research-article

Open access

Groundhog: Efficient Request Isolation in FaaS

Authors:

Mohamed Alzayat,

Peter Druschel,

Deepak GargAuthors Info & Claims

EuroSys '23: Proceedings of the Eighteenth European Conference on Computer Systems

Pages 398 - 415

https://doi.org/10.1145/3552326.3567503

Published: 08 May 2023 Publication History

Abstract

Security is a core responsibility for Function-as-a-Service (FaaS) providers. The prevailing approach isolates concurrent executions of functions in separate containers. However, successive invocations of the same function commonly reuse the runtime state of a previous invocation in order to avoid container cold-start delays. Although efficient, this container reuse has security implications for functions that are invoked on behalf of differently privileged users or administrative domains: bugs in a function's implementation --- or a third-party library/runtime it depends on --- may leak private data from one invocation of the function to a subsequent one.

Groundhog isolates sequential invocations of a function by efficiently reverting to a clean state, free from any private data, after each invocation. The system exploits two properties of typical FaaS platforms: each container executes at most one function at a time and legitimate functions do not retain state across invocations. This enables Groundhog to efficiently snapshot and restore function state between invocations in a manner that is independent of the programming language/runtime and does not require any changes to existing functions, libraries, language runtimes, or OS kernels. We describe the design and implementation of Groundhog and its integration with OpenWhisk, a popular production-grade open-source FaaS framework. On three existing benchmark suites, Groundhog isolates sequential invocations with modest overhead on end-to-end latency (median: 1.5%, 95p: 7%) and throughput (median: 2.5%, 95p: 49.6%), relative to an insecure baseline that reuses the container and runtime state.

References

[1]

Cve-2014-0160: The Heartbleed Bug.

[2]

Aaron Patterson. CVE-2022-23633: Action Pack Rails possible leak of response to subsequent requests. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633, Accessed 12.07.2022.

[3]

Agache, A., Brooker, M., Iordache, A., Liguori, A., Neugebauer, R., Piwonka, P., and Popa, D.-M. Firecracker: Lightweight virtualization for serverless applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20) (2020), pp. 419--434.

[4]

Akkus, I. E., Chen, R., Rimac, I., Stein, M., Satzke, K., Beck, A., Aditya, P., and Hilt, V. SAND: Towards high-performance serverless computing. In 2018 Usenix Annual Technical Conference (USENIX ATC 18) (2018), pp. 923--935.

Digital Library

[5]

Alzayat, Mohamed and Mace, Jonathan and Druschel, Peter and Garg, Deepak . Groundhog Project Website. https://groundhog.mpi-sws.org/.

[6]

Amazon AWS. AWS Lambda. https://aws.amazon.com/lambda/.

[7]

Amazon AWS. Release: AWS Lambda on 2014-11-13. https://aws.amazon.com/blogs/aws/new-provisioned-concurrency-for-lambda-functions//, Accessed 24.11.2021.

[8]

Ao, L., Porter, G., and Voelker, G. M. Faasnap: Faas made fast using snapshot-based vms. In Proceedings of the Seventeenth European Conference on Computer Systems (2022), pp. 730--746.

Digital Library

[9]

Apache. OpenWhisk. https://openwhisk.apache.org/.

[10]

Apache. Apache MPM prefork. https://httpd.apache.org/docs/2.4/mod/prefork.html, Accessed 02.03.2021.

[11]

Apache. Pre-Warmed actions in Openwhisk. https://github.com/apache/openwhisk/blob/master/docs/actions.md/, Accessed 24.11.2021.

[12]

Apache Tomcat Security team. CVE-2020-13943: Apache Tomcat possible leakage of previous request headers. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13943, Accessed 12.07.2022.

[13]

Apache Tomcat Security team. CVE-2022-25762: Apache Tomcat request mix-up. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25762, Accessed 12.07.2022.

[14]

AWS Lambda. Implementing statelessness in functions. https://docs.aws.amazon.com/lambda/latest/operatorguide/statelessness-functions.html, Accessed 01.09.2022.

[15]

AWS Lambda. Security Overview of AWS Lambda. https://docs.aws.amazon.com/whitepapers/latest/security-overview-aws-lambda/lambda-executions.html, Accessed 01.09.2022.

