BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Talks.cam//talks.cam.ac.uk// X-WR-CALNAME:Talks.cam BEGIN:VEVENT SUMMARY:Trustworthy and Accountable Function-as-a-Service using Intel SGX - Andrew Paverd\, Microsoft Research Cambridge DTSTART:20190115T140000Z DTEND:20190115T150000Z UID:TALK115540@talks.cam.ac.uk CONTACT:Alexander Vetterl DESCRIPTION:Function-as-a-Service (FaaS) is a recent and already very popu lar paradigm in cloud computing. The function provider need only specify t he function to be run\, usually in a high-level language like JavaScript\, and the service provider orchestrates all the necessary infrastructure an d software stacks. The function provider is only billed for the actual com putational resources used by the function invocation. Compared to previous cloud paradigms\, FaaS requires significantly more fine-grained resource measurement mechanisms\, e.g. to measure compute time and memory usage of a single function invocation with sub-second accuracy. Thanks to the short duration and stateless nature of functions\, and the availability of mult iple open-source frameworks\, FaaS enables non-traditional service provide rs e.g. individuals or data centers with spare capacity. However\, this ex acerbates the challenge of ensuring that resource consumption is measured accurately and reported reliably. It also raises the issues of ensuring co mputation is done correctly and minimizing the amount of information leake d to service providers. \n\nTo address these challenges\, we introduce S-F aaS\, the first architecture and implementation of FaaS to provide strong security and accountability guarantees backed by Intel SGX. To match the d ynamic event-driven nature of FaaS\, our design introduces a new key distr ibution enclave and a novel transitive attestation protocol. A core contri bution of S-FaaS is our set of resource measurement mechanisms that secure ly measure compute time and memory allocations within an enclave. LOCATION:LT2\, Computer Laboratory\, William Gates Building END:VEVENT END:VCALENDAR