Skip to main content

Investigating Possibilites for Protecting and Hardening Installable FaaS Platforms

  • Conference paper
  • First Online:
Service-Oriented Computing (SummerSOC 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1310))

Included in the following conference series:

  • 812 Accesses

Abstract

Function as a Service is a popular trend in the area of cloud computing and also for IoT use cases. Thus, in addition to cloud services, installable open source platforms for FaaS have recently emerged. To deploy such an installable FaaS platform in production, the security aspect needs to be considered which has not been investigated in detail yet. Therefore, this work presents possible security threats and recommended security measures for protecting and hardening installable FaaS platforms. Currently available FaaS platforms are analyzed according to the possibilities they offer to implement such security measures. Although most platforms provide necessary security measures, there is still potential to improve the platforms by offering advanced measures and facilitate a secure deployment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.docker.com/.

  2. 2.

    https://hub.docker.com/.

  3. 3.

    https://kubernetes.io.

  4. 4.

    https://aws.amazon.com/lambda/ – accessed 2020-08-18.

  5. 5.

    https://cloud.google.com/functions – accessed 2020-08-18.

  6. 6.

    https://azure.microsoft.com/services/functions/ – accessed 2020-08-18.

  7. 7.

    https://prometheus.io/ – accessed 2020-08-18.

  8. 8.

    https://github.com/nats-io – accessed 2020-08-18.

  9. 9.

    https://docs.fission.io/docs/concepts/components/core/executor/ – accessed 2020-08-18.

  10. 10.

    https://github.com/mprechtl/faas-sec-investigation.

  11. 11.

    https://konghq.com/solutions/kubernetes-ingress/ – accessed 2020-08-18.

  12. 12.

    https://www.openfaas.com/blog/read-only-functions/ – accessed 2020-08-18.

  13. 13.

    https://knative.dev/docs/serving/spec/knative-api-specification-1.0/.

  14. 14.

    https://github.com/knative/serving/issues/4130 – accessed 2020-08-18.

  15. 15.

    https://www.openfaas.com/blog/five-security-tips/ – accessed 2020-08-18.

  16. 16.

    https://github.com/openfaas/faas-netes/tree/master/chart/openfaas.

  17. 17.

    https://github.com/alexellis/openfaas-oidc-plugin-pkg – accessed 2020-08-18.

  18. 18.

    https://github.com/apache/openwhisk/blob/master/docs/cli.md#configure-the-cli-to-use-client-certificate – accessed 2020-08-18.

  19. 19.

    https://kubernetes.io/docs/reference/access-authn-authz/authentication/ – accessed 2020-08-18.

  20. 20.

    https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/ – accessed 2020-08-18.

  21. 21.

    https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/#transport-security – accessed 2020-08-18.

  22. 22.

    https://docs.konghq.com/hub/ – accessed 2020-08-18.

  23. 23.

    https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ – accessed 2020-08-18.

  24. 24.

    https://aws.amazon.com/de/iam/ – accessed 2020-08-18.

  25. 25.

    https://docs.docker.com/ee/dtr/user/manage-images/scan-images-for-vulnerabilities/ – accessed 2020-08-18.

  26. 26.

    https://github.com/anchore/anchore-engine – accessed 2020-08-18.

  27. 27.

    https://grafana.com/ – accessed 2020-08-18.

References

  1. Mouat, A.: Docker Security - Using Containers Safely in Production. O’Reilly Media Inc., Beijing (2015). ISBN-13: 978–1491942994

    Google Scholar 

  2. Agache, A., et al.: Firecracker: lightweight virtualization for serverless applications. In: Proceedings of the 17th USENIX NSDI, pp. 419–434. USENIX Association, Santa Clara (2020)

    Google Scholar 

  3. Alder, F., Asokan, N., Kurnikov, A., Paverd, A., Steiner, M.: S-FaaS: trustworthy and accountable function-as-a-service using Intel SGX. In: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop - CCSW 2019, pp. 185–199. ACM Press, New York (2019)

    Google Scholar 

  4. Alpernas, K., et al.: Secure serverless computing using dynamic information flow control. Proc. ACM Program. Lang. 2, 1–26 (2018)

    Article  Google Scholar 

  5. Amaral, M., Polo, J., Carrera, D., Mohomed, I., Unuvar, M., Steinder, M.: Performance evaluation of microservices architectures using containers. In: Proceedings of the 14th International Symposium on Network Computing and Applications, pp. 27–34. IEEE (2015)

    Google Scholar 

  6. Baldini, I., et al.: Serverless computing: current trends and open problems. In: Chaudhary, S., Somani, G., Buyya, R. (eds.) Research Advances in Cloud Computing, pp. 1–20. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-5026-8_1

    Chapter  Google Scholar 

  7. Baresi, L., Mendonca, D.F.: Towards a serverless platform for edge computing. In: International Conference on Fog Computing (ICFC). pp. 1–10. IEEE (2019)

    Google Scholar 

  8. Burns, B., Grant, B., Oppenheimer, D., Brewer, E., Wilkes, J.: Borg, omega, and kubernetes. Commun. ACM 59(5), 50–57 (2016)

    Article  Google Scholar 

  9. Casalicchio, E.: Container orchestration: a survey. In: Puliafito, A., Trivedi, K.S. (eds.) Systems Modeling: Methodologies and Tools. EICC, pp. 221–235. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-92378-9_14

