Peeking Behind the Curtains of Serverless Platforms

Overview

Serverless computing is an emerging paradigm in which an application’s resource provisioning and scaling are managed by third-party services. Examples include AWS Lambda, Azure Functions, and Google Cloud Functions. Behind these services' easy-to-use APIs are opaque, complex infrastructure and management ecosystems. Performance and security concerns arise because the serverless computing platforms usually are blackboxes to tenants. Taking on the viewpoint of a serverless customer, we conduct the largest systematic measurement study to date, launching more than 50,000 function instances across these three services, in order to characterize their architectures, performance, and resource management efficiency.

We systematically examine a series of issues related to resource management: how quickly function instances can be launched, function instance placement strategies, function instance reuse, and more. Several security issues are identified and discussed. We further explore how CPU, I/O and network bandwidth are allocated among functions and the ensuing performance implications. Last but not least, we explore whether all resources are properly accounted for, and report on two resource accounting bugs that allow tenants to use extra resources for free.

Result Highlights

* In Azure, VM hosts functions from multiple tenants. Cross-tenant VM sharing make applications vulnerable to side-channel attacks.

* AWS Lambda achieved the best scalability and the the lowest coldstart latency (the time to provisioning a new function instance), followed by GCF. But the lack of performance isolation in AWS between function instances from the same account caused up to a 19x decrease in I/O, networking, or coldstart performance. Azure suffers from the same isolation issues.

* AWS Lambda has consistent issues. We found 3.8% of 20K new instances ran an inconsistent or outdated function. There are two cases: (1) AWS launched new instances of the outdated function (2% of all the inconsistent cases), and (2) AWS reused existing instances of the outdated function.

Paper

Peeking Behind the Curtains of Serverless Platforms, ATC 2018

Talks

Slides from the talk at ATC

SecLambda: Securing Serverless with Distributed Reference Monitors

Overview

As an emerging application paradigm, serverless computing attracts attention from more and more attackers. Unfortunately, security tools for conventional applications cannot be easily ported to serverless, and existing serverless security solutions are inadequate. Therefore, we present SecLambda, a new security framework that can leverage local function state and global application state to perform sophisticated security tasks to protect an application. We show how to use SecLambda to achieve control flow integrity, credential protection, and rate limiting in serverless applications, and evaluate its performance using three open-source applications in the real cloud environment. Our initial results suggest SecLambda can mitigate several attacks while introducing relatively low overhead.