Abstract
Function as a Service is a popular trend in the area of cloud computing and also for IoT use cases. Thus, in addition to cloud services, installable open source platforms for FaaS have recently emerged. To deploy such an installable FaaS platform in production, the security aspect needs to be considered which has not been investigated in detail yet. Therefore, this work presents possible security threats and recommended security measures for protecting and hardening installable FaaS platforms. Currently available FaaS platforms are analyzed according to the possibilities they offer to implement such security measures. Although most platforms provide necessary security measures, there is still potential to improve the platforms by offering advanced measures and facilitate a secure deployment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
https://aws.amazon.com/lambda/ – accessed 2020-08-18.
- 5.
https://cloud.google.com/functions – accessed 2020-08-18.
- 6.
https://azure.microsoft.com/services/functions/ – accessed 2020-08-18.
- 7.
https://prometheus.io/ – accessed 2020-08-18.
- 8.
https://github.com/nats-io – accessed 2020-08-18.
- 9.
https://docs.fission.io/docs/concepts/components/core/executor/ – accessed 2020-08-18.
- 10.
- 11.
https://konghq.com/solutions/kubernetes-ingress/ – accessed 2020-08-18.
- 12.
https://www.openfaas.com/blog/read-only-functions/ – accessed 2020-08-18.
- 13.
- 14.
https://github.com/knative/serving/issues/4130 – accessed 2020-08-18.
- 15.
https://www.openfaas.com/blog/five-security-tips/ – accessed 2020-08-18.
- 16.
- 17.
https://github.com/alexellis/openfaas-oidc-plugin-pkg – accessed 2020-08-18.
- 18.
- 19.
https://kubernetes.io/docs/reference/access-authn-authz/authentication/ – accessed 2020-08-18.
- 20.
https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/ – accessed 2020-08-18.
- 21.
- 22.
https://docs.konghq.com/hub/ – accessed 2020-08-18.
- 23.
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ – accessed 2020-08-18.
- 24.
https://aws.amazon.com/de/iam/ – accessed 2020-08-18.
- 25.
https://docs.docker.com/ee/dtr/user/manage-images/scan-images-for-vulnerabilities/ – accessed 2020-08-18.
- 26.
https://github.com/anchore/anchore-engine – accessed 2020-08-18.
- 27.
https://grafana.com/ – accessed 2020-08-18.
References
Mouat, A.: Docker Security - Using Containers Safely in Production. O’Reilly Media Inc., Beijing (2015). ISBN-13: 978–1491942994
Agache, A., et al.: Firecracker: lightweight virtualization for serverless applications. In: Proceedings of the 17th USENIX NSDI, pp. 419–434. USENIX Association, Santa Clara (2020)
Alder, F., Asokan, N., Kurnikov, A., Paverd, A., Steiner, M.: S-FaaS: trustworthy and accountable function-as-a-service using Intel SGX. In: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop - CCSW 2019, pp. 185–199. ACM Press, New York (2019)
Alpernas, K., et al.: Secure serverless computing using dynamic information flow control. Proc. ACM Program. Lang. 2, 1–26 (2018)
Amaral, M., Polo, J., Carrera, D., Mohomed, I., Unuvar, M., Steinder, M.: Performance evaluation of microservices architectures using containers. In: Proceedings of the 14th International Symposium on Network Computing and Applications, pp. 27–34. IEEE (2015)
Baldini, I., et al.: Serverless computing: current trends and open problems. In: Chaudhary, S., Somani, G., Buyya, R. (eds.) Research Advances in Cloud Computing, pp. 1–20. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-5026-8_1
Baresi, L., Mendonca, D.F.: Towards a serverless platform for edge computing. In: International Conference on Fog Computing (ICFC). pp. 1–10. IEEE (2019)
Burns, B., Grant, B., Oppenheimer, D., Brewer, E., Wilkes, J.: Borg, omega, and kubernetes. Commun. ACM 59(5), 50–57 (2016)
Casalicchio, E.: Container orchestration: a survey. In: Puliafito, A., Trivedi, K.S. (eds.) Systems Modeling: Methodologies and Tools. EICC, pp. 221–235. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-92378-9_14
European Union Agency for Network and Information Security (ENISA): Security aspects of virtualization (2017). https://www.enisa.europa.eu/publications/security-aspects-of-virtualization. Accessed 09 Dec 2019