[16]

AWS Lambda. Predictable start-up times with Provisioned Concurrency). https://aws.amazon.com/blogs/compute/new-for-aws-lambda-predictable-start-up-times-with-provisioned-concurrency/, Accessed 02.03.2021.

[17]

Boucher, S., Kalia, A., Andersen, D. G., and Kaminsky, M. Putting the" micro" back in microservice. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (2018), pp. 645--650.

[18]

Cadden, J., Unger, T., Awad, Y., Dong, H., Krieger, O., and Appavoo, J. Seuss: skip redundant paths to make serverless fast. In Proceedings of the Fifteenth European Conference on Computer Systems (2020), pp. 1--15.

Digital Library

[19]

Chen, Y. Checkpoint and restore of micro-service in docker containers. In Proceedings of the 3rd International Conference on Mechatronics and Industrial Informatics (2015/10), pp. 915--918.

[20]

Cloudflare. Cloudflare Workers. https://workers.cloudflare.com/, Accessed 25.11.2021.

[21]

Cooperman, G., Ansel, J., and Ma, X. Transparent adaptive library-based checkpointing for master-worker style parallelism. In Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06) (2006), vol. 1, IEEE, pp. 9--pp.

Digital Library

[22]

CRIU. Checkpoint/Restore In Userspace). https://www.criu.org/, Accessed 03.12.2020.

[23]

Du, D., Yu, T., Xia, Y., Zang, B., Yan, G., Qin, C., Wu, Q., and Chen, H. Catalyzer: Sub-millisecond startup for serverless computing with initialization-less booting. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (2020), pp. 467--481.

Digital Library

[24]

Emptymonkey . A ptrace library designed to simplify syscall injection in Linux. https://github.com/emptymonkey/ptrace_do, Accessed 03.12.2020.

[25]

Fastly. https://www.fastly.com/). https://www.fastly.com/, Accessed 25.11.2021.

[26]

Google. Google Cloud Functions. https://cloud.google.com/functions, Accessed 12.01.2022.

[27]

Google Cloud Functions. Tips & Tricks for Cold Start). https://cloud.google.com/functions/docs/bestpractices/tips, Accessed 02.03.2021.

[28]

Haas, A., Rossberg, A., Schuff, D. L., Titzer, B. L., Holman, M., Gohman, D., Wagner, L., Zakai, A., and Bastien, J. Bringing the web up to speed with webassembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (2017), pp. 185--200.

Digital Library

[29]

IBM. IBM Cloud functions. https://cloud.ibm.com/functions/, Accessed 12.01.2022.

[30]

Jacob Rothstein. CVE-2020-26281: async-h1 HTTP/1.1 parser for Rust leak different user's request. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26281, Accessed 12.07.2022.

[31]

Jangda, A., Powers, B., Berger, E. D., and Guha, A. Not so fast: Analyzing the performance of webassembly vs. native code. In 2019 USENIX Annual Technical Conference (USENIX ATC 19) (2019), pp. 107--120.

[32]

John Graham-Cumming (cloudflare). Cloudbleed: Incident report on memory leak caused by Cloudflare parser bug. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/, Accessed 11.07.2022.

[33]

Li, Z., Chen, Q., and Guo, M. Pagurus: Eliminating cold startup in serverless computing with inter-action container sharing. arXiv preprint arXiv:2108.11240 (2021).

[34]

Linux. Fork system call. https://man7.org/linux/man-pages/man2/fork.2.html/, Accessed 21.04.2021.

[35]

Linux. ptrace - process trace interface. https://man7.org/linux/man-pages/man2/ptrace.2.html/, Accessed 21.04.2021.

[36]

Linux. SOFT-DIRTY PTEs. https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt/, Accessed 21.04.2021.

[37]

Linux. Userfaultfd. https://www.kernel.org/doc/html/latest/admin-guide/mm/userfaultfd.html, Accessed 21.04.2021.

[38]

Lion, D., Chiu, A., Sun, H., Zhuang, X., Grcevski, N., and Yuan, D. Don't get caught in the cold, warm-up your JVM: Understand and eliminate JVM warm-up overhead in data-parallel systems. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16) (2016), pp. 383--400.

[39]

Litton, J., Vahldiek-Oberwagner, A., Elnikety, E., Garg, D., Bhattacharjee, B., and Druschel, P. Light-weight contexts: An OS abstraction for safety and performance. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16) (2016), pp. 49--64.

