Reusable Enclaves for Confidential Serverless Computing

Zhao, Shixuan1; Xu, Pinshen2; Chen, Guoxing3; Zhang, Mengya1; Zhang, Yinqian2; Lin, Zhiqiang1

2023

32nd USENIX Security Symposium

PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM

AUG 09-11, 2023

null,Anaheim,CA

SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA

USENIX ASSOC

The recent development of Trusted Execution Environment has brought unprecedented opportunities for confidential computing within cloud-based systems. Among various popular cloud business models, serverless computing has gained dominance since its emergence, leading to a high demand for confidential serverless computing services based on trusted enclaves. However, the issue of cold start overhead significantly hinders its performance, as new enclaves need to be created to ensure a clean and verifiable execution environment. In this paper, we propose a novel approach for constructing reusable enclaves that enable rapid enclave reset and robust security with three key enabling techniques: enclave snapshot and rewinding, nested attestation, and multi-layer intra-enclave compartmentalisation. We have built a prototype system for confidential serverless computing, integrating OpenWhisk and a WebAssembly runtime, which significantly reduces the cold start overhead in an end-to-end serverless setting while imposing a reasonable performance impact on standard execution.

其他

英语

EI ; CPCI-S

NSF["2112471","2207202"] ; NSFC[62102254] ; Shanghai Pujiang Program[21PJ1404900]

Computer Science

Computer Science, Information Systems ; Computer Science, Interdisciplinary Applications ; Computer Science, Theory & Methods

WOS:001066451504011

Web of Science

1.The Ohio State University, United States
2.Southern University of Science and Technology, China
3.Shanghai Jiaotong University, China

Zhao, Shixuan,Xu, Pinshen,Chen, Guoxing,et al. Reusable Enclaves for Confidential Serverless Computing[C]. SUITE 215, 2560 NINTH ST, BERKELEY, CA 94710 USA:USENIX ASSOC,2023.