Authors
Kalev Alpernas, Cormac Flanagan, Sadjad Fouladi, Leonid Ryzhyk, Mooly Sagiv, Thomas Schmitz, Keith Winstein
Publication date
2018/10/24
Journal
Proceedings of the ACM on Programming Languages
Volume
2
Issue
OOPSLA
Pages
1-26
Publisher
ACM
Description
The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC).
We show that in serverless applications, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive non-interference guarantee, which we achieve using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data.
We describe our implementation of this approach on top of JavaScript for AWS Lambda and OpenWhisk serverless platforms, and present three realistic case studies showing that it can enforce important IFC security properties with modest overhead.
Total citations
2018201920202021202220232024151116201712
Scholar articles
K Alpernas, C Flanagan, S Fouladi, L Ryzhyk, M Sagiv… - Proceedings of the ACM on Programming Languages, 2018