Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a groundbreaking approach to securing serverless computing through confidential virtual machines in this 17-minute conference presentation from USENIX Security '25. Learn how researchers from Shanghai Jiao Tong University address the critical mismatch between current CVM implementations and serverless function requirements that leads to performance bottlenecks and resource inefficiency. Discover the innovative "split container" design that separates security and management concerns by deploying a function-oriented OS (microkernel + library OS) within the CVM for secure execution while utilizing an untrusted commodity OS like Linux outside for container management. Examine the CoFunc system prototype that demonstrates remarkable performance improvements of up to 60× on AMD SEV and 215× on Intel TDX compared to existing CVM-based confidential containers, while maintaining less than 14% performance overhead compared to non-confidential container systems. Understand how this solution creates confidential containers with a minimal trusted computing base (TCB) and addresses the growing need for confidential serverless computing in security-critical fields such as finance and healthcare. Gain insights into the technical implementation details, performance benchmarks using FunctionBench and ServerlessBench, and the practical implications for both AMD SEV and Intel TDX architectures.
