IAS Joint Lecture - Making Serverless Computing Efficient, Scalable and Secure

Abstract

Serverless computing is a fast-growing cloud computing offering, with a compelling model for running cloud applications that simplifies the development, deployment, and automated management of modular software functions. The promise is efficient, low-cost computing for users. However, the rapid evolution to serverless computing has been achieved by integrating multiple existing cloud computing software components. To quickly offer its capabilities in the cloud, it has possibly sacrificed performance (latency and efficiency) and raised potential security concerns under multi-tenancy.

SPRIGHT, introduced a lightweight, high-performance data plane that leverages shared memory processing and eBPF-based event-driven mechanisms, eliminating redundant protocol processing and serialization overheads. This enables order-of-magnitude gains in throughput and latency while reducing CPU usage by up to 10× compared to KNative, without incurring cold-start penalties. After a brief intro’ to SPRIGHT, this talk will focus on the NADINO that extends SPRIGHT’s shared memory processing to span multiple nodes, thus addressing scalability. NADINO exploits DPUs to offload cross-node data transmission to RDMA NICs on the DPU. It further enables cross CPU–DPU shared memory, working seamlessly with the DPDK intra-node shared memory processing of SPRIGHT. To ensure fair multi-tenant resource sharing, NADINO uses the DPU's wimpy ARM cores as an indirection layer to orchestrate RDMA traffic, isolating the user functions from directly accessing the RDMA resources. NADINO enhances its RDMA-based data plane by enforcing early conversion of HTTP/TCP to RDMA transport at the cluster ingress to further reduce the CPU burden, achieving up to 20.9× higher RPS and 21× lower latency while saving significant CPU cycles. This talk will also briefly touch upon the speaker's work, SURE, that strengthens runtime isolation with a unikernel-based function runtime and secures the zero-copy data plane by leveraging Intel’s memory protection key (MPK) instructions, complemented by a call-gate API abstraction. SURE offers low-cost yet robust isolation of the trusted runtime from untrusted user code, achieving up to 79× performance improvement over Knative.

Together, these contributions form a comprehensive serverless dataplane that is lightweight, highperformance, and secure, moving us towards truly achieving the promised potential of serverless computing.


About the Speaker

Prof. Kadangode K. RAMAKRISHNAN received his MTech from the Indian Institute of Science, MS (1981) and Ph.D. (1983) in Computer Science from the University of Maryland, College Park, USA. He is currently a Distinguished Professor of Computer Science and Engineering at the University of California, Riverside. He joined AT&T Bell Labs in 1994 and was with AT&T Labs-Research since its inception in 1996. Prior to 1994, he was a Technical Director and Consulting Engineer in Networking at Digital Equipment Corporation. Between 2000 and 2002, he was at TeraOptic Networks, Inc., as Founder and Vice President.

Prof. Ramakrishnan is an ACM Fellow, an IEEE Fellow, and an AT&T Fellow, recognized for his fundamental contributions to communication networks, congestion control, traffic management, VPN services, and a lasting impact on AT&T and the industry. His work on the "DECbit" congestion avoidance protocol received the ACM Sigcomm Test of Time Paper Award in 2006. He received the AT&T Science and Technology Medal in 2012 and the ACM Sigcomm Lifetime Achievement Award in 2024. He has published over 300 papers and has over 180 patents issued in his name. 


For Attendees' Attention

Seating is on a first come, first served basis.