[40]

Louis-Noel Pouchet. Polybench/C). http://web.cse.ohio-state.edu/~pouchet.2/software/polybench/, Accessed 21.11.2021.

[41]

Microsoft. Azure Functions. https://azure.microsoft.com/en-us/services/functions/, Accessed 04.01.2022.

[42]

Mohamed ALzayat. Detecting a bug in soft-dirty bits Kernel v5.6+. https://lore.kernel.org/linux-mm/[email protected]/T/, Accessed 20.04.2021.

[43]

Mohan, A., Sane, H., Doshi, K., Edupuganti, S., Nayak, N., and Sukhomlinov, V. Agile cold starts for scalable serverless. In 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19) (2019).

Digital Library

[44]

Oakes, E., Yang, L., Zhou, D., Houck, K., Harter, T., Arpaci-Dusseau, A., and Arpaci-Dusseau, R. SOCK: Rapid task provisioning with serverless-optimized containers. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (2018), pp. 57--70.

Digital Library

[45]

OpenFaaS. OpenFaaS. https://www.openfaas.com/, Accessed 12.01.2022.

[46]

OpenWhisk. OpenWhisk commit. https://github.com/apache/openwhisk/commit/ed3f76e38d89468d11e862ee0539e74f02ac7f8e.

[47]

OWASP . OWASP Serverless Top 10. https://owasp.org/www-project-serverless-top-10/, Accessed 02.03.2021.

[48]

Rich Jones. Gone in 60 Milliseconds: Intrusion and Exfiltration in Server-less Architectures. https://media.ccc.de/v/33c3-7865-gone_in_60_milliseconds, Accessed 02.03.2021.

[49]

Rieker, M., Ansel, J., and Cooperman, G. Transparent user-level checkpointing for the native posix thread library for linux. In PDPTA (2006), vol. 6, pp. 492--498.

[50]

Shahrad, M., Balkind, J., and Wentzlaff, D. Architectural implications of function-as-a-service computing. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture (2019), MICRO '52, p. 1063--1075.

[51]

Shahrad, M., Fonseca, R., Goiri, I., Chaudhry, G., Batum, P., Cooke, J., Laureano, E., Tresness, C., Russinovich, M., and Bianchini, R. Serverless in the wild: Characterizing and optimizing the serverless workload at a large cloud provider. In 2020 USENIX Annual Technical Conference (USENIX ATC 20) (July 2020), pp. 205--218.

[52]

Shillaker, S., and Pietzuch, P. Faasm: Lightweight isolation for efficient stateful serverless computing. In 2020 USENIX Annual Technical Conference (USENIX ATC 20) (July 2020), pp. 419--433.

[53]

Silva, P., Fireman, D., and Pereira, T. E. Prebaking functions to warm the serverless cold start. In Proceedings of the 21st International Middleware Conference (2020), pp. 1--13.

Digital Library

[54]

Stenbom, O. Refunction: Eliminating serverless cold starts through container reuse. Master's thesis, Imperial College London, 2019.

[55]

Thalheim, J., Bhatotia, P., Fonseca, P., and Kasikci, B. Cntr: Lightweight OS containers. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (2018), pp. 199--212.

[56]

Tyler McMullen (Fastly). Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing). https://popl20.sigplan.org/details/prisc-2020-papers/13/-Lucet-A-Compiler-and-Runtime-for-High-Concurrency-Low-Latency-Sandboxing, Accessed 03.12.2020.

[57]

Ustiugov, D., Petrov, P., Kogias, M., Bugnion, E., and Grot, B. Benchmarking, analysis, and optimization of serverless function snapshots. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'21) (2021).

Digital Library

[58]

Vasavada, M., Mueller, F., Hargrove, P. H., and Roman, E. Comparing different approaches for incremental checkpointing: The showdown. In Linux Symposium (2011), vol. 69.

[59]

Venkatesh, R. S., Smejkal, T., Milojicic, D. S., and Gavrilovska, A. Fast in-memory criu for docker containers. In Proceedings of the International Symposium on Memory Systems (2019), pp. 53--65.

Digital Library

[60]

Victor Stinner. The Python Performance Benchmark Suite). https://pyperformance.readthedocs.io, Accessed 21.11.2021.

