Secure Function-as-a-Service Platforms Using Trusted Execution Environments

Abstract

Function‑as‑a‑Service (FaaS) represents a paradigm shift in cloud computing, enabling developers to deploy individual functions—discrete units of computation—in an event‑driven, fully managed environment. By abstracting away server provisioning and scaling concerns, FaaS empowers rapid development cycles and cost‑efficient execution based solely on actual resource consumption. However, the very characteristics that make FaaS attractive—multi‑tenancy, ephemeral execution, and opaque provider control—also introduce significant security and privacy challenges. Specifically, untrusted infrastructures and potentially malicious insiders can exploit shared kernels, memory channels, and management APIs to tamper with function code, exfiltrate sensitive data, or compromise integrity guarantees.

Trusted Execution Environments (TEEs), such as Intel SGX and ARM TrustZone, supply hardware‑enforced isolation and cryptographic memory protection within secure enclaves, thereby mitigating these risks. This manuscript undertakes a comprehensive exploration of Secure FaaS platforms that leverage TEEs. We begin with a systematic analysis of existing designs—surveying enclave‑based FaaS prototypes, snapshot‑driven optimization techniques, and attestation infrastructures—highlighting their security properties and performance trade‑offs. Building on these insights, we propose a reference architecture that integrates rapid enclave instantiation (via snapshot pools), a heterogeneous‑TEE scheduler, and an immutable, blockchain‑backed resource ledger for accountability. We then describe our prototype implementation atop Apache OpenWhisk: featuring an in‑enclave WebAssembly runtime, CRIU‑based snapshot manager, and a gRPC‑driven attestation broker.

Through extensive experiments—covering cold‑start latency, warm‑start throughput, scaling behavior, and measurement accuracy under adversarial tampering—we demonstrate that Secure FaaS can deliver end‑to‑end confidentiality and integrity with modest overhead (average latency increase ≤ 10%) while preserving the elasticity and pay‑per‑use economics of conventional serverless platforms. We conclude by discussing deployment considerations, developer tooling requirements, and avenues for future research in confidential, accountable serverless computing.