Litcius/Paper detail

Groundhog: Efficient Request Isolation in FaaS

Mohamed Alzayat, Jonathan Mace, Peter Druschel, Deepak Garg

202315 citationsDOIOpen Access PDF

Abstract

Security is a core responsibility for Function-as-a-Service (FaaS) providers. The prevailing approach isolates concurrent executions of functions in separate containers. However, successive invocations of the same function commonly reuse the runtime state of a previous invocation in order to avoid container cold-start delays. Although efficient, this container reuse has security implications for functions that are invoked on behalf of differently privileged users or administrative domains: bugs in a function's implementation --- or a third-party library/runtime it depends on --- may leak private data from one invocation of the function to a subsequent one.

Topics & Concepts

Computer scienceIsolation (microbiology)ReuseContainer (type theory)InvocationFunction (biology)Computer securityDatabaseOperating systemEngineeringAnthropologyMicrobiologySociologyEvolutionary biologyBiologyMechanical engineeringWaste managementDistributed systems and fault toleranceSecurity and Verification in ComputingCloud Computing and Resource Management