Jiacheng Shi, Jinyu Gu, Yubin Xia, and Haibo Chen, Shanghai Jiao Tong University
The increasing adoption of serverless computing in security-critical fields (e.g., finance and healthcare) motivates confidential serverless. This paper explores confidential virtual machines (CVMs), a promising hardware security feature offered by various CPU architectures, for securing serverless functions. However, our analysis reveals a mismatch between current CVM implementations and function needs, resulting in performance bottlenecks, resource inefficiency, and an expanded trusted computing base (TCB).
We present split container, a design that separates security and management to create confidential containers with a minimal TCB. Our observation is that real-world serverless functions often require a limited set of OS functionalities. Thus, our design deploys a function-oriented OS (microkernel + library OS) within the CVM for secure execution of multiple functions while reusing an untrusted commodity OS like Linux outside for container management. Based on the split container design, we have implemented CoFunc, a system prototype that works on both AMD SEV and Intel TDX. With FunctionBench and ServerlessBench, CoFunc demonstrates significant performance improvements (up to 60× on SEV and 215× on TDX) compared to the only known CVM-based confidential container (Kata-CVM with optimizations), while incurring <14% performance overhead on average compared to a state-of-the-art non-confidential container system (lean container).
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
