61 research outputs found
S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
Function-as-a-Service (FaaS) is a recent and already very popular paradigm in
cloud computing. The function provider need only specify the function to be
run, usually in a high-level language like JavaScript, and the service provider
orchestrates all the necessary infrastructure and software stacks. The function
provider is only billed for the actual computational resources used by the
function invocation. Compared to previous cloud paradigms, FaaS requires
significantly more fine-grained resource measurement mechanisms, e.g. to
measure compute time and memory usage of a single function invocation with
sub-second accuracy. Thanks to the short duration and stateless nature of
functions, and the availability of multiple open-source frameworks, FaaS
enables non-traditional service providers e.g. individuals or data centers with
spare capacity. However, this exacerbates the challenge of ensuring that
resource consumption is measured accurately and reported reliably. It also
raises the issues of ensuring computation is done correctly and minimizing the
amount of information leaked to service providers.
To address these challenges, we introduce S-FaaS, the first architecture and
implementation of FaaS to provide strong security and accountability guarantees
backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our
design introduces a new key distribution enclave and a novel transitive
attestation protocol. A core contribution of S-FaaS is our set of resource
measurement mechanisms that securely measure compute time inside an enclave,
and actual memory allocations. We have integrated S-FaaS into the popular
OpenWhisk FaaS framework. We evaluate the security of our architecture, the
accuracy of our resource measurement mechanisms, and the performance of our
implementation, showing that our resource measurement mechanisms add less than
6.3% latency on standardized benchmarks
Migrating SGX Enclaves with Persistent State
Hardware-supported security mechanisms like Intel Software Guard Extensions
(SGX) provide strong security guarantees, which are particularly relevant in
cloud settings. However, their reliance on physical hardware conflicts with
cloud practices, like migration of VMs between physical platforms. For
instance, the SGX trusted execution environment (enclave) is bound to a single
physical CPU.
Although prior work has proposed an effective mechanism to migrate an
enclave's data memory, it overlooks the migration of persistent state,
including sealed data and monotonic counters; the former risks data loss whilst
the latter undermines the SGX security guarantees. We show how this can be
exploited to mount attacks, and then propose an improved enclave migration
approach guaranteeing the consistency of persistent state. Our software-only
approach enables migratable sealed data and monotonic counters, maintains all
SGX security guarantees, minimizes developer effort, and incurs negligible
performance overhead
Confidential Consortium Framework: Secure Multiparty Applications with Confidentiality, Integrity, and High Availability
Confidentiality, integrity protection, and high availability, abbreviated to
CIA, are essential properties for trustworthy data systems. The rise of cloud
computing and the growing demand for multiparty applications however means that
building modern CIA systems is more challenging than ever. In response, we
present the Confidential Consortium Framework (CCF), a general-purpose
foundation for developing secure stateful CIA applications. CCF combines
centralized compute with decentralized trust, supporting deployment on
untrusted cloud infrastructure and transparent governance by mutually untrusted
parties. CCF leverages hardware-based trusted execution environments for
remotely verifiable confidentiality and code integrity. This is coupled with
state machine replication backed by an auditable immutable ledger for data
integrity and high availability. CCF enables each service to bring its own
application logic, custom multiparty governance model, and deployment scenario,
decoupling the operators of nodes from the consortium that governs them. CCF is
open-source and available now at https://github.com/microsoft/CCF.Comment: 16 pages, 9 figures. To appear in the Proceedings of the VLDB
Endowment, Volume 1
Biomolecular simulations: From dynamics and mechanisms to computational assays of biological activity
Biomolecular simulation is increasingly central to understanding and designing biological molecules and their interactions. Detailed, physics‐based simulation methods are demonstrating rapidly growing impact in areas as diverse as biocatalysis, drug delivery, biomaterials, biotechnology, and drug design. Simulations offer the potential of uniquely detailed, atomic‐level insight into mechanisms, dynamics, and processes, as well as increasingly accurate predictions of molecular properties. Simulations can now be used as computational assays of biological activity, for example, in predictions of drug resistance. Methodological and algorithmic developments, combined with advances in computational hardware, are transforming the scope and range of calculations. Different types of methods are required for different types of problem. Accurate methods and extensive simulations promise quantitative comparison with experiments across biochemistry. Atomistic simulations can now access experimentally relevant timescales for large systems, leading to a fertile interplay of experiment and theory and offering unprecedented opportunities for validating and developing models. Coarse‐grained methods allow studies on larger length‐ and timescales, and theoretical developments are bringing electronic structure calculations into new regimes. Multiscale methods are another key focus for development, combining different levels of theory to increase accuracy, aiming to connect chemical and molecular changes to macroscopic observables. In this review, we outline biomolecular simulation methods and highlight examples of its application to investigate questions in biology.
This article is categorized under:
Molecular and Statistical Mechanics > Molecular Dynamics and Monte‐Carlo Methods
Structure and Mechanism > Computational Biochemistry and Biophysics
Molecular and Statistical Mechanics > Free Energy Method
- …