Table of LinksAbstract and I. IntroductionII. BackgroundIII. Paranoid Stateful LambdaIV. SCL DesignV. OptimizationsVI. PSL with SCLVII. ImplementationVIII. EvaluationIX. Related WorkX. Conclusion, Acknowledgment, and References\IX. RELATED WORKCurrent Frameworks for FaaS: Existing cloud-based FaaS implementations, such as AWS Lambda [8] or OpenFaaS [32], underutilize computing resources on the edge of the network. Attempts to deploy such frameworks to the edge, such as Akamai [4], do not deliver the security guarantee required by the Edge Computing. S-FaaS [5], Clemmys [42] uses TEE and cryptographic attestation to protect the confidentiality of the execution. For all the aforementioned FaaS frameworks, they do not support stateful FaaS execution [38].\Secure Execution with TEE: PSL is motivated by the vision that the distributive worker can run securely in a TEE on a single host, making the security and efficiency of communication among multiple enclaves a logical research problem. This vision is supported by a variety of available container services and platforms, for example, TEE-enabled container services such as GrapheneSGX [43], Scone [7], and Occlum [34] and hardware TEE platforms [27] , Elasticlave [46] and Penglai [16]. Snort [26] is an in-enclave intrusion detection framework that also uses a circular buffer for communication. We note our approach differs from Snort in that they use circular buffers to convert hugepages in DPDK, while our circular buffer design is to eliminate the context switch in ecalls/ocalls.\KVS based on TEE: Existing TEE-based KVS designs mainly focus on single-TEE persistence and performance optimizations. ShieldStore [25] solves the 128MB limitation of SGXv1 by conducting most processing outside the enclave. Each key-value pair is encrypted and protected with a signature when it leaves the enclave, and the main data structures of the KVS are also stored outside the enclave. The in-enclave KVS server handles queries from an out-of-enclave client by fetching encrypted key-value pairs from untrusted memory. Speicher [9] and DiskShield [3] implement secure storage inside a secure enclave, so that the TEE can exchange data securely to the underlying storage of the host. Both SCL and Speicher [9] use a LSM-based structure for durablity, but SCL takes a step further to integrate the stored data blocks as part of the DataCapsule hash chain, and to enable efficient interenclave communication. SCL also has a much smaller TCB required than Speicher. EnclaveCache [10] and Omega [14] supports shared, in-memory KVS cache but does not support communication of enclaves from different hosts.\X. CONCLUSIONWe introduced Paranoid Stateful Lambdas, a federated FaaS framework for secure and stateful execution in both cloud and edge computing environments. We focus on the security and communication aspects of PSL by exploiting the properties and extensions of DataCaspules, a cryptographically-hardened blockchain. We propose an abstraction, the Secure Concurrency Layer, that provides security and eventual consistency to the enclaves, as well as discuss its durability and fault tolerance semantics. On our end-to-end benchmark, SCL has up to 81x higher throughput and 2.08x lower latency than the unoptimized baseline. Our system throughput scales linearly with the number of the lambdas, and our lambda task can be dispatched to authenticated workers within 0.61 second.ACKNOWLEDGMENTWe thank Anoop Jaishankar for great discussion on Asylo attestation. This material is based upon work supported by NSF/VMware Partnership on Edge Computing Data Infrastructure (ECDI), NSF award 1838833. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.REFERENCES[1] Cloc. http://cloc.sourceforge.net/. Accessed: 2021-05-1.\[2] Olzhas Adiyatov and Atakan Varol. Rapidly-exploring random tree based memory efficient motion planning. pages 354–359, 08 2013.\[3] Jinwoo Ahn, Junghee Lee, Yungwoo Ko, Donghyun Min, Jiyun Park, Sungyong Park, and Youngjae Kim. Diskshield: A data tamper-resistant storage for intel sgx. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pages 799–812, 2020.\[4] Akamai. Akamai serverless edge. https: //www.akamai.com/us/en/products/performance/ serverless-computing-edgeworkers.jsp.\[5] Fritz Alder, N Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. S-faas: Trustworthy and accountable function-as-a-service using intel sgx. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pages 185–199, 2019.\[6] Andreas M. Antonopoulos. Mastering Bitcoin. O’Reilly Media, 2017.