Eurostat: Cloud computing services used by more than one out of four enterprises in the EU (2018). https://ec.europa.eu/eurostat/documents/2995521/9447642/9-13122018-BP-EN.pdf
van Eyk, E., Iosup, A., Seif, S., Thömmes, M.: The SPEC cloud group’s research vision on FaaS and serverless architectures. In: Proceedings of the 2nd International Workshop on Serverless Computing, WoSC 2017, pp. 1–4. ACM, NY (2017)
Hellerstein, J.M., et al.: Serverless computing: one step forward, two steps back. In: Proceedings of the 9th Conference on Innovative Data Systems Research (CIDR) (2019)
Jawarneh, I.M.A., et al..: Container orchestration engines: a thorough functional and performance comparison. In: International Conference on Communications, pp. 1–6. IEEE (2019)
Kaviani, N., Kalinin, D., Maximilien, M.: Towards serverless as commodity. In: Proceedings of the 5th International Workshop on Serverless Computing – WOSC 2019, pp. 13–18. ACM Press, New York (2019)
Kritikos, K., Skrzypek, P.: A Review of serverless frameworks. In: Proceedings of the 4th Workshop on Serverless Computing (WoSC), pp. 161–168. IEEE (2018)
Lee, H., Satyam, K., Fox, G.C.: Evaluation of production serverless computing environments. In: Proceedings of the IEEE 11th International Conference on Cloud Computing (CLOUD 2018), pp. 442–450. IEEE (2018)
Leitner, P., Wittern, E., Spillner, J., Hummer, W.: A mixed-method empirical study of Function-as-a-Service software development in industrial practice. J. Syst. Softw. 149, 340–359 (2019)
Lynn, T., Rosati, P., Lejeune, A., Emeakaroha, V.: A preliminary review of enterprise serverless cloud computing (function-as-a-service) platforms. In: International Conference on Cloud Computing Technology and Science, pp. 162–169. IEEE (2017)
McGrath, G., Brenner, P.R.: Serverless computing: design, implementation, and performance. In: Proceedings of the IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW 2017), pp. 405–410. IEEE (2017)
Mohanty, S.K., Premsankar, G., di Francesco, M.: An evaluation of open source serverless computing frameworks. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2018), pp. 115–120. IEEE (2018)
Pahl, C.: Containerization and the PaaS cloud. IEEE Cloud Comput. 2(3), 24–31 (2015)
Palade, A., Kazmi, A., Clarke, S.: An evaluation of open source serverless computing frameworks support at the edge. In: Proceedings of the IEEE World Congress on Services (SERVICES 2019), vol. 2642–939X, pp. 206–211. IEEE (2019)
Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 1–39 (2013)
Pék, G., Buttyán, L., Bencsáth, B.: A survey of security issues in hardware virtualization. ACM Comput. Surv. 45(3), 40:1–40:34 (2013)
Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 77–93. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11599-3_5
Roberts, M., Chapin, J.: What Is Serverless?. O’Reilly Media, Sebastopol (2017)
Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016)
Spillner, J.: Practical tooling for serverless computing. In: Proceedings of the10th UCC 2017, pp. 185–186. ACM Press (2017)
van der Stock, A., Glas, B., Smithline, N., Gigler, T.: OWASP top 10–2017 the ten most critical web application security risks. Technical report, OWASP Foundation (2017)
Sultan, S., Ahmad, I., Dimitriou, T.: Container security: issues, challenges, and the road ahead. IEEE Access 7, 52976–52996 (2019)
Turnbull, J.: The Docker Book: Containerization is the New Virtualization. James Turnbull (2014). https://dockerbook.com/
Yussupov, V., Breitenbücher, U., Leymann, F., Wurster, M.: A systematic mapping study on engineering function-as-a-service platforms and tools. In: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing – UCC 2019, pp. 229–240. ACM Press (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Prechtl, M., Lichtenthäler, R., Wirtz, G. (2020). Investigating Possibilites for Protecting and Hardening Installable FaaS Platforms. In: Dustdar, S. (eds) Service-Oriented Computing. SummerSOC 2020. Communications in Computer and Information Science, vol 1310. Springer, Cham. https://doi.org/10.1007/978-3-030-64846-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-64846-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64845-9
Online ISBN: 978-3-030-64846-6
eBook Packages: Computer ScienceComputer Science (R0)