[61]

Vogt, D., Giuffrida, C., Bos, H., and Tanenbaum, A. S. Lightweight memory checkpointing. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2015), IEEE, pp. 474--484.

Digital Library

[62]

Wang, K.-T. A., Ho, R., and Wu, P. Replayable execution optimized for page sharing for a managed runtime environment. In Proceedings of the Fourteenth EuroSys Conference 2019 (2019), pp. 1--16.

Digital Library

[63]

Wayne Beaton. CVE-2020-27218: Eclipse jetty possible data injection into subsequent request. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27218, Accessed 12.07.2022.

[64]

WebAssembly. WebAssembly). https://webassembly.org/.

[65]

Wesley Beary. CVE-2019-16779: RubyGem excon leak previous response. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16779, Accessed 12.07.2022.

Cited By

Huang JZhang MMa TLiu ZLin SChen KJiang JLiao XShan YZhang NLu MMa TGong HWu YWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)TrEnv: Transparently Share Serverless Execution Environments Across Different Functions and NodesProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695967(421-437)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695967
Segarra CFeldman-Fitzthum TBuono DPietzuch P(2024)Serverless Confidential Containers: Challenges and OpportunitiesProceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologies10.1145/3642977.3652097(32-40)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642977.3652097
Nguyen T(2024)Holistic cold-start management in serverless computing cloud with deep learning for time seriesFuture Generation Computer Systems10.1016/j.future.2023.12.011153:C(312-325)Online publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.future.2023.12.011

Index Terms

Groundhog: Efficient Request Isolation in FaaS
1. Security and privacy
  1. Software and application security
  2. Systems security

Recommendations

BeeHive: Sub-second Elasticity for Web Services with Semi-FaaS Execution
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2

Function-as-a-service (FaaS), an emerging cloud computing paradigm, is expected to provide strong elasticity due to its promise to auto-scale fine-grained functions rapidly. Although appealing for applications with good parallelism and dynamic ...
Tuning Runtimes in Open Source FaaS
Internet of Vehicles. Technologies and Services Toward Smart Cities
Abstract
A dynamically expanding area of cloud computing is Function as a Service (FaaS). FaaS allows customers to develop, run, and manage application functionalities on cloud infrastructure without the burden of building and managing a virtual ...
Efficient Java exception handling in just-in-time compilation
Research Articles

Java uses exceptions to provide elegant error handling capabilities during program execution. However, the presence of exception handlers complicates the job of the just-in-time (JIT) compiler, while exceptions are rarely used in most programs. This ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '23: Proceedings of the Eighteenth European Conference on Computer Systems

May 2023

910 pages

ISBN:9781450394871

DOI:10.1145/3552326

General Co-chairs:
Giuseppe Antonio Di Luna
University of Rome La Sapienza
,
Leonardo Querzoni
University of Rome La Sapienza
,
Program Co-chairs:
Alexandra Fedorova
University of British Columbia
,
Dushyanth Narayanan
Microsoft Research

Copyright © 2023 Owner/Author(s).

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2023

Check for updates

Badges

Qualifiers

Research-article

Funding Sources

European Research Council
Deutsche Forschungsgemeinschaft

Conference

EuroSys '23

Sponsor:

SIGOPS

EuroSys '23: Eighteenth European Conference on Computer Systems

May 8 - 12, 2023

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
1,136
Total Downloads

Downloads (Last 12 months)696
Downloads (Last 6 weeks)79

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang JZhang MMa TLiu ZLin SChen KJiang JLiao XShan YZhang NLu MMa TGong HWu YWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)TrEnv: Transparently Share Serverless Execution Environments Across Different Functions and NodesProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695967(421-437)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695967
Segarra CFeldman-Fitzthum TBuono DPietzuch P(2024)Serverless Confidential Containers: Challenges and OpportunitiesProceedings of the 2nd Workshop on SErverless Systems, Applications and MEthodologies10.1145/3642977.3652097(32-40)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642977.3652097
Nguyen T(2024)Holistic cold-start management in serverless computing cloud with deep learning for time seriesFuture Generation Computer Systems10.1016/j.future.2023.12.011153:C(312-325)Online publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.future.2023.12.011

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents