ABSTRACT
As serverless computing continues to revolutionize the design and deployment of web services, it has become an increasingly attractive target to attackers. These adversaries are developing novel tactics for circumventing the ephemeral nature of serverless functions, exploiting container reuse optimizations and achieving lateral movement by “living off the land” provided by legitimate serverless workflows. Unfortunately, the traditional security controls currently offered by cloud providers are inadequate to counter these new threats.
In this work, we propose will.iam,1 a workflow-aware access control model and reference monitor that satisfies the functional requirements of the serverless computing paradigm. will.iam encodes the protection state of a serverless application as a permissions graph that describes the permissible transitions of its workflows, associating web requests with a permissions set at the point of ingress according to a graph-based labeling state. By proactively enforcing the permissions requirements of downstream workflow components, will.iam is able to avoid the costs of partially processing unauthorized requests and reduce the attack surface of the application. We implement the will.iam framework in Go and evaluate its performance as compared to recent related work against the well-established Nordstrom “Hello, Retail!” application. We demonstrate that will.iam imposes minimal burden to requests, averaging 0.51% overhead across representative workflows, but dramatically improves performance when handling unauthorized requests (e.g., DDoS attacks) as compared to past solutions. will.iam thus demonstrates an effective and practical alternative for authorization in the serverless paradigm.
- 2019. 21% of Open Source Serverless Apps Have Critical Vulnerabilities. https://www.puresec.io/blog/puresec-reveals-that-21-of-open-source-serverless-applications-have-critical-vulnerabilities.Google Scholar
- 2019. A Deep Dive into Serverless Attacks, SLS-1: Event Injection. https://www.protego.io/a-deep-dive-into-serverless-attacks-sls-1-event-injection/.Google Scholar
- 2019. Aqua Cloud Native Security Platform. https://www.aquasec.com/products/aqua-container-security-platform/.Google Scholar
- 2019. AWS Lambda Container Lifetime and Config Refresh. https://www.linkedin.com/pulse/aws-lambda-container-lifetime-config-refresh-frederik-willaert/.Google Scholar
- 2019. CVE-2019-5736: runc container breakout. https://www.openwall.com/lists/oss-security/2019/02/11/2.Google Scholar
- 2019. Event Injection: Protecting your Serverless Applications. https://www.jeremydaly.com/event-injection-protecting-your-serverless-applications/.Google Scholar
- 2019. Function-as-a-Service Market by User Type (Developer-Centric and Operator-Centric), Application (Web & Mobile Based, Research & Academic), Service Type, Deployment Model, Organization Size, Industry Vertical, and Region - Global Forecast to 2021. https://www.marketsandmarkets.com/Market-Reports/function-as-a-service-market-127202409.html.Google Scholar
- 2019. FunctionShield. https://www.puresec.io/function-shield.Google Scholar
- 2019. Gathering weak npm credentials. https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md.Google Scholar
- 2019. Hacking a Serverless Application: Demo. https://www.youtube.com/watch?v=TcN7wHuroVw.Google Scholar
- 2019. Intrinsic: Software security, re-invented.https://intrinsic.com/.Google Scholar
- 2019. Lambda functions for rapid prototyping. https://developer.ibm.com/articles/cl-lambda-functions-rapid-prototyping/.Google Scholar
- 2019. Many-faced threats to Serverless security. https://hackernoon.com/many-faced-threats-to-serverless-security-519e94d19dba.Google Scholar
- 2019. New Attack Vector - Serverless Crypto Mining. https://www.puresec.io/blog/new-attack-vector-serverless-crypto-mining.Google Scholar
- 2019. OWASP Serverless Top 10. https://www.owasp.org/index.php/OWASP_Serverless_Top_10_Project.Google Scholar
- 2019. Protego Serverless Runtime Security. https://www.protego.io/platform/elastic-defense/.Google Scholar
- 2019. Puresec Serverless Security Platform. https://www.puresec.io/.Google Scholar
- 2019. ReDoS Vulnerability in ”AWS-Lambda-Multipart-Parser” Node Package. https://www.puresec.io/blog/redos-vulnerability-in-aws-lambda-multipart-parser-node-package.Google Scholar
- 2019. Securing Serverless: Attacking an AWS Account via a Lambda Function. https://www.darkreading.com/cloud/securing-serverless-attacking-an-aws-account-via-a-lambda-function/a/d-id/1333047.Google Scholar
- 2019. Securing Serverless – by Breaking in. https://www.infoq.com/presentations/serverless-security-2018.Google Scholar
- 2019. Serverless Security for AWS Lambda, Azure Functions, and Google Cloud Functions. https://www.twistlock.com/solutions/serverless-security-aws-lambda-azure-google-cloud/.Google Scholar
- 2019. Snyk. https://snyk.io/.Google Scholar
- 2019. Sysdig Secure. https://sysdig.com/products/secure/.Google Scholar
- 2019. Vandium-node. https://github.com/vandium-io/vandium-node.Google Scholar
- 2020. AWS Identity and Access Management (IAM). https://aws.amazon.com/iam/Google Scholar
- 2020. AWS::Lambda::Function. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.htmlGoogle Scholar
- 2020. Cloud Breach: Compromising AWS IAM Credentials. https://rhinosecuritylabs.com/aws/aws-iam-credentials-get-compromised/Google Scholar
- 2020. List of AWS S3 Leaks. https://github.com/nagwww/s3-leaksGoogle Scholar
- 2020. Policy Evaluation Logic. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.htmlGoogle Scholar
- 2020. This Is What Happened When I Leaked My AWS Secret Key. https://alexanderpaterson.com/posts/this-is-what-happened-when-i-leaked-my-aws-secret-keyGoogle Scholar
- 2020. What Is ABAC for AWS?https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.htmlGoogle Scholar
- P. Aditya, I. E. Akkus, A. Beck, R. Chen, V. Hilt, I. Rimac, K. Satzke, and M. Stein. 2019. Will Serverless Computing Revolutionize NFV?Proc. IEEE 107, 4 (April 2019), 667–678. https://doi.org/10.1109/JPROC.2019.2898101Google ScholarCross Ref
- Gojko Adzic and Robert Chatley. 2017. Serverless Computing: Economic and Architectural Impact. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (Paderborn, Germany) (ESEC/FSE 2017). Association for Computing Machinery, New York, NY, USA, 884–889. https://doi.org/10.1145/3106237.3117767Google ScholarDigital Library
- Istemi Ekin Akkus, Ruichuan Chen, Ivica Rimac, Manuel Stein, Klaus Satzke, Andre Beck, Paarijaat Aditya, and Volker Hilt. 2018. SAND: Towards High-Performance Serverless Computing. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 923–935. https://www.usenix.org/conference/atc18/presentation/akkusGoogle ScholarDigital Library
- Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-FaaS: Trustworthy and Accountable Function-as-a-Service Using Intel SGX. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop (London, United Kingdom) (CCSW’19). Association for Computing Machinery, New York, NY, USA, 185–199. https://doi.org/10.1145/3338466.3358916Google ScholarDigital Library
- Kalev Alpernas, Cormac Flanagan, Sadjad Fouladi, Leonid Ryzhyk, Mooly Sagiv, Thomas Schmitz, and Keith Winstein. 2018. Secure Serverless Computing Using Dynamic Information Flow Control. Proc. ACM Program. Lang. 2, OOPSLA, Article 118 (Oct. 2018), 26 pages. https://doi.org/10.1145/3276488Google ScholarDigital Library
- Amazon. 2006. EC2 Beta Announcement. https://aws.amazon.com/about-aws/whats-new/2006/08/24/announcing-amazon-elastic-compute-cloud-amazon-ec2---beta/Google Scholar
- Amazon Web Services. 2020. Identity and access management for AWS Lambda. https://docs.aws.amazon.com/lambda/latest/dg/security-iam.html.Google Scholar
- Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee, David A. Patterson, Ariel Rabkin, and Matei Zaharia. 2009. Above the Clouds: A Berkeley View of Cloud Computing. (2009).Google Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 689–703. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautovGoogle ScholarDigital Library
- Ioana Baldini, Paul Castro, Kerry Chang, Perry Cheng, Stephen Fink, Vatche Ishakian, Nick Mitchell, Vinod Muthusamy, Rodric Rabbah, Aleksander Slominski, and Philippe Suter. 2017. Serverless Computing: Current Trends and Open Problems. Springer Singapore, Singapore, 1–20. https://doi.org/10.1007/978-981-10-5026-8_1Google ScholarCross Ref
- Daniel Barcelona-Pons, Pedro García-López, Álvaro Ruiz, Amanda Gómez-Gómez, Gerard París, and Marc Sánchez-Artigas. 2019. FaaS Orchestration of Parallel Workloads. In Proceedings of the 5th International Workshop on Serverless Computing (Davis, CA, USA) (WOSC ’19). Association for Computing Machinery, New York, NY, USA, 25–30. https://doi.org/10.1145/3366623.3368137Google ScholarDigital Library
- Karthikeyan Bhargavan, Cédric Fournet, and Andrew D. Gordon. 2004. A Semantics for Web Services Authentication. In Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Venice, Italy) (POPL ’04). Association for Computing Machinery, New York, NY, USA, 198–209. https://doi.org/10.1145/964001.964018Google ScholarDigital Library
- Eric Jason Brandwine. 2017. Permissions decisions in a service provider environment. US Patent 9,712,542.Google Scholar
- Stefan Brenner and Rüdiger Kapitza. 2019. Trust More, Serverless. In Proceedings of the 12th ACM International Conference on Systems and Storage (Haifa, Israel) (SYSTOR ’19). Association for Computing Machinery, New York, NY, USA, 33–43. https://doi.org/10.1145/3319647.3325825Google ScholarDigital Library
- Cloudflare. 2020. What Is Bot Traffic?https://www.cloudflare.com/learning/bots/what-is-bot-traffic/Google Scholar
- Pubali Datta, Prabuddha Kumar, Tristan Morris, Michael Grace, Amir Rahmati, , and Adam Bates. 2020. Valve: Securing Function Workflows on Serverless Computing Platforms. In Proceedings of The Web Conference 2020 (WWW ’20), April 20–24, 2020, Taipei, Taiwan. Association for Computing Machinery, New York, NY, USA. https://adambates.org/documents/Datta_Www20.pdfGoogle ScholarDigital Library
- Tarek Elgamal. 2018. Costless: Optimizing cost of serverless computing through function fusion and placement. In 2018 IEEE/ACM Symposium on Edge Computing (SEC). IEEE, 300–312.Google ScholarCross Ref
- David Ferriaolo and Richard Kuhn. 1992. Role-based access controls. In Proceedings of 15th NIST-NCSC National Computer Security Conference. 554–563.Google Scholar
- Sadjad Fouladi, Francisco Romero, Dan Iter, Qian Li, Shuvo Chatterjee, Christos Kozyrakis, Matei Zaharia, and Keith Winstein. 2019. From Laptop to Lambda: Outsourcing Everyday Jobs to Thousands of Transient Functional Containers. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 475–488. https://www.usenix.org/conference/atc19/presentation/fouladiGoogle Scholar
- Maurizio Gabbrielli, Saverio Giallorenzo, Ivan Lanese, Fabrizio Montesi, Marco Peressotti, and Stefano Pio Zingaro. 2019. No More, No Less. In Coordination Models and Languages, Hanne Riis Nielson and Emilio Tuosto (Eds.). Springer International Publishing, Cham, 148–157.Google Scholar
- Xing Gao, Zhongshu Gu, Zhengfa Li, Hani Jamjoom, and Cong Wang. 2019. Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS ’19). Association for Computing Machinery, New York, NY, USA, 1073–1086. https://doi.org/10.1145/3319535.3354227Google ScholarDigital Library
- X. Gao, B. Steenkamer, Z. Gu, M. Kayaalp, D. Pendarakis, and H. Wang. 2018. A Study on the Security Implications of Information Leakages in Container Clouds. IEEE Transactions on Dependable and Secure Computing (2018), 1–1. https://doi.org/10.1109/TDSC.2018.2879605Google ScholarDigital Library
- GitHub. 2018. GitHub DDOS Incident