SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless Computing

Third-party security analytics allow companies to outsource threat monitoring tasks to teams of experts and avoid the costs of in-house security operations centers. By analyzing telemetry data from many clients these services are able to offer enhanced insights, identifying global trends and spotting threats before they reach most customers. Unfortunately, the aggregation that drives these insights simultaneously risks exposing sensitive client data if it is not properly sanitized and tracked. In this work, we present SCIFFS, an automated information flow monitoring framework for preventing sensitive data exposure in third-party security analytics platforms. SCIFFS performs decentralized information flow control over customer data it in a serverless setting, leveraging the innate polyinstantiated nature of serverless functions to assure precise and lightweight tracking of data flows. Evaluating SCIFFS against a proof-of-concept security analytics framework on the widely-used OpenFaaS platform, we demonstrate that our solution supports common analyst workflows data ingestion, custom dashboards, threat hunting) while imposing just 3.87% runtime overhead on event ingestion and the overhead on aggregation queries grows linearly with the number of records in the database (e.g., 18.75% for 50,000 records and 104.27% for 500,000 records) as compared to an insecure baseline. Thus, SCIFFS not only establishes a privacy-respecting model for third-party security analytics, but also highlights the opportunities for security-sensitive applications in the serverless computing model.

[1]  William Enck,et al.  Preventing accidental data disclosure in modern operating systems , 2013, CCS.

[2]  Armando Solar-Lezama,et al.  Precise, dynamic information flow for database-backed applications , 2015, PLDI.

[3]  Armando Solar-Lezama,et al.  Faceted execution of policy-agnostic programs , 2013, PLAS '13.

[4]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[5]  Marc Sánchez Artigas,et al.  Serverless Data Analytics in the IBM Cloud , 2018, Middleware Industry.

[6]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Ion Stoica,et al.  Shuffling, Fast and Slow: Scalable Analytics on Serverless Infrastructure , 2019, NSDI.

[8]  Peter Druschel,et al.  Qapla: Policy compliance for database-backed systems , 2017, USENIX Security Symposium.

[9]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[10]  Thomas H. Austin,et al.  Multiple Facets for Dynamic Information Flow with Exceptions , 2017, ACM Trans. Program. Lang. Syst..

[11]  Adam Bates,et al.  Workflow Integration Alleviates Identity and Access Management in Serverless Computing , 2020, ACSAC.

[12]  Dominique Devriese,et al.  FlowFox: a web browser with flexible and precise information flow control , 2012, CCS '12.

[13]  James A. Reeds,et al.  Multilevel security in the UNIX tradition , 1992, Softw. Pract. Exp..

[14]  Landon P. Cox,et al.  TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[15]  Michael Hicks,et al.  LWeb: information flow security for multi-tier web applications , 2019, Proc. ACM Program. Lang..

[16]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[17]  Marco Guarnieri,et al.  Information-Flow Control for Database-Backed Applications , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[18]  Eddie Kohler,et al.  Towards Multiverse Databases , 2019, HotOS.

[19]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[20]  Xin Qi,et al.  Fabric: a platform for secure distributed computation and storage , 2009, SOSP '09.

[21]  Adam Bates,et al.  Valve: Securing Function Workflows on Serverless Computing Platforms , 2020, WWW.

[22]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[23]  Thomas Ristenpart,et al.  Guarding Serverless Applications with SecLambda , 2020, ArXiv.

[24]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[25]  Sven Bugiel,et al.  Secure multi-execution in Android , 2019, SAC.

[26]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[27]  A. Prasad Sistla,et al.  Preventing Information Leaks through Shadow Executions , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[28]  Trent Jaeger,et al.  An architecture for enforcing end-to-end access control over web applications , 2010, SACMAT '10.

[29]  Ion Stoica,et al.  Occupy the cloud: distributed computing for the 99% , 2017, SoCC.

[30]  Ian Foster,et al.  funcX: A Federated Function Serving Fabric for Science , 2020, HPDC.

[31]  Somesh Jha,et al.  Practical DIFC Enforcement on Android , 2016, USENIX Security Symposium.

[32]  Frank Wang,et al.  Riverbed: Enforcing User-defined Privacy Constraints in Distributed Web Services , 2019, NSDI.

[33]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[34]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[35]  Jimmy J. Lin,et al.  Serverless Data Analytics with Flint , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).

[36]  Jatinder Singh,et al.  Camflow: Managed Data-Sharing for Cloud Services , 2015, IEEE Transactions on Cloud Computing.

[37]  Leonid Ryzhyk,et al.  Secure serverless computing using dynamic information flow control , 2018, Proc. ACM Program. Lang..

[38]  Barbara Liskov,et al.  IFDB: decentralized information flow control for databases , 2013, EuroSys '13.

[39]  Eran Tromer,et al.  Noninterference for a Practical DIFC-Based Operating System , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[40]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.