Serverless Functions Made Confidential and Efficient with Split Containers
Jiacheng Shi
34th USENIX Security Symposium (USENIX Security '25) · Day 1 · System Security 2: Trusted and Robust Computing
This talk introduces **Kofunk**, a novel **split container architecture** designed to make serverless functions both confidential and efficient when leveraging **Confidential Virtual Machines (CVMs)**. Presented by Jiacheng Shi from Shanghai University, the research tackles the significant challenges posed by integrating hardware-backed Trusted Execution Environments (TEEs) like AMD SEV and Intel TDX with the dynamic, ephemeral nature of serverless workloads. The core problem addressed is the high cold-start latency and substantial memory overhead typically associated with CVMs when used for fine-grained isolation, which fundamentally conflicts with the rapid scaling and cost-efficiency promises of serverless computing.
AI review
Kofunk is legitimate systems security research that solves a real and annoying problem: CVMs are too heavy for serverless, but sharing a full Linux kernel across tenants inside a single CVM is a TCB disaster. The split-container approach — microkernel inside the CVM, shadow containers handling resource accounting on the untrusted host — is architecturally clean and the numbers are credible. 215x latency reduction against Kata Containers on TDX and 56x memory savings aren't marketing — those reflect real CVM boot pathology that anyone who's benchmarked SEV or TDX has hit personally.