Valve: Securing Function Workflows on Serverless Computing Platforms

Serverless Computing has quickly emerged as a dominant cloud computing paradigm, allowing developers to rapidly prototype event-driven applications using a composition of small functions that each perform a single logical task. However, many such application workflows are based in part on publicly-available functions developed by third-parties, creating the potential for functions to behave in unexpected, or even malicious, ways. At present, developers are not in total control of where and how their data is flowing, creating significant security and privacy risks in growth markets that have embraced serverless (e.g., IoT). As a practical means of addressing this problem, we present Valve, a serverless platform that enables developers to exert complete fine-grained control of information flows in their applications. Valve enables workflow developers to reason about function behaviors, and specify restrictions, through auditing of network-layer information flows. By proxying network requests and propagating taint labels across network flows, Valve is able to restrict function behavior without code modification. We demonstrate that Valve is able defend against known serverless attack behaviors including container reuse-based persistence and data exfiltration over cloud platform APIs with less than 2.8% runtime overhead, 6.25% deployment overhead and 2.35% teardown overhead.

[1]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[2]  McDanielPatrick,et al.  A logical specification and analysis for SELinux MLS policy , 2010 .

[3]  Mengyuan Li,et al.  Peeking Behind the Curtains of Serverless Platforms , 2018, USENIX Annual Technical Conference.

[4]  Rahul Sawhney,et al.  Azure Durable Functions , 2019, Beginning Azure Functions.

[5]  Paarijaat Aditya,et al.  SAND: Towards High-Performance Serverless Computing , 2018, USENIX Annual Technical Conference.

[6]  Christoforos E. Kozyrakis,et al.  Pocket: Elastic Ephemeral Storage for Serverless Analytics , 2018, OSDI.

[7]  Paarijaat Aditya,et al.  Will Serverless Computing Revolutionize NFV? , 2019, Proceedings of the IEEE.

[8]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[9]  Ivan Lanese,et al.  No more, no less - A formal model for serverless computing , 2019, COORDINATION.

[10]  Andrea C. Arpaci-Dusseau,et al.  Serverless Computation with OpenLambda , 2016, HotCloud.

[11]  B. C. Jarvis No more, no less , 1991, Nature.

[12]  Andrea C. Arpaci-Dusseau,et al.  SOCK: Rapid Task Provisioning with Serverless-Optimized Containers , 2018, USENIX Annual Technical Conference.

[13]  Perry Cheng,et al.  Serverless Computing: Current Trends and Open Problems , 2017, Research Advances in Cloud Computing.

[14]  Yuriy Brun,et al.  Formal foundations of serverless computing , 2019, Proc. ACM Program. Lang..

[15]  Matthias Tichy,et al.  Retro-λ: An Event-sourced Platform for Serverless Applications with Retroactive Computing Support , 2018, DEBS.

[16]  Paul R. Brenner,et al.  Serverless Computing: Design, Implementation, and Performance , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[17]  Christoforos E. Kozyrakis,et al.  From Laptop to Lambda: Outsourcing Everyday Jobs to Thousands of Transient Functional Containers , 2019, USENIX Annual Technical Conference.

[18]  Tommi Mikkonen,et al.  Case Study: Building a Serverless Messenger Chatbot , 2017, ICWE Workshops.

[19]  Josef Spillner,et al.  A mixed-method empirical study of Function-as-a-Service software development in industrial practice , 2018, PeerJ Prepr..

[20]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[21]  Gojko Adzic,et al.  Serverless computing: economic and architectural impact , 2017, ESEC/SIGSOFT FSE.

[22]  Trent Jaeger,et al.  Integrity walls: finding attack surfaces from mandatory access control policies , 2012, ASIACCS '12.

[23]  Guido Wirtz,et al.  Troubleshooting Serverless functions: a combined monitoring and debugging approach , 2019, SICS Software-Intensive Cyber-Physical Systems.

[24]  Somesh Jha,et al.  Cimplifier: automatically debloating containers , 2017, ESEC/SIGSOFT FSE.

[25]  Christoforos E. Kozyrakis,et al.  Understanding Ephemeral Storage for Serverless Analytics , 2018, USENIX Annual Technical Conference.

[26]  Ion Stoica,et al.  Shuffling, Fast and Slow: Scalable Analytics on Serverless Infrastructure , 2019, NSDI.

[27]  Gul Agha,et al.  Costless: Optimizing Cost of Serverless Computing through Function Fusion and Placement , 2018, 2018 IEEE/ACM Symposium on Edge Computing (SEC).

[28]  Fengyuan Xu,et al.  High Fidelity Data Reduction for Big Data Security Dependency Analyses , 2016, CCS.

[29]  Perry Cheng,et al.  Building a Chatbot with Serverless Computing , 2016, MOTA@Middleware.

[30]  Leonid Ryzhyk,et al.  Secure serverless computing using dynamic information flow control , 2018, Proc. ACM Program. Lang..

[31]  Trent Jaeger,et al.  A logical specification and analysis for SELinux MLS policy , 2007, SACMAT '07.