clemmys - systor › 2019 › slides › s3p2 clemmys towards secu… · clemmys towards secure...
TRANSCRIPT
![Page 1: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/1.jpg)
ClemmysTowards Secure Remote Execution in FaaS
Bohdan Trach, Oleksii Oleksenko, Franz Gregor,Pramod Bhatotia, Christof Fetzer
ACM SYSTOR 2019
![Page 2: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/2.jpg)
Guest OS
FaaS Paradigm of Cloud Computing
Function Runtime
Host OS
Hypervisor
Function
![Page 3: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/3.jpg)
FaaS Paradigm of Cloud Computing
● Less boilerplate work ☺● Easy autoscaling ☺
Guest OS
Function Runtime
Host OS
Hypervisor
![Page 4: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/4.jpg)
Worker 1
Worker 2
How does FaaS work?
Function A
Function B
Function C
ControllerGateway
![Page 5: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/5.jpg)
Worker 1
Worker 2
How does FaaS work?
Function A
Function B
Function C
Controller
Gateway
![Page 6: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/6.jpg)
Worker 1
Worker 2
How does FaaS work?
Function A
Function B
Function C
ControllerGateway
![Page 7: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/7.jpg)
Worker 1
Worker 2
How does FaaS work?
Function A
Function BControllerGateway
itQX/e8=
Function C
![Page 8: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/8.jpg)
Worker 1
Worker 2
How does FaaS work?
Function A
Function BControllerGateway
Secret
Function C
![Page 9: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/9.jpg)
Worker 2
Worker 1
How does FaaS work?
Function A
Function BControllerGateway
A(Secret)
Function C
Support for function chaining is an important requirement for serverless computing
![Page 10: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/10.jpg)
Worker 2
Worker 1
How does FaaS work?
Function A
Function BControllerGateway B(A(Secret))
Function C
Support for function chaining is an important requirement for serverless computing
![Page 11: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/11.jpg)
Worker 2
Worker 1
How does FaaS work?
Function A
Function BControllerGateway
C(B(A(Secret))) Function C
Support for function chaining is an important requirement for serverless computing
![Page 12: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/12.jpg)
Worker 2
Worker 1
How does FaaS work?
Function A
Function BControllerGateway
C(B(A(Secret)))
Function C
![Page 13: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/13.jpg)
Worker 2
Worker 1
How does FaaS work?
Function A
Function BControllerGateway
IysMdOmldNYL
Function C
![Page 14: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/14.jpg)
Worker 2
Worker 1
Is Faas secure?
Function A
Function BControllerGateway
Function C
● Less boilerplate work ☺● Easy autoscaling ☺
![Page 15: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/15.jpg)
Worker 2
Worker 1
Is Faas secure?
Function A
Function BControllerGateway
Function C
● Less boilerplate work ☺● Easy autoscaling ☺● Low-trust environment
![Page 16: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/16.jpg)
Worker 2
Worker 1
Why is FaaS insecure?
Function A
Function BControllerGateway
Function C
Inspect Network Traffic
![Page 17: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/17.jpg)
Worker 2
Worker 1
Why is FaaS insecure?
Function A
Function BControllerGateway
Function C
Inspect Network Traffic
Inspect Process Memory
![Page 18: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/18.jpg)
State-of-the-Art: Computing on Untrusted Systems
● High performance overhead ● Low flexibility
Related Work:● nGraph-HE [IACR 2019/350]● PySyft
Guest OS
Function Runtime
Host OS
Hypervisor
Multiparty ComputationsHomomorphic Encryption
![Page 19: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/19.jpg)
State-of-the-Art: Computing on Untrusted Systems
● Acceptable overhead ☺● Arbitrary workloads ☺
Related Work:● S-FaaS [CoRR abs/1810.06080]
Guest OS
Function Runtime
Host OS
Hypervisor
Intel SGX
![Page 20: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/20.jpg)
What is Intel SGX?
User Application (Untrusted Memory)
Operating System
![Page 21: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/21.jpg)
What is Intel SGX?
● Adds enclave abstraction User Application (Untrusted Memory)
Enclave
Operating System/Hypervisor
![Page 22: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/22.jpg)
What is Intel SGX?
● Adds enclave abstraction○ Encrypted in RAM only
User Application (Untrusted Memory)
Enclave
Operating System/Hypervisor
Encrypted in RAMUnencrypted in CPU cache
![Page 23: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/23.jpg)
What is Intel SGX?
● Adds enclave abstraction○ Encrypted in RAM only○ Not accessible from outside
User Application (Untrusted Memory)
Enclave
Operating System/Hypervisor
Read,Write
Read,Write
![Page 24: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/24.jpg)
What is Intel SGX?
