US Patent 11301562 Function execution based on data locality and securing integration flows

Some embodiments may be associated with a cloud-based computing environment. A WASM runtime may execute as serverless functions on an entity (VM or container) dynamically selected based on a data store location (associated with data locality and/or gravity). The WASM runtime may include one or more sandboxes each running a WASM module. A database service may access the data store, and the database service may execute on the same entity as the WASM runtime. In some embodiments, an orchestration layer selects the entity based on a default policy or user-defined custom rules in accordance with exposed attributes (CPU load, memory load, read/write mixture, etc.). According to some embodiments, the serverless functions execute in a multi-tenant fashion. Moreover, the WASM runtime process may use instruction set secure enclaves to secure an access host such that, even if a root is compromised, an attacker cannot access a sandbox memory heap.