WASM + Confidential Computing, Secure Your FaaS Function – Xinran Wang & Liang He, Intel
Serverless allows developers to deploy functions to the Cloud platform and run them with no knowledge of the backend servers. Yet those developers must hand over the function code and data to the cloud providers, which raises security concerns, especially for highly sensitive applications. Confidential computing is an emerging technology focusing on helping to secure the program and the data in use. This effort enables encrypted data to be processed in a portion of protected memory while lowering the risk of exposing it to the rest of the system, even to the cloud providers. In this presentation, we will introduce a zero-trust Serverless platform using CNCF Serverless platform – Knative, WebAssembly, and Trusted Execution Environment (TEE) provided by hardware. We will introduce how to safely ship function code and data into TEE, how to make remote attestation with an extended L7 protocol and how to start a running instance with WASM runtime in TEE when an end-users request arrives.
