Lightweight, Secure and Stateful Serverless Computing with PSL

• URL: http://arxiv.org/abs/2410.20004v1
• Date: Fri, 25 Oct 2024 23:17:56 GMT
• Title: Lightweight, Secure and Stateful Serverless Computing with PSL
• Authors: Alexander Thomas, Shubham Mishra, Kaiyuan Chen, John Kubiatowicz,
• Abstract summary: We present Function-as-a-Serivce (F) framework for Trusted Execution Environments (TEEs) The framework provides rich programming language support on heterogeneous TEE hardware for statically compiled binaries and/or WebAssembly (WASM) bytecodes. It achieves near-native execution speeds by utilizing the dynamic memory mapping capabilities of Intel SGX2.
• Score: 43.025002382616066
• License:
• Abstract: We present PSL, a lightweight, secure and stateful Function-as-a-Serivce (FaaS) framework for Trusted Execution Environments (TEEs). The framework provides rich programming language support on heterogeneous TEE hardware for statically compiled binaries and/or WebAssembly (WASM) bytecodes, with a familiar Key-Value Store (KVS) interface to secure, performant, network-embedded storage. It achieves near-native execution speeds by utilizing the dynamic memory mapping capabilities of Intel SGX2 to create an in-enclave WASM runtime with Just-In-Time (JIT) compilation. PSL is designed to efficiently operate within an asynchronous environment with a distributed tamper-proof confidential storage system, assuming minority failures. The system exchanges eventually-consistent state updates across nodes while utilizing release-consistent locking mechanisms to enhance transactional capabilities. The execution of PSL is up to 3.7x faster than the state-of-the-art SGX WASM runtime. PSL reaches 95k ops/s with YCSB 100% read workload and 89k ops/s with 50% read/write workload. We demonstrate the scalability and adaptivity of PSL through a case study of secure and distributed training of deep neural networks.

Related papers

• Chat AI: A Seamless Slurm-Native Solution for HPC-Based Services [0.3124884279860061]
  Large language models (LLMs) allow researchers to run open source or custom fine-tuned LLMs and ensure users that their data remains private and is not stored without their consent. We propose an implementation consisting of a web service that runs on a cloud VM with secure access to a scalable backend running a multitude of LLM models on HPC systems. Our solution integrates with the HPC batch scheduler Slurm, enabling seamless deployment on HPC clusters, and is able to run side by side with regular Slurm workloads.
  arXiv  Detail & Related papers  (2024-06-27T12:08:21Z)
• The Road to Trust: Building Enclaves within Confidential VMs [17.064775757967627]
  NestedSGX is a framework which leverages virtual machine privilege level (VMPL) It considers the guest OS untrusted for loading potentially malicious code. It ensures that only trusted and measured code executed within the enclave can be remotely attested.
  arXiv  Detail & Related papers  (2024-02-18T03:15:02Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• A Comprehensive Trusted Runtime for WebAssembly with Intel SGX [2.6732136954707792]
  We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions.
  arXiv  Detail & Related papers  (2023-12-14T16:19:00Z)
• SOCI^+: An Enhanced Toolkit for Secure OutsourcedComputation on Integers [50.608828039206365]
  We propose SOCI+ which significantly improves the performance of SOCI. SOCI+ employs a novel (2, 2)-threshold Paillier cryptosystem with fast encryption and decryption as its cryptographic primitive. Compared with SOCI, our experimental evaluation shows that SOCI+ is up to 5.4 times more efficient in computation and 40% less in communication overhead.
  arXiv  Detail & Related papers  (2023-09-27T05:19:32Z)
• Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version) [1.2687030176231846]
  Capacity is a novel hardware-assisted intra-process access control design that embraces capability-based security principles. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains.
  arXiv  Detail & Related papers  (2023-09-20T08:57:02Z)
• BiFSMNv2: Pushing Binary Neural Networks for Keyword Spotting to Real-Network Performance [54.214426436283134]
  Deep neural networks, such as the Deep-FSMN, have been widely studied for keyword spotting (KWS) applications. We present a strong yet efficient binary neural network for KWS, namely BiFSMNv2, pushing it to the real-network accuracy performance. We highlight that benefiting from the compact architecture and optimized hardware kernel, BiFSMNv2 can achieve an impressive 25.1x speedup and 20.2x storage-saving on edge hardware.
  arXiv  Detail & Related papers  (2022-11-13T18:31:45Z)
• Efficient Privacy-Preserving Machine Learning with Lightweight Trusted Hardware [20.21755520998494]
  This paper proposes a new secure machine learning inference platform assisted by a small dedicated security processor. We achieve significant performance improvements compared to state-of-the-art distributed Privacy-Preserving Machine Learning (PPML) protocols. Our technique is not limited by the size of secure memory in a TEE and can support high-capacity modern neural networks like ResNet18 and Transformer.
  arXiv  Detail & Related papers  (2022-10-18T20:06:06Z)
• ESPnet-SLU: Advancing Spoken Language Understanding through ESPnet [95.39817519115394]
  ESPnet-SLU is a project inside end-to-end speech processing toolkit, ESPnet. It is designed for quick development of spoken language understanding in a single framework.
  arXiv  Detail & Related papers  (2021-11-29T17:05:49Z)
• Tensor Processing Primitives: A Programming Abstraction for Efficiency and Portability in Deep Learning Workloads [86.62083829086393]
  This work introduces the Processing Primitives (TPP), a programming abstraction striving for efficient, portable implementation of Deep Learning-workloads with high-productivity. TPPs define a compact, yet versatile set of 2D-tensor operators (or a virtual ISA), which can be utilized as building-blocks to construct complex operators on high-dimensional tensors. We demonstrate the efficacy of our approach using standalone kernels and end-to-end DL-workloads expressed entirely via TPPs that outperform state-of-the-art implementations on multiple platforms.
  arXiv  Detail & Related papers  (2021-04-12T18:35:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.