    Chapter  Google Scholar 

  10. European Union Agency for Network and Information Security (ENISA): Security aspects of virtualization (2017). https://www.enisa.europa.eu/publications/security-aspects-of-virtualization. Accessed 09 Dec 2019

  11. Eurostat: Cloud computing services used by more than one out of four enterprises in the EU (2018). https://ec.europa.eu/eurostat/documents/2995521/9447642/9-13122018-BP-EN.pdf

  12. van Eyk, E., Iosup, A., Seif, S., Thömmes, M.: The SPEC cloud group’s research vision on FaaS and serverless architectures. In: Proceedings of the 2nd International Workshop on Serverless Computing, WoSC 2017, pp. 1–4. ACM, NY (2017)

    Google Scholar 

  13. Hellerstein, J.M., et al.: Serverless computing: one step forward, two steps back. In: Proceedings of the 9th Conference on Innovative Data Systems Research (CIDR) (2019)

    Google Scholar 

  14. Jawarneh, I.M.A., et al..: Container orchestration engines: a thorough functional and performance comparison. In: International Conference on Communications, pp. 1–6. IEEE (2019)

    Google Scholar 

  15. Kaviani, N., Kalinin, D., Maximilien, M.: Towards serverless as commodity. In: Proceedings of the 5th International Workshop on Serverless Computing – WOSC 2019, pp. 13–18. ACM Press, New York (2019)

    Google Scholar 

  16. Kritikos, K., Skrzypek, P.: A Review of serverless frameworks. In: Proceedings of the 4th Workshop on Serverless Computing (WoSC), pp. 161–168. IEEE (2018)

    Google Scholar 

  17. Lee, H., Satyam, K., Fox, G.C.: Evaluation of production serverless computing environments. In: Proceedings of the IEEE 11th International Conference on Cloud Computing (CLOUD 2018), pp. 442–450. IEEE (2018)

    Google Scholar 

  18. Leitner, P., Wittern, E., Spillner, J., Hummer, W.: A mixed-method empirical study of Function-as-a-Service software development in industrial practice. J. Syst. Softw. 149, 340–359 (2019)

    Article  Google Scholar 

  19. Lynn, T., Rosati, P., Lejeune, A., Emeakaroha, V.: A preliminary review of enterprise serverless cloud computing (function-as-a-service) platforms. In: International Conference on Cloud Computing Technology and Science, pp. 162–169. IEEE (2017)

    Google Scholar 

  20. McGrath, G., Brenner, P.R.: Serverless computing: design, implementation, and performance. In: Proceedings of the IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW 2017), pp. 405–410. IEEE (2017)

    Google Scholar 

  21. Mohanty, S.K., Premsankar, G., di Francesco, M.: An evaluation of open source serverless computing frameworks. In: Proceedings of the IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2018), pp. 115–120. IEEE (2018)

    Google Scholar 

  22. Pahl, C.: Containerization and the PaaS cloud. IEEE Cloud Comput. 2(3), 24–31 (2015)

    Article  Google Scholar 

  23. Palade, A., Kazmi, A., Clarke, S.: An evaluation of open source serverless computing frameworks support at the edge. In: Proceedings of the IEEE World Congress on Services (SERVICES 2019), vol. 2642–939X, pp. 206–211. IEEE (2019)

    Google Scholar 

  24. Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 1–39 (2013)

    Article  Google Scholar 

  25. Pék, G., Buttyán, L., Bencsáth, B.: A survey of security issues in hardware virtualization. ACM Comput. Surv. 45(3), 40:1–40:34 (2013)

    Article  Google Scholar 

  26. Reshetova, E., Karhunen, J., Nyman, T., Asokan, N.: Security of OS-level virtualization technologies. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 77–93. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11599-3_5

    Chapter  Google Scholar 

  27. Roberts, M., Chapin, J.: What Is Serverless?. O’Reilly Media, Sebastopol (2017)

    Google Scholar 

  28. Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016)

    Article  Google Scholar 

  29. Spillner, J.: Practical tooling for serverless computing. In: Proceedings of the10th UCC 2017, pp. 185–186. ACM Press (2017)

    Google Scholar 

  30. van der Stock, A., Glas, B., Smithline, N., Gigler, T.: OWASP top 10–2017 the ten most critical web application security risks. Technical report, OWASP Foundation (2017)

    Google Scholar 

  31. Sultan, S., Ahmad, I., Dimitriou, T.: Container security: issues, challenges, and the road ahead. IEEE Access 7, 52976–52996 (2019)

    Article  Google Scholar 

  32. Turnbull, J.: The Docker Book: Containerization is the New Virtualization. James Turnbull (2014). https://dockerbook.com/

  33. Yussupov, V., Breitenbücher, U., Leymann, F., Wurster, M.: A systematic mapping study on engineering function-as-a-service platforms and tools. In: Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing – UCC 2019, pp. 229–240. ACM Press (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Robin Lichtenthäler .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Prechtl, M., Lichtenthäler, R., Wirtz, G. (2020). Investigating Possibilites for Protecting and Hardening Installable FaaS Platforms. In: Dustdar, S. (eds) Service-Oriented Computing. SummerSOC 2020. Communications in Computer and Information Science, vol 1310. Springer, Cham. https://doi.org/10.1007/978-3-030-64846-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64846-6_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64845-9

  • Online ISBN: 978-3-030-64846-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics