Edgar: Offloading Function Execution to the Ultimate Edge: Technical Report

Web applications are on the rise and rapidly evolve into mature replacements for their native counterparts. This trend is mainly driven by the attainment of platform-independence and instant deployability. While web applications are getting more and more complex, scalability and responsiveness remain key challenges that are addressed by rather costly approaches such as cloud computing. In this paper, we present Edgar, a novel middleware for web applications that enables client-side execution of code usually requiring server-side deployment due to missing trust in clients. Following the paradigm of Function-as-a-Service, applications consist of functions that can be distributed to browsers. Other nearby browsers can discover these functions and then directly invoke them on a peer-to-peer basis. Thus, client-side resources are used to provision the web application, which generates lower costs for service providers. Offering premium services such as liberation from ads can be used to incentivise users to provide their resources. In case of resource shortage or unresponsive clients, execution falls back to a cloud-based infrastructure. Edgar combines WebAssembly for executing workloads written in different languages at near-native speed, WebRTC for browser-to-browser communication and Intel SGX to establish trust in other browser’s computations.We evaluate Edgar by implementing a digital assistant as well as a recommendation system. Our evaluation shows that Edgar generates lower costs than traditional deployments, scales linearly with increasing client numbers and manages unresponsive clients well

AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting

Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios – volunteer computing, serverless computing, and pay-by-computation for the web – shows a maximum accounting overhead of 10%

CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions

By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy protection. However, these solutions suffer from a number of limitations: some are subject to user re-identification attacks, while others lack scalability or are unable to provide accurate results. This paper presents CYCLOSA, a secure, scalable and accurate private Web search solution. CYCLOSA improves security by relying on trusted execution environments (TEEs) as provided by Intel SGX. Further, CYCLOSA proposes a novel adaptive privacy protection solution that reduces the risk of user re- identification. CYCLOSA sends fake queries to the search engine and dynamically adapts their count according to the sensitivity of the user query. In addition, CYCLOSA meets scalability as it is fully decentralized, spreading the load for distributing fake queries among other nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real query and the fake queries separately, in contrast to other existing solutions that mix fake and real query results

TrApps: Secure Compartments in the Evil Cloud

The cloud computing paradigm enables the flexible and scalable outsourcing of workloads. However, cloud customers are often reluctant to entrust their sensitive data with cloud providers. This is due to the fact that the infrastructure is owned by another company and a resulting loss of control. With the recent advent of powerful ARM hardware targeted for data centres, there is the opportunity of using trusted execution technology provided by ARM TrustZone to enhance the protection of cloud customer's data. In this paper we propose TrApps, a secure platform for general-purpose trusted execution in an untrusted cloud with multiple isolated tenants based on the ARM TrustZone technology. Our system targets the parallel execution of partitioned applications of distinct tenants with lean security-sensitive components, and is based on a minimal trusted code base in the secure world of ARM TrustZone when compared to similar systems. In our evaluation we show the feasibility of our approach, and demonstrate its performance with trusted execution of memcached with an overhead of only 36.9% compared to the vanilla implementation and execution

ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution

Many organisations enhance the performance, security, and functionality of their managed networks by deploying middleboxes centrally as part of their core network. While this simplifies maintenance, it also increases cost because middlebox hardware must scale with the number of clients. A promising alternative is to outsource middlebox functions to the clients themselves, thus leveraging their CPU resources. Such an approach, however, raises security challenges for critical middlebox functions such as firewalls and intrusion detection systems. We describe EndBox, a system that securely executes middlebox functions on client machines at the network edge. Its design combines a virtual private network (VPN) with middlebox functions that are hardware-protected by a trusted execution environment (TEE), as offered by Intel's Software Guard Extensions (SGX). By maintaining VPN connection endpoints inside SGX enclaves, EndBox ensures that all client traffic, including encrypted communication, is processed by the middlebox. Despite its decentralised model, EndBox's middlebox functions remain maintainable: they are centrally controlled and can be updated efficiently. We demonstrate EndBox with two scenarios involving (i) a large company; and (ii) an Internet service provider that both need to protect their network and connected clients. We evaluate EndBox by comparing it to centralised deployments of common middlebox functions, such as load balancing, intrusion detection, firewalling, and DDoS prevention. We show that EndBox achieves up to 3.8x higher throughput and scales linearly with the number of clients

