Lightweight, Secure and Stateful Serverless Computing with PSL

Alexander Thomas,Shubham Mishra,Kaiyuan Chen,John Kubiatowicz
2024-10-26
Abstract:We present PSL, a lightweight, secure and stateful Function-as-a-Serivce (FaaS) framework for Trusted Execution Environments (TEEs). The framework provides rich programming language support on heterogeneous TEE hardware for statically compiled binaries and/or WebAssembly (WASM) bytecodes, with a familiar Key-Value Store (KVS) interface to secure, performant, network-embedded storage. It achieves near-native execution speeds by utilizing the dynamic memory mapping capabilities of Intel SGX2 to create an in-enclave WASM runtime with Just-In-Time (JIT) compilation. PSL is designed to efficiently operate within an asynchronous environment with a distributed tamper-proof confidential storage system, assuming minority failures. The system exchanges eventually-consistent state updates across nodes while utilizing release-consistent locking mechanisms to enhance transactional capabilities. The execution of PSL is up to 3.7x faster than the state-of-the-art SGX WASM runtime. PSL reaches 95k ops/s with YCSB 100% read workload and 89k ops/s with 50% read/write workload. We demonstrate the scalability and adaptivity of PSL through a case study of secure and distributed training of deep neural networks.
Cryptography and Security,Distributed, Parallel, and Cluster Computing
What problem does this paper attempt to address?
The problems that this paper attempts to solve mainly focus on how to implement lightweight, secure, and stateful serverless computing in Trusted Execution Environments (TEEs). Specifically, the author proposes the PSL framework, aiming to solve the following key issues: 1. **Support for multiple programming languages and heterogeneous TEE hardware**: - Existing TEE hardware (such as Intel SGX and AMD SEV) has differences in programming capabilities and isolation characteristics. PSL provides support for multiple programming languages on different TEE hardware by creating a lightweight WebAssembly (WASM) runtime environment and ensures near - native execution speed. 2. **Efficient state management**: - Traditional FaaS frameworks usually rely on external database services to manage states, which increases latency and reduces system availability. PSL introduces a built - in Key - Value Store (KVS), allowing FaaS workers to efficiently share states, thereby improving system performance and reducing latency. 3. **Security**: - PSL ensures that all data are encrypted and signed during transmission and storage to protect their confidentiality and integrity. Especially in an untrusted storage environment, PSL uses a majority quorum mechanism to ensure data persistence and consistency. 4. **Consistency and scalability**: - PSL designs an eventual consistency state - update protocol, combined with a release - consistent locking mechanism, to adapt to asynchronous network environments. This protocol can achieve efficient concurrent processing and high throughput while ensuring security. 5. **Simplified development and deployment**: - By providing a simple and easy - to - use interface, PSL enables developers to focus on application logic without having to worry about the specific configuration and management of the underlying TEE. This is especially important for application scenarios such as privacy - protected distributed deep - learning training. In summary, the main goal of the PSL framework is to provide an efficient, secure, and easy - to - use solution for TEE - based secure serverless computing by integrating the above features.