On Your Own Terms Using Knative Context Serverless more than Function Serverless

Serverless On Your Own Terms Using Knative Context Serverless more than Function Serverless

Serverless at Google @mchmarny Serverless On Your Own Terms Using Knative Context Serverless more than Function Serverless Models Operator No Infra Management Managed Security Pay only for usage Developer Service-based Event-driven Open

1.06k views • 51 slides
How Serverless Changes the IT Department Paul Johnston Opinionated Serverless Person

How Serverless Changes the IT Department Paul Johnston Opinionated Serverless Person

How Serverless Changes the IT Department Paul Johnston Opinionated Serverless Person Serverless all the things Medium/Twitter: @PaulDJohnston Velocify Conf London 2018 Paul Johnston Experienced Interim CTO and Serverless Consultant

1.11k views • 63 slides
Serverless Gardens IoT + Serverless johncmckim.me twitter.com/@johncmckim

Serverless Gardens IoT + Serverless johncmckim.me twitter.com/@johncmckim

Serverless Gardens IoT + Serverless johncmckim.me twitter.com/@johncmckim medium.com/@johncmckim John McKim Software Engineer at A Cloud Guru Contribute to Serverless Framework @johncmckim https://acloud.guru Serverless Framework

814 views • 50 slides
Databases Gone Serverless Alkin Tezuysal (@ask_dba) Sr. Technical Manager, Percona Who am I?

Databases Gone Serverless Alkin Tezuysal (@ask_dba) Sr. Technical Manager, Percona Who am I?

Databases Gone Serverless Alkin Tezuysal (@ask_dba) Sr. Technical Manager, Percona Who am I? @ask_dba 2 Agenda Serverless Architectures Serverless Solutions in Database World Wheres Serverless technology going? 3 What does

796 views • 20 slides
Kotlin Serverless Framework Vladislav Tankov What is serverless? cloud-computing execution model

Kotlin Serverless Framework Vladislav Tankov What is serverless? cloud-computing execution model

Kotlin Serverless Framework Vladislav Tankov What is serverless? cloud-computing execution model , in which the cloud provider runs the server and dynamically manages the allocation of machine resources Wikipedia How are serverless

995 views • 46 slides
Serverless in the Wild: Characterizing and Optimizing the Serverless Workload at a Large Cloud

Serverless in the Wild: Characterizing and Optimizing the Serverless Workload at a Large Cloud

Serverless in the Wild: Characterizing and Optimizing the Serverless Workload at a Large Cloud Provider Mohammad Shahrad , Rodrigo Fonseca , igo Goiri, Gohar Chaudhry, Paul Batum, Jason Cooke, Eduardo Laureano, Colby Tresness, Mark

2.05k views • 39 slides
FaaS You Like It! @ewanslater Serverless CNCF Definition Serverless computing refers to

FaaS You Like It! @ewanslater Serverless CNCF Definition Serverless computing refers to

FaaS You Like It! @ewanslater Serverless CNCF Definition Serverless computing refers to the concept of building and running applications that do not require server management . It describes a finer-grained deployment model where

613 views • 45 slides
Lunch and Learn John McKim @johncmckim Software Engineer A Cloud Guru Serverless Framework

Lunch and Learn John McKim @johncmckim Software Engineer A Cloud Guru Serverless Framework

Lunch and Learn John McKim @johncmckim Software Engineer A Cloud Guru Serverless Framework Contributor Serverless Framework https://serverless.com What is Serverless? Functions as a Service Properties of FaaS Services Function as unit of

570 views • 12 slides
The Hitchhikers Guide to Serverless JavaScript Steve Faulkner @southpolesteve

The Hitchhikers Guide to Serverless JavaScript Steve Faulkner @southpolesteve

The Hitchhikers Guide to Serverless JavaScript Steve Faulkner @southpolesteve Director of Engineering Serverless Serverless there are still servers servers platforms! * as a Service Database-aaS Caching-aaS

1.12k views • 87 slides
Catalyst Ubers Serverless Platform Shawn Burke - Staff Engineer Uber Seattle Why Serverless?

Catalyst Ubers Serverless Platform Shawn Burke - Staff Engineer Uber Seattle Why Serverless?

Catalyst Ubers Serverless Platform Shawn Burke - Staff Engineer Uber Seattle Why Serverless? Complexity! Microservices, Languages, Client Libs, Tools Product teams have basic infrastructure needs Stable, consistent app

372 views • 15 slides
Stateful Serverless Sean Walsh @SeanWalshEsq We predict that Serverless Computing will grow

Stateful Serverless Sean Walsh @SeanWalshEsq We predict that Serverless Computing will grow

Towards Stateful Serverless Sean Walsh @SeanWalshEsq We predict that Serverless Computing will grow to dominate the future of Cloud Computing. - Berkeley CS Department Cloud computing simplified: a Berkeley view on serverless computing

748 views • 40 slides
F AASM : Lightweight Isolation for Efficient Stateful Serverless Computing Simon Shillaker and

F AASM : Lightweight Isolation for Efficient Stateful Serverless Computing Simon Shillaker and

F AASM : Lightweight Isolation for Efficient Stateful Serverless Computing Simon Shillaker and Peter Pietzuch Large-scale Data and Systems Group, Imperial College London Serverless Big Data Vision Serverless functions Application Big data

431 views • 30 slides
Serverless Boom or Bust? An Analysis of Economic Incentives Xiayue Charles Lin, Joseph E.

Serverless Boom or Bust? An Analysis of Economic Incentives Xiayue Charles Lin, Joseph E.

Serverless Boom or Bust? An Analysis of Economic Incentives Xiayue Charles Lin, Joseph E. Gonzalez, Joseph M. Hellerstein UC Berkeley HotCloud 2020 Monday, July 13 An Economic Model for Serverless Serverless: pay for consumption instead of

160 views • 14 slides
cloudstate.io serverless 2.0 with cloudstate Sean Walsh | Field CTO and Cloud Evangelist @

cloudstate.io serverless 2.0 with cloudstate Sean Walsh | Field CTO and Cloud Evangelist @

cloudstate.io serverless 2.0 with cloudstate Sean Walsh | Field CTO and Cloud Evangelist @ Lightbend We predict that serverless computing will grow to dominate the future of cloud computing. Berkely CS Department why serverless 2.0?

701 views • 38 slides
Serverless Microservices Are The New Black Lorna Mitchell, IBM Serverless FaaS: Functions as a

Serverless Microservices Are The New Black Lorna Mitchell, IBM Serverless FaaS: Functions as a

Serverless Microservices Are The New Black Lorna Mitchell, IBM Serverless FaaS: Functions as a Service write a function (many languages supported) deploy it to the cloud (Lambda, Cloud Functions, etc) only pay while the function is

519 views • 28 slides
ANATOMY OF A SERVERLESS GITHUB BOT How we built a serverless GitHub bot using Azure for the

ANATOMY OF A SERVERLESS GITHUB BOT How we built a serverless GitHub bot using Azure for the

ANATOMY OF A SERVERLESS GITHUB BOT How we built a serverless GitHub bot using Azure for the Microsoft hackathon. https://github.com/Chris- Johnston/PublishScheduler 1 $ WHOAMI Im Chris Johnston. Im a Software Engineer at Microsoft,

655 views • 28 slides
Three Approaches to Assessment in the Quantitative Reasoning Classroom Dr. Maura Mast

Three Approaches to Assessment in the Quantitative Reasoning Classroom Dr. Maura Mast

Three Approaches to Assessment in the Quantitative Reasoning Classroom Dr. Maura Mast University of Massachusetts Boston Joint Mathematics Meetings, Baltimore 15 January 2014 Quantitative Reasoning at UMass Boston | May 1, 2012 The

277 views • 17 slides
OctopusDB Towards a one-size-fits-all Architecture for Database Systems Alekh Jindal Supervisor:

OctopusDB Towards a one-size-fits-all Architecture for Database Systems Alekh Jindal Supervisor:

Information Systems Group OctopusDB Towards a one-size-fits-all Architecture for Database Systems Alekh Jindal Supervisor: Prof. Dr. Jens Dittrich May 31, 2010 Database Landscape Information Systems Group OLAP Streaming Archival System

1.24k views • 39 slides
IFIP FIDIS S ummer S chool 2007: Enterprise Identity Management What s

IFIP FIDIS S ummer S chool 2007: Enterprise Identity Management What s

IFIP FIDIS S ummer S chool 2007: Enterprise Identity Management What s in it for Organisations? Denis Royer Johann Wolfgang Goethe University Frankfurt Chair for Mobile Business and Multilateral S ecurity ... ...

718 views • 22 slides
Piecewise Holistic Autotuning of Compiler and Runtime Parameters Mihail Popov, Chadi Akel,

Piecewise Holistic Autotuning of Compiler and Runtime Parameters Mihail Popov, Chadi Akel,

Piecewise Holistic Autotuning of Compiler and Runtime Parameters Mihail Popov, Chadi Akel, William Jalby, Pablo de Oliveira Castro University of Versailles Exascale Computing Research August 2016 C E R E Context Architecture, system,

388 views • 24 slides
Matching Tree Patterns on Partial-trees Optimizing Tree-Pattern Matching Shachar Harussi

Matching Tree Patterns on Partial-trees Optimizing Tree-Pattern Matching Shachar Harussi

Outline Motivation: Graph querying Background: tree patterns Partial trees - holistic divide and concur Matching Tree Patterns on Partial-trees Optimizing Tree-Pattern Matching Shachar Harussi Supervision of Prof. Amir Averbuch September 1,

1.07k views • 78 slides
P. Coleman (CMT, Rutgers) Hvar, Oct 3 rd 2005. Supported by the National Science Foundation

P. Coleman (CMT, Rutgers) Hvar, Oct 3 rd 2005. Supported by the National Science Foundation

Large N approach for the Kondo Lattice P. Coleman (CMT, Rutgers) Hvar, Oct 3 rd 2005. Supported by the National Science Foundation Jerome Rech CMT Rutgers/CEA Saclay Indranil Paul Argonne National Laboratory Olivier Parcollet CEA Saclay

471 views • 33 slides
Photodoped charge transfer insulators Denis Gole CCQ, Flatiron Institute Taming

Photodoped charge transfer insulators Denis Gole CCQ, Flatiron Institute Taming

Photodoped charge transfer insulators Denis Gole CCQ, Flatiron Institute Taming Non-Equilibrium Systems: from Quantum Fluctuation to Decoherence, July 2019 1/ 59 Mott insulators Failure of band theory Strong electron-electron

922 views • 59 slides
Causality in nonlocal gravity Stefano Giaccari Holon Institute of Technology, Holon 10th

Causality in nonlocal gravity Stefano Giaccari Holon Institute of Technology, Holon 10th

Causality in nonlocal gravity Stefano Giaccari Holon Institute of Technology, Holon 10th Mathematical Phyisics Meeting Belgrade, 9-14 September, 2019 based on work in collaboration with Pietro Don` a, Leonardo Modesto, Les law Rachwa

402 views • 18 slides

More recommend