● Adds enclave abstraction○ Encrypted in RAM only○ Not accessible from outside○ Developer-specified entry points
User Application (Untrusted Memory)
Enclave
Operating System/Hypervisor
Call
Enter
Exit
Call
![Page 25: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/25.jpg)
What are the limitations of Intel SGX?
● High overheads for:○ Secure memory paging○ Enclave startup with large heap
User Application (Untrusted Memory)
Enclave
Operating System/Hypervisor
94MB of HW-encrypted memory available
![Page 26: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/26.jpg)
Why do Intel SGX limitations matter?
Function startup time as an optimization target:
● SAND, SOCK [ATC’18]
![Page 27: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/27.jpg)
Why do Intel SGX limitations matter?
Function startup time as an optimization target:
● SAND, SOCK [ATC’18]
Problem for SGXv1 enclaves
![Page 28: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/28.jpg)
Why do Intel SGX limitations matter?
Function startup time as an optimization target:
● SAND, SOCK [ATC’18]
Problem for SGXv1 enclaves
● Can be solved with SGXv2
Additional optimizations are worth investigating.
![Page 29: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/29.jpg)
Problem Statement
How to execute a wide range of user functions in FaaS in a trustworthy and efficient manner?
![Page 30: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/30.jpg)
Outline
● Motivation● Design● Evaluation● Summary
![Page 31: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/31.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS
Based on Apache OpenWhisk
![Page 32: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/32.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS
Key Mgmt Service
Based on Apache OpenWhisk
1. Trustworthy environment for function execution
![Page 33: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/33.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata +
+ Encrypted Data
Key Mgmt Service
Based on Apache OpenWhisk2. Message format for secure function chaining
1. Trustworthy environment for function execution
![Page 34: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/34.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata +
+ Encrypted Data
Key Mgmt Service
Based on Apache OpenWhisk2. Message format for secure function chaining
1. Trustworthy environment for function execution
3. Function startup time optimizations (SGXv2)
![Page 35: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/35.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata +
+ Encrypted Data
Key Mgmt Service
Based on Apache OpenWhisk2. Message format for secure function chaining
1. Trustworthy environment for function execution
3. Function startup time optimizations (SGXv2)
4. Key management and deployment scheme
![Page 36: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/36.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata +
+ Encrypted Data
Key Mgmt Service
Based on Apache OpenWhisk2. Message format for secure function chaining
1. Trustworthy environment for function execution
3. Function startup time optimizations (SGXv2)
4. Key management and deployment scheme
![Page 37: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/37.jpg)
What is Clemmys?
SGX Enclave Native Application
Function A
Function BControllerGateway
Function C
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata +
+ Encrypted Data
Key Mgmt Service
Based on Apache OpenWhisk2. Message format for secure function chaining
1. Trustworthy environment for function execution
3. Function startup time optimizations (SGXv2)
4. Key management and deployment scheme
![Page 38: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/38.jpg)
Components of Clemmys
● Internal encryption ● Function chain verification● Function startup optimizations● Function deployment and key management
![Page 39: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/39.jpg)
How does Clemmys secure communication?
Function A
Function BControllerGateway
Function C
TLS TLS TLS
EPC paging → slow!
SGX Enclave Native Application
![Page 40: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/40.jpg)
How does Clemmys secure communication?
Function A
Function BControllerGateway
Function C
TLS ??? ???
SGX Enclave Native Application
![Page 41: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/41.jpg)
How does Clemmys secure communication?
Function A
Function BControllerGateway
Function C
TLS ??? ???
Idea: separate controller metadata (plaintext) from function arguments (encrypted)
SGX Enclave Native Application
![Page 42: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/42.jpg)
How does Clemmys secure communication?
Function A
Function BControllerGateway
Function C
TLS
Idea: separate controller metadata (plaintext) from function arguments (encrypted)
Plaintext Metadata ++ Encrypted Data
Plaintext Metadata ++ Encrypted Data
SGX Enclave Native Application
![Page 43: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/43.jpg)
Components of Clemmys
● Internal encryption ● Function chain verification● Function startup optimizations● Function deployment and key management
![Page 44: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/44.jpg)
● Naive encryption does not preserve function order.
Scale
Detect FeaturesControllerGateway
Report & Log
TLS Plaintext Metadata ++ Encrypted Data
Why should function chain order be enforced?
SGX Enclave Native Application
![Page 45: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/45.jpg)
Scale
Detect FeaturesControllerGateway
Report & Log
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata ++ Encrypted Data
● Naive encryption does not preserve function order.
Why should function chain order be enforced?
