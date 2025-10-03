Abstract and I. Introduction

II. Background

III. Paranoid Stateful Lambda

IV. SCL Design

V. Optimizations

VI. PSL with SCL

VII. Implementation

VIII. Evaluation

IX. Related Work

X. Conclusion, Acknowledgment, and References

IX. RELATED WORK

Current Frameworks for FaaS: Existing cloud-based FaaS implementations, such as AWS Lambda [8] or OpenFaaS [32], underutilize computing resources on the edge of the network. Attempts to deploy such frameworks to the edge, such as Akamai [4], do not deliver the security guarantee required by the Edge Computing. S-FaaS [5], Clemmys [42] uses TEE and cryptographic attestation to protect the confidentiality of the execution. For all the aforementioned FaaS frameworks, they do not support stateful FaaS execution [38].

\ Secure Execution with TEE: PSL is motivated by the vision that the distributive worker can run securely in a TEE on a single host, making the security and efficiency of communication among multiple enclaves a logical research problem. This vision is supported by a variety of available container services and platforms, for example, TEE-enabled container services such as GrapheneSGX [43], Scone [7], and Occlum [34] and hardware TEE platforms [27] , Elasticlave [46] and Penglai [16]. Snort [26] is an in-enclave intrusion detection framework that also uses a circular buffer for communication. We note our approach differs from Snort in that they use circular buffers to convert hugepages in DPDK, while our circular buffer design is to eliminate the context switch in ecalls/ocalls.

\ KVS based on TEE: Existing TEE-based KVS designs mainly focus on single-TEE persistence and performance optimizations. ShieldStore [25] solves the 128MB limitation of SGXv1 by conducting most processing outside the enclave. Each key-value pair is encrypted and protected with a signature when it leaves the enclave, and the main data structures of the KVS are also stored outside the enclave. The in-enclave KVS server handles queries from an out-of-enclave client by fetching encrypted key-value pairs from untrusted memory. Speicher [9] and DiskShield [3] implement secure storage inside a secure enclave, so that the TEE can exchange data securely to the underlying storage of the host. Both SCL and Speicher [9] use a LSM-based structure for durablity, but SCL takes a step further to integrate the stored data blocks as part of the DataCapsule hash chain, and to enable efficient interenclave communication. SCL also has a much smaller TCB required than Speicher. EnclaveCache [10] and Omega [14] supports shared, in-memory KVS cache but does not support communication of enclaves from different hosts.

X. CONCLUSION

We introduced Paranoid Stateful Lambdas, a federated FaaS framework for secure and stateful execution in both cloud and edge computing environments. We focus on the security and communication aspects of PSL by exploiting the properties and extensions of DataCaspules, a cryptographically-hardened blockchain. We propose an abstraction, the Secure Concurrency Layer, that provides security and eventual consistency to the enclaves, as well as discuss its durability and fault tolerance semantics. On our end-to-end benchmark, SCL has up to 81x higher throughput and 2.08x lower latency than the unoptimized baseline. Our system throughput scales linearly with the number of the lambdas, and our lambda task can be dispatched to authenticated workers within 0.61 second.

ACKNOWLEDGMENT

We thank Anoop Jaishankar for great discussion on Asylo attestation. This material is based upon work supported by NSF/VMware Partnership on Edge Computing Data Infrastructure (ECDI), NSF award 1838833. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.

REFERENCES

:::info Authors:

(1) Kaiyuan Chen, University of California, Berkeley (kych@berkeley.edu);

(2) Alexander Thomas, University of California, Berkeley (alexthomas@berkeley.edu);

(3) Hanming Lu, University of California, Berkeley (hanming lu@berkeley.edu);

(4) William Mullen, University of California, Berkeley (wmullen@berkeley.edu);

(5) Jeff Ichnowski, University of California, Berkeley (jeffi@berkeley.edu);

(6) Rahul Arya, University of California, Berkeley (rahularya@berkeley.edu);

(7) Nivedha Krishnakumar, University of California, Berkeley (nivedha@berkeley.edu);

(8) Ryan Teoh, University of California, Berkeley (ryanteoh@berkeley.edu);

(9) Willis Wang, University of California, Berkeley (williswang@berkeley.edu);

(10) Anthony Joseph, University of California, Berkeley (adj@berkeley.edu);

(11) John Kubiatowicz, University of California, Berkeley (kubitron@berkeley.edu).

:::info This paper is available on arxiv under CC BY 4.0 DEED license.

:::

