Glasswall is a secure Function-as-a-Service (FaaS) framework that uses AMD SEV/SNP confidential computing and process snapshots to provide strong isolation guarantees for serverless workloads. This repository contains the artifacts for the Glasswall paper, including formal security proofs, modified OpenWhisk runtimes, benchmarking infrastructure, and supporting tooling.
| Directory | Description |
|---|---|
proofs/ |
Tamarin formal verification proofs for the Glasswall security model |
openwhisk/ |
Modified Apache OpenWhisk platform (fork) with Glasswall extensions |
openwhisk-runtime-python-snapshot/ |
Python runtime with snapshot/restore support |
openwhisk-runtime-python-default/ |
Baseline Python runtime (unmodified, for comparison) |
openwhisk-runtime-go/ |
Go runtime (baseline) |
openwhisk-runtime-go-auditing/ |
Go runtime with auditing extensions |
snapshotlib/ |
C library for ELF process snapshot creation and restoration |
faas-applications/ |
Sample FaaS applications used for evaluation |
bench/ |
Benchmarking scripts and experiment configurations |
sev-scripts/ |
AMD SEV/SNP setup, launch, and attestation scripts |
amdsev/ |
AMD SEV VM configuration and launch templates |
serverless-benchmarks-main/ |
Serverless benchmark suite (extended from SeBS) |
The proofs/ directory contains Tamarin prover models for the Glasswall attestation protocol. See proofs/README.md for reproduction instructions. Running the full proof suite requires ~40 GB RAM and ~12 hours on a modern 8-core CPU.
Several directories contain forked or vendored third-party projects:
openwhisk/— Fork of Apache OpenWhisk (Apache-2.0 license)serverless-benchmarks-main/— Extended from SeBSbench/ryoan-tests/apps/openssl-1.0.2u/— OpenSSL (OpenSSL license)bench/ryoan-tests/apps/libsodium-1.0.10/— libsodium (ISC license)
This project is licensed under the GNU General Public License v3.0 — see LICENSE. Third-party components retain their original licenses as noted above.