Secure serverless computing using dynamic information flow control
Kalev Alpernas,Cormac Flanagan,Sadjad Fouladi,Leonid Ryzhyk,Mooly Sagiv,Thomas Schmitz,Keith Winstein +6 more
- 24 Oct 2018
- Vol. 2, pp 118
TL;DR: In this article, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive noninterference guarantee, which is achieved using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data.
read more
Abstract: The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC). We show that in serverless applications, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive non-interference guarantee, which we achieve using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data. We describe our implementation of this approach on top of JavaScript for AWS Lambda and OpenWhisk serverless platforms, and present three realistic case studies showing that it can enforce important IFC security properties with modest overhead.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Posted Content
Serverless Computing: A Survey of Opportunities, Challenges and Applications
TL;DR: The paper surveys existing challenges toward vast adoption of serverless services and also explores some of the challenges that have not been thoroughly discussed in the previous studies.
Survey on serverless computing
TL;DR: In this article, a survey of 275 research papers that examined serverless computing from well-known literature databases were extensively reviewed to extract useful data, and the obtained data were analyzed to answer several research questions regarding state-of-the-art contributions of serverless Computing, its concepts, its platforms, its usage, etc.
Formal Foundations of Serverless Computing.
TL;DR: In this paper, an operational semantics of the essence of serverless computing is presented, which is called lambda_\Lambda$, which models all the low-level details that serverless functions can observe.
Formal foundations of serverless computing
Abhinav Jangda,Donald Pinckney,Yuriy Brun,Arjun Guha +3 more
- 10 Oct 2019
TL;DR: In this paper, the authors present an operational semantics of serverless computing called λλ, which models all the low-level details that serverless functions can observe, and show how to extend it with a composition language.
69
References
•Proceedings Article
Resilient distributed datasets: a fault-tolerant abstraction for in-memory cluster computing
Matei Zaharia,Mosharaf Chowdhury,Tathagata Das,Ankur Dave,Justin Ma,Murphy McCauley,Michael J. Franklin,Scott Shenker,Ion Stoica +8 more
- 25 Apr 2012
TL;DR: Resilient Distributed Datasets is presented, a distributed memory abstraction that lets programmers perform in-memory computations on large clusters in a fault-tolerant manner and is implemented in a system called Spark, which is evaluated through a variety of user applications and benchmarks.
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
A lattice model of secure information flow
TL;DR: The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.
JFlow: practical mostly-static information flow control
Andrew C. Myers
- 01 Jan 1999
TL;DR: The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.
Secure Computer Systems: Mathematical Foundations
D. E. Bell,Leonard J. LaPadula +1 more
- 01 Nov 1973
TL;DR: The first results of an investigation into solutions to problems of security in computer systems are reported, establishing the basis for rigorous investigation by providing a general descriptive model of a computer system.
1.2K