SGX Enclave Native Application
![Page 46: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/46.jpg)
Scale
Detect FeaturesControllerGateway
Report & Log
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata ++ Encrypted Data
● Naive encryption does not preserve function order.● Message format should preclude these attack vector.
Why should function chain order be enforced?
SGX Enclave Native Application
![Page 47: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/47.jpg)
Scale
Detect FeaturesControllerGateway
Report & Log
TLS Plaintext Metadata ++ Encrypted Data
Plaintext Metadata ++ Encrypted Data
● Naive encryption does not preserve function order.● Message format should preclude these attack vector.
Why should function chain order be enforced?
SGX Enclave Native Application
See paper for technical details
![Page 48: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/48.jpg)
Components of Clemmys
● Internal encryption ● Function chain verification● Function startup optimizations● Function deployment and key management
![Page 49: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/49.jpg)
Startup Optimizations
1. SGXv1 Enclave Creation
Enclave VM Range
Physical Pages
![Page 50: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/50.jpg)
Startup Optimizations
1. SGXv1 Enclave Creation
Enclave VM Range
EPC Size
![Page 51: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/51.jpg)
Startup Optimizations
1. SGXv1 Enclave Creation
Enclave VM Range
EPC Size
Paged out!
![Page 52: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/52.jpg)
Startup Optimizations
1. SGXv1 Enclave Creation
Enclave VM Range
EPC Size
Paged out!
![Page 53: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/53.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation
Enclave VM Range
Enclave .text and .data sectionsMetadata for heap allocator
SGXv2 allows adding pages at runtime
![Page 54: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/54.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation
Enclave VM Range
Memory access inside enclave
SGXv2 allows adding pages at runtime
![Page 55: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/55.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation
Enclave VM Range
Memory access inside enclave
Page added (augmented) dynamically
SGXv2 allows adding pages at runtime
![Page 56: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/56.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation2. EPC Batch Augmentation
Enclave VM Range
Memory access inside enclave
Page added (augmented) dynamically
![Page 57: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/57.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation2. EPC Batch Augmentation
Enclave VM Range
Memory access inside enclave
Block of N pages augmented at once
![Page 58: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/58.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation2. EPC Batch Augmentation
Enclave VM Range
Freshly allocated region of heap memory
3. Memory zeroing on deallocation
Need to be explicitly zeroed with SGXv1
![Page 59: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/59.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation2. EPC Batch Augmentation
Enclave VM Range
Freshly allocated region of heap memory
3. Memory zeroing on deallocation
Guaranteed to be zero-filled with SGXv2
![Page 60: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/60.jpg)
Startup Optimizations
1. SGXv2 Enclave Creation2. EPC Batch Augmentation
Enclave VM Range
3. Memory zeroing on deallocation
Zero-filled on memory deallocation
![Page 61: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/61.jpg)
Components of Clemmys
● Internal encryption ● Function chain verification● Function startup optimizations● Function deployment and key management
![Page 62: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/62.jpg)
How is Clemmys function deployed?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
SGX Enclave Native Application
![Page 63: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/63.jpg)
How is Clemmys function deployed?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
● Palaemon - remote attestation and configuration service● Transparent configuration management:
○ Environment variables and command-line arguments
SGX Enclave Native Application
![Page 64: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/64.jpg)
Remote AttestationIntel
How is Clemmys function deployed?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
SGX Enclave Native Application Trust Established
![Page 65: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/65.jpg)
Upload configuration(chains, secrets)
How is Clemmys function deployed?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
SGX Enclave Native Application Trust Established
![Page 66: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/66.jpg)
How is Clemmys function deployed?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
Upload functions(Docker images)
SGX Enclave Native Application Trust Established
![Page 67: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/67.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
SGX Enclave Native Application Trust Established
![Page 68: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/68.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
Remote attestation via Palaemon at launch
SGX Enclave Native Application Trust Established
![Page 69: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/69.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
SGX Enclave Native Application Trust Established
![Page 70: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/70.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
TLS API Request
SGX Enclave Native Application Trust Established
![Page 71: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/71.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
TLS API Request
SGX Enclave Native Application Trust Established
![Page 72: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/72.jpg)
How is Clemmys function invoked?
Function A
Function B
Function C
ControllerGateway
Client Palaemon
TLS API Request
Plaintext Metadata ++ Encrypted Data
SGX Enclave Native Application Trust Established
![Page 73: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/73.jpg)
How is Clemmys function invoked?
Function A
ControllerGateway
Client Palaemon
TLS API Request
Plaintext Metadata ++ Encrypted Data Worker Platform
Plaintext Metadata ++ Encrypted Data
SGX Enclave Native Application Trust Established
![Page 74: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/74.jpg)
How is Clemmys function invoked?