\[7] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark Stillwell, et al. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), volume 16, pages 689–703. USENIX Association, November 2016.\[8] AWS. AWS Lambda. https://aws.amazon.com/lambda/, note = Accessed: 2021-05-1.\[9] Maurice Bailleu, Jorg Thalheim, Pramod Bhatotia, ¨ Christof Fetzer, Michio Honda, and Kapil Vaswani. Speicher: Securing lsm-based key-value stores using shielded execution. In 17th USENIX Conference on File and Storage Technologies (FAST 19), pages 173–190, 2019.\[10] Lixia Chen, Jian Li, Ruhui Ma, Haibing Guan, and HansArno Jacobsen. Enclavecache: A secure and scalable key-value cache in multi-tenant clouds using intel sgx. In Proceedings of the 20th International Middleware Conference, Middleware ’19, page 14–27, New York, NY, USA, 2019. Association for Computing Machinery.\[11] Sanchuan Chen, Xiaokuan Zhang, Michael K. Reiter, and Yinqian Zhang. Detecting privileged side-channel attacks in shielded execution with dej´ a vu. In ` Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’17, page 7–18, New York, NY, USA, 2017. Association for Computing Machinery.\[12] Alexander Conway, Abhishek Gupta, Vijay Chidambaram, Martin Farach-Colton, Richard Spillane, Amy Tai, and Rob Johnson. Splinterdb: Closing the bandwidth gap for nvme key-value stores. In 2020 {USENIX} Annual Technical Conference ({USENIX}{ATC} 20), pages 49–63, 2020.\[13] Intel Corporation. Intel(r) software guard extensions sdk for linux* os. https://download.01.org/intel-sgx/linux-1. 8/docs/Intel SGX SDK Developer Reference Linux 1.8 Open Source.pdf, 2017.\[14] Claudio Correia, Miguel Correia, and Luıs Rodrigues. Omega: a secure event ordering service for the edge. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 489– 501. IEEE, 2020.\[15] Victor Costan and Srinivas Devadas. Intel sgx explained. IACR Cryptol. ePrint Arch., 2016(86):1–118, 2016.\[16] Erhu Feng, Xu Lu, Dong Du, Bicheng Yang, Xueqiang Jiang, Yubin Xia, Binyu Zang, and Haibo Chen. Scalable memory protection in the penglai enclave. 2021.\[17] Fetch Robotics. Fetch research robot. http://fetchrobotics. com/research/.\[18] Sadjad Fouladi, Riad S Wahby, Brennan Shacklett, Karthikeyan Vasuki Balasubramaniam, William Zeng, Rahul Bhalerao, Anirudh Sivaraman, George Porter, and Keith Winstein. Encoding, fast and slow: Low-latency video processing using thousands of tiny threads. In 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17), pages 363–376, 2017.\[19] Pedro Garcia Lopez, Alberto Montresor, Dick Epema, Anwitaman Datta, Teruo Higashino, Adriana Iamnitchi, Marinho Barcellos, Pascal Felber, and Etienne Riviere. Edge-centric computing: Vision and challenges. ACM SIGCOMM Computer Communication Review, 45(5):37– 42, 2015.\[20] Kourosh Gharachorloo, Daniel Lenoski, James Laudon, Phillip Gibbons, Anoop Gupta, and John Hennessy. Memory Consistency and Event Ordering in Scalable Shared-Memory Multiprocessors. In ISCA. ACM, 1990.\[21] Google. Asylo. https://asylo.dev/. Accessed: 2021-05-1.\[22] Google. Asylo socket. https://asylo.dev/docs/reference/ runtime.html. Accessed: 2021-05-1.\[23] Jeffrey Ichnowski, William Lee, Victor Murta, Samuel Paradis, Ron Alterovitz, Joseph E Gonzalez, Ion Stoica, and Ken Goldberg. Fog Robotics Algorithms for Distributed Motion Planning Using Lambda Serverless Computing. In 2020 IEEE International Conference on Robotics and Automation (ICRA), pages 4232–4238, 2020.\[24] Sertac Karaman and Emilio Frazzoli. Sampling-based algorithms for optimal motion planning, 2011.\[25] Taehoon Kim, Joongun Park, Jaewook Woo, Seungheun Jeon, and Jaehyuk Huh. Shieldstore: Shielded in-memory key-value storage with sgx. In Proceedings of the Fourteenth EuroSys Conference 2019, EuroSys ’19, New York, NY, USA, 2019. Association for Computing Machinery.\[26] Dmitrii Kuvaiskii, Somnath Chakrabarti, and Mona Vij. Snort intrusion detection system with intel software guard extension (intel sgx). arXiv preprint arXiv:1802.00508, 2018.\[27] Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. Keystone: An open ´ framework for architecting tees. arXiv preprint arXiv:1907.10119, 2019.\[28] Microsoft. Openenclave switchless. https: //github.com/openenclave/openenclave/tree/master/ samples/switchless. Accessed: 2021-05-1.\[29] Nitesh Mor, Richard Pratt, Eric Allman, Kenneth Lutz, and John Kubiatowicz. Global data plane: A federated vision for secure data in edge computing. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1652–1663. IEEE, 2019.\[30] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Technical report, Manubot, 2019.