Verlagerung von Berechnungen auf nicht vertrauenswürdige Clients

Distributed systems are often designed with untrusted clients in mind. In these systems, centrally managed infrastructure is used to perform computation on behalf of these clients. The main reason for that approach is that system designers refrain from broadly offloading computation to clients due to missing trust. Centrally management infrastructure is thereby inherently trusted, but comes at high asset and management costs. Recently, trusted execution environments have become available in commodity processors. These environments can be used to perform computation on remote infrastructure without fully trusting it. This enables a paradigm shift in the design of many distributed systems: established system architectures can be redesigned by offloading computation to clients that are traditionally untrusted. In this thesis, we propose to redesign certain types of distributed systems by removing costly centrally managed infrastructure. This thesis focuses on systems with centrally managed components such as middleboxes in company networks and web applications. Leveraging trusted execution technology on the client-side, the confidentiality and integrity of computation and associated data can be protected. Depending on the use case scenario and the associated trust relationship, consumed resources need to be accounted in a trusted fashion to reimburse and, thus, incentivise clients.Die Konzipierung verteilter Systeme geschieht meistens mit Blick auf nicht vertrauenswürdige Clients. In solchen Systemen wird eine zentral verwaltete Infrastruktur verwendet, um Berechnungen im Namen dieser Clients durchzuführen. Der Hauptgrund für diesen Ansatz ist, dass Systementwickler aufgrund von fehlendem Vertrauen von einer weitgehenden Verlagerung von Berechnungen auf Clients absehen. Im Gegensatz dazu ist eine zentral verwaltete Infrastruktur zwar inhärent vertrauenswürdig, aber mit hohen Anschaffungs- und Verwaltungskosten verbunden. Seit kurzem sind vertrauenswürdige Ausführungsumgebungen in Standardprozessoren verfügbar. Diese Umgebungen können zur Ausführung von Berechnungen auf einer entfernten Infrastruktur verwendet werden, ohne, dass dieser vollständig vertraut werden muss. So ermöglichen sie einen einen Paradigmenwechsel bei der Konzipierung vieler verteilter Systeme: Etablierte Systemarchitekturen können so umgestaltet werden, dass Berechnungen auf Clients verlagert werden, welche im herkömmlichen Sinne nicht vertrauenswürdig sind. In dieser Dissertation werden bestimmte Arten von verteilten Systemen neu konzipiert, indem kostspielige, zentral verwaltete Infrastruktur zurück gebaut wird. Dabei konzentriert sich diese Arbeit auf Systeme mit zentral verwalteten Komponenten wie Hardware für Netzwerkanalyse in Unternehmensnetzwerken und Webanwendungen. Durch den Einsatz von Technologien zur vertrauenswürdigen Ausführung auf der Seite von Clients können sowohl die Vertraulichkeit als auch Integrität von Berechnungen und dazugehöriger Daten geschützt werden. Abhängig vom Anwendungsszenario und den damit einhergehenden Vertrauensbeziehungen müssen die dabei benötigten Ressourcen auf vertrauenswürdige Weise abgerechnet werden, um so Clients zu entschädigen und Anreize zur Ausführung zu schaffen

SCONE: Secure Linux Containers with Intel SGX

In multi-tenant environments, Linux containers managed by Docker or Kubernetes have a lower resource footprint, faster startup times, and higher I/O performance compared to virtual machines (VMs) on hypervisors. Yet their weaker isolation guarantees, enforced through software kernel mechanisms, make it easier for attackers to compromise the confidentiality and integrity of application data within containers. We describe SCONE, a secure container mechanism for Docker that uses the SGX trusted execution support of Intel CPUs to protect container processes from outside attacks. The design of SCONE leads to (i) a small trusted computing base (TCB) and (ii) a low performance overhead: SCONE offers a secure C standard library interface that transparently encrypts/decrypts I/O data; to reduce the performance impact of thread synchronization and system calls within SGX enclaves, SCONE supports user-level threading and asynchronous system calls. Our evaluation shows that it protects unmodified applications with SGX, achieving 0.6× – 1.2× of native throughput