Function A
ControllerGateway
Client Palaemon
TLS API Request
Plaintext Metadata ++ Encrypted Data Worker Platform
Plaintext Metadata ++ Encrypted Data
1. Platform launches the enclave using the plaintext metadata
SGX Enclave Native Application Trust Established
![Page 75: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/75.jpg)
How is Clemmys function invoked?
Function A
ControllerGateway
Client Palaemon
TLS API Request
Plaintext Metadata ++ Encrypted Data Worker Platform
Plaintext Metadata ++ Encrypted Data
1. Platform launches the enclave using the plaintext metadata2. Enclave performs remote attestation and configuration with Palaemon
SGX Enclave Native Application Trust Established
![Page 76: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/76.jpg)
Plaintext Metadata ++ Encrypted Data
How is Clemmys function invoked?
Function A
ControllerGateway
Client Palaemon
TLS API Request
Worker PlatformPlaintext Metadata ++ Encrypted Data
1. Platform launches the enclave using the plaintext metadata2. Enclave performs remote attestation and configuration with Palaemon3. Enclave decrypts and processes the request
SGX Enclave Native Application Trust Established
![Page 77: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/77.jpg)
Outline
● Motivation● Design● Evaluation● Summary
56
![Page 78: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/78.jpg)
Gateway Overhead
Function A
Function B
Function C
ControllerGateway
Function A
Function B
Function C
ControllerGateway
VS.
SGX Enclave Native Application
![Page 79: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/79.jpg)
Gateway Overhead
lower ➝ better
![Page 80: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/80.jpg)
Gateway Overhead
lower ➝ better
Number of functions running on the worker node
![Page 81: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/81.jpg)
Gateway Overhead
lower ➝ better
![Page 82: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/82.jpg)
Gateway Overhead
lower ➝ better
![Page 83: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/83.jpg)
Gateway Overhead
Minimal overhead (~1-5%) over native API Gateway
lower ➝ better
![Page 84: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/84.jpg)
Function Overhead
FunctionControllerGateway
FunctionControllerGateway
VS.
SGX Enclave Native Application
![Page 85: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/85.jpg)
Function Overhead
lower ➝ better
![Page 86: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/86.jpg)
Function Overhead
lower ➝ better
![Page 87: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/87.jpg)
Function Overhead
lower ➝ better
![Page 88: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/88.jpg)
Function Overhead
Minimal overhead over native functions (up to 25%)
lower ➝ better
![Page 89: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/89.jpg)
SGXv2 Optimizations
FunctionControllerGateway
FunctionControllerGateway
VS.
SGX Enclave Native Application
SGXv1
SGXv2
![Page 90: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/90.jpg)
SGXv2 Optimizations
Speedup normalized by the SGXv1 function run time
![Page 91: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/91.jpg)
SGXv2 Optimizations
higher ➝ better
![Page 92: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/92.jpg)
SGXv2 Optimizations
● SGXv2 - all optimizations● SGXv2(NB) - no batched augmentation● SGXv2(NB,NO) - no batched augmentation and memory zeroing on deallocation
higher ➝ better
![Page 93: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/93.jpg)
SGXv2 Optimizations
● SGXv2 - all optimizations● SGXv2(NB) - no batched augmentation● SGXv2(NB,NO) - no batched augmentation and memory zeroing on deallocation
higher ➝ better
![Page 94: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/94.jpg)
SGXv2 Optimizations
● SGXv2 - all optimizations● SGXv2(NB) - no batched augmentation● SGXv2(NB,NO) - no batched augmentation and memory zeroing on deallocation
higher ➝ better
![Page 95: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/95.jpg)
SGXv2 Optimizations
10 times lower latency on Phoenix benchmarks with SGXv210% lower latency from additional optimizations on a few benchmarks
higher ➝ better
![Page 96: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/96.jpg)
Summary
Clemmys is:
- Secure - protects functions using enclave
- Fast - achieves near-native performance
- Flexible - does not restrict workloads
![Page 97: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/97.jpg)
Summary
Clemmys is:
- Secure - protects functions using enclave
- Fast - achieves near-native performance
- Flexible - does not restrict workloads
Thank You for your attention!
![Page 98: Clemmys - SYSTOR › 2019 › slides › S3P2 Clemmys Towards Secu… · Clemmys Towards Secure Remote Execution in FaaS Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia,](https://reader036.vdocuments.us/reader036/viewer/2022070806/5f0465317e708231d40dc2cf/html5/thumbnails/98.jpg)
Funding
This project was funded by the European Union’s Horizon 2020 program under grant agreement No. 690588 (Selis), and BMBF No. 03ZZ0517A (FastCloud)