\[31] Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. Varys: Protecting SGX enclaves from practical side-channel attacks. In 2018 USENIX Annual Technical Conference (USENIX ATC 18), pages 227–240, Boston, MA, July 2018. USENIX Association.\[32] OpenFaaS. Openfaas. https://www.openfaas.com/.\[33] Vaishaal Shankar, Karl Krauth, Qifan Pu, Eric Jonas, Shivaram Venkataraman, Ion Stoica, Benjamin Recht, and Jonathan Ragan-Kelley. Numpywren: Serverless linear algebra. arXiv preprint arXiv:1810.09679, 2018.\[34] Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, and Shoumeng Yan. Occlum: Secure and efficient multitasking inside a single enclave of intel sgx. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 955–970, 2020.\[35] Weisong Shi, Jie Cao, Quan Zhang, Youhuizi Li, and Lanyu Xu. Edge computing: Vision and challenges. IEEE Internet of Things Journal, 3(5):637–646, 2016.\[36] Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. T-sgx: Eradicating controlled-channel attacks against enclave programs. 01 2017.\[37] Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. Preventing page faults from telling your secrets. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’16, page 317–328, New York, NY, USA, 2016. Association for Computing Machinery. arXiv:2001.04592, 2020.\[38] Vikram Sreekanti, Chenggang Wu, Xiayue Charles Lin, Johann Schleier-Smith, Jose M Faleiro, Joseph E Gonzalez, Joseph M Hellerstein, and Alexey Tumanov. Cloudburst: Stateful functions-as-a-service. arXiv preprint\[39] Ajay Kumar Tanwani, Nitesh Mor, John Kubiatowicz, Joseph E. Gonzalez, and Ken Goldberg. A Fog Robotics Approach to Deep Robot Learning: Application to Object Recognition and Grasp Planning in Surface Decluttering. In Proceedings of the IEEE International Conference on Robotics and Automation, ICRA, May 2019.\[40] Facebook Database Engineering Team. Rocksdb: A persistent key-value store for flash and ram storage. https://rocksdb.org/, May 2021. Accessed: 2021-05-25.\[41] Nan Tian, Ajay Kumar Tanwani, Ken Goldberg, and Somayeh Sojoudi. Mitigating Network Latency in CloudBased Teleoperation using Motion Segmentation and Synthesis. In Proceedings of the International Symposium on Robotics Research, ISRR, Oct 2019.\[42] Bohdan Trach, Oleksii Oleksenko, Franz Gregor, Pramod Bhatotia, and Christof Fetzer. Clemmys: Towards secure remote execution in faas. In Proceedings of the 12th ACM International Conference on Systems and Storage, pages 44–54, 2019.\[43] Chia-Che Tsai, Donald E Porter, and Mona Vij. Graphene-sgx: A practical library os for unmodified applications on sgx. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658, 2017.\[44] Rob van der Meulen. What edge computing means for infrastructure and operations leaders. shorturl.at/evwD0.\[45] Ofir Weisse, Valeria Bertacco, and Todd Austin. Regaining lost cycles with hotcalls: A fast interface for sgx secure enclaves. ACM SIGARCH Computer Architecture News, 45(2):81–93, 2017.\[46] Zhijingcheng Yu, Shweta Shinde, Trevor E Carlson, and Prateek Saxena. Elasticlave: An efficient memory model for enclaves. arXiv preprint arXiv:2010.08440, 2020.\[47] Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, kc claffy, Patrick Crowley, Christos Papadopoulos, Lan Wang, and Beichuan Zhang. Named Data Networking. ACM SIGCOMM Computer Communication Review, 44(3):66–73, July 2014.\[48] Zibin Zheng, Shaoan Xie, Hongning Dai, Xiangping Chen, and Huaimin Wang. An Overview of Blockchain Technology: Architecture, Consensus, and Future trends. In IEEE International Congress on Big Data (BigData Congress), pages 557–564. IEEE, 2017.\:::infoAuthors:(1) Kaiyuan Chen, University of California, Berkeley (kych@berkeley.edu);(2) Alexander Thomas, University of California, Berkeley (alexthomas@berkeley.edu);(3) Hanming Lu, University of California, Berkeley (hanming lu@berkeley.edu);(4) William Mullen, University of California, Berkeley (wmullen@berkeley.edu);(5) Jeff Ichnowski, University of California, Berkeley (jeffi@berkeley.edu);(6) Rahul Arya, University of California, Berkeley (rahularya@berkeley.edu);(7) Nivedha Krishnakumar, University of California, Berkeley (nivedha@berkeley.edu);(8) Ryan Teoh, University of California, Berkeley (ryanteoh@berkeley.edu);(9) Willis Wang, University of California, Berkeley (williswang@berkeley.edu);(10) Anthony Joseph, University of California, Berkeley (adj@berkeley.edu);(11) John Kubiatowicz, University of California, Berkeley (kubitron@berkeley.edu).::::::infoThis paper is available on arxiv under CC BY 4.0 DEED license.:::\