Modern cloud providers offer a myriad of execution models defined by the dynamic computational resources available to the application. These execution models are primarily optimized for efficient resource utilization of datacenter resources to leverage economies of scale. In this thesis, we provide some preliminary evidence on how cloud infrastructure and applications can be co-designed to enable applications satisfying a greater number of security properties while preserving their scalability and performance characteristics. To guide this exploration, we select a subset of prominent cloud execution models and build performant systems with augmented security properties, namely Kalium, TAPDance and Bellerophon.

In the first part of the dissertation, we define a control flow integrity framework called Kalium. Kalium is an extensible security framework that leverages local function state and global application state to enforce control-flow integrity (CFI) in serverless applications. We evaluate the performance overhead and security of Kalium using realistic open-source applications; our results show that Kalium mitigates several classes of attacks with relatively low performance overhead and outperforms the state-of-the-art serverless information flow protection systems.

In the second part, we re-architect Trigger Action Platforms (TAPs), a type of distributed event processing system, so that users have to place minimal trust in the cloud. Specifically, we design and implement TAPDance, a TAP that guarantees confidentiality and integrity of program execution in the presence of an untrustworthy TAP service. We utilize RISCV Keystone enclaves to enable these security guarantees while minimizing the trusted software and hardware base. Performance results indicate that TAPDance outperforms a baseline TAP implementation using Node.js with 32% lower latency and 33% higher throughput on average.

Lastly, we present Bellerophon, a new remote attestation mechanism that eliminates the need for both trusted verifiers and separate secret provisioning in trusted execution environments (TEEs) deployed in cloud environments. TEEs form an execution model where user programs run in isolation and free from interference from all the system software running on the machine. Bellerophon accomplishes this feat using encrypted binaries embedded with user secrets that can only be decrypted using a manufacturer-provisioned key and only when the TEE is correctly initialized. Moreover, Bellerophon seamlessly integrates with existing approaches to accelerate confidential serverless functions designed to reduce launch overheads. Bellerophon uses Hierarchical Identity-Based Encryption (HIBE) to simplify secret key management and public key distribution, and incorporates a key rotation mechanism for forward security. Finally, our evaluation shows that Bellerophon provides similar security to existing interactive attestation mechanisms with much lower latency.