TY - GEN
T1 - CLEMMYS
T2 - 12th ACM International Systems and Storage Conference, SYSTOR 2019
AU - Trach, Bohdan
AU - Oleksenko, Oleksii
AU - Gregor, Franz
AU - Bhatotia, Pramod
AU - Fetzer, Christof
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/5/22
Y1 - 2019/5/22
N2 - We introduce Clemmys, a security-first serverless platform that ensures confidentiality and integrity of users’ functions and data as they are processed on untrusted cloud premises, while keeping the cost of protection low. We provide a design for hardening FaaS platforms with Intel SGX—a hardware-based shielded execution technology. We explain the protocol that our system uses to ensure confidentiality and integrity of data, and integrity of function chains. To overcome performance and latency issues that are inherent in SGX applications, we apply several SGX-specific optimizations to the runtime system: we use SGXv2 to speed up the enclave startup and perform batch EPC augmentation. To evaluate our approach, we implement our design over Apache OpenWhisk, a popular serverless platform. Lastly, we show that Clemmys achieved same throughput and similar latency as native Apache OpenWhisk, while allowing it to withstand several new attack vectors.
AB - We introduce Clemmys, a security-first serverless platform that ensures confidentiality and integrity of users’ functions and data as they are processed on untrusted cloud premises, while keeping the cost of protection low. We provide a design for hardening FaaS platforms with Intel SGX—a hardware-based shielded execution technology. We explain the protocol that our system uses to ensure confidentiality and integrity of data, and integrity of function chains. To overcome performance and latency issues that are inherent in SGX applications, we apply several SGX-specific optimizations to the runtime system: we use SGXv2 to speed up the enclave startup and perform batch EPC augmentation. To evaluate our approach, we implement our design over Apache OpenWhisk, a popular serverless platform. Lastly, we show that Clemmys achieved same throughput and similar latency as native Apache OpenWhisk, while allowing it to withstand several new attack vectors.
UR - http://www.scopus.com/inward/record.url?scp=85067111785&partnerID=8YFLogxK
U2 - 10.1145/3319647.3325835
DO - 10.1145/3319647.3325835
M3 - Conference contribution
AN - SCOPUS:85067111785
T3 - SYSTOR 2019 - Proceedings of the 12th ACM International Systems and Storage Conference
SP - 44
EP - 54
BT - SYSTOR 2019 - Proceedings of the 12th ACM International Systems and Storage Conference
PB - Association for Computing Machinery, Inc
Y2 - 3 June 2019 through 5 June 2019
ER -