TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms
Trusted Execution Environments (TEEs) suffer from performance issues when executing certain management instructions, such as creating an enclave, context switching in and out of protected mode, and swapping cached pages. This is especially problematic for short-running, interactive functions in Func...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Choncholas, James Bhardwaj, Ketan Gavrilovska, Ada |
| description | Trusted Execution Environments (TEEs) suffer from performance issues when
executing certain management instructions, such as creating an enclave, context
switching in and out of protected mode, and swapping cached pages. This is
especially problematic for short-running, interactive functions in
Function-as-a-Service (FaaS) platforms, where existing techniques to address
enclave overheads are insufficient. We find FaaS functions can spend more time
managing the enclave than executing application instructions. In this work, we
propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms.
TGh moves computation out of the enclave onto the untrusted host using garbled
circuits (GC), a cryptographic construction for secure function evaluation. Our
approach retains the security guarantees of enclaves while avoiding the
performance issues associated with enclave management instructions. |
| doi_str_mv | 10.48550/arxiv.2309.07764 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2309_07764</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2309_07764</sourcerecordid><originalsourceid>FETCH-LOGICAL-a674-bece41e59485d6de45352adca8a375f46d121f6e131ca3ec1641f9f1247981263</originalsourceid><addsrcrecordid>eNotj8uKwjAUQLOZhXT8AFeTH2jtzbNxJ6VWQXBgui-3TTIGapUoon8_42N1dodzCJlBnolCynyO8RauGeO5yXKtlZgQ09T7BV3SpqrmdUnX9y4GS6sRuyGMv7Q8jj5YN14CDnSF-EO_B7z4YzycP8mHx-Hspm8mpFlVTblOt7t6Uy63KSot0s71ToCT5j_AKuuE5JKh7bFArqUXygIDrxxw6JG7HpQAbzwwoU0BTPGEfL20z_b2FMMB4719PLTPB_4HfCo--Q</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms</title><source>arXiv.org</source><creator>Choncholas, James ; Bhardwaj, Ketan ; Gavrilovska, Ada</creator><creatorcontrib>Choncholas, James ; Bhardwaj, Ketan ; Gavrilovska, Ada</creatorcontrib><description>Trusted Execution Environments (TEEs) suffer from performance issues when
executing certain management instructions, such as creating an enclave, context
switching in and out of protected mode, and swapping cached pages. This is
especially problematic for short-running, interactive functions in
Function-as-a-Service (FaaS) platforms, where existing techniques to address
enclave overheads are insufficient. We find FaaS functions can spend more time
managing the enclave than executing application instructions. In this work, we
propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms.
TGh moves computation out of the enclave onto the untrusted host using garbled
circuits (GC), a cryptographic construction for secure function evaluation. Our
approach retains the security guarantees of enclaves while avoiding the
performance issues associated with enclave management instructions.</description><identifier>DOI: 10.48550/arxiv.2309.07764</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2023-09</creationdate><rights>http://creativecommons.org/licenses/by-nc-sa/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,778,883</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2309.07764$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2309.07764$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Choncholas, James</creatorcontrib><creatorcontrib>Bhardwaj, Ketan</creatorcontrib><creatorcontrib>Gavrilovska, Ada</creatorcontrib><title>TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms</title><description>Trusted Execution Environments (TEEs) suffer from performance issues when
executing certain management instructions, such as creating an enclave, context
switching in and out of protected mode, and swapping cached pages. This is
especially problematic for short-running, interactive functions in
Function-as-a-Service (FaaS) platforms, where existing techniques to address
enclave overheads are insufficient. We find FaaS functions can spend more time
managing the enclave than executing application instructions. In this work, we
propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms.
TGh moves computation out of the enclave onto the untrusted host using garbled
circuits (GC), a cryptographic construction for secure function evaluation. Our
approach retains the security guarantees of enclaves while avoiding the
performance issues associated with enclave management instructions.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj8uKwjAUQLOZhXT8AFeTH2jtzbNxJ6VWQXBgui-3TTIGapUoon8_42N1dodzCJlBnolCynyO8RauGeO5yXKtlZgQ09T7BV3SpqrmdUnX9y4GS6sRuyGMv7Q8jj5YN14CDnSF-EO_B7z4YzycP8mHx-Hspm8mpFlVTblOt7t6Uy63KSot0s71ToCT5j_AKuuE5JKh7bFArqUXygIDrxxw6JG7HpQAbzwwoU0BTPGEfL20z_b2FMMB4719PLTPB_4HfCo--Q</recordid><startdate>20230914</startdate><enddate>20230914</enddate><creator>Choncholas, James</creator><creator>Bhardwaj, Ketan</creator><creator>Gavrilovska, Ada</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230914</creationdate><title>TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms</title><author>Choncholas, James ; Bhardwaj, Ketan ; Gavrilovska, Ada</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a674-bece41e59485d6de45352adca8a375f46d121f6e131ca3ec1641f9f1247981263</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Choncholas, James</creatorcontrib><creatorcontrib>Bhardwaj, Ketan</creatorcontrib><creatorcontrib>Gavrilovska, Ada</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Choncholas, James</au><au>Bhardwaj, Ketan</au><au>Gavrilovska, Ada</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms</atitle><date>2023-09-14</date><risdate>2023</risdate><abstract>Trusted Execution Environments (TEEs) suffer from performance issues when
executing certain management instructions, such as creating an enclave, context
switching in and out of protected mode, and swapping cached pages. This is
especially problematic for short-running, interactive functions in
Function-as-a-Service (FaaS) platforms, where existing techniques to address
enclave overheads are insufficient. We find FaaS functions can spend more time
managing the enclave than executing application instructions. In this work, we
propose a TEE/GC hybrid (TGh) protocol to enable confidential FaaS platforms.
TGh moves computation out of the enclave onto the untrusted host using garbled
circuits (GC), a cryptographic construction for secure function evaluation. Our
approach retains the security guarantees of enclaves while avoiding the
performance issues associated with enclave management instructions.</abstract><doi>10.48550/arxiv.2309.07764</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2309.07764 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2309_07764 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security |
| title | TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T16%3A59%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=TGh:%20A%20TEE/GC%20Hybrid%20Enabling%20Confidential%20FaaS%20Platforms&rft.au=Choncholas,%20James&rft.date=2023-09-14&rft_id=info:doi/10.48550/arxiv.2309.07764&rft_dat=%3Carxiv_GOX%3E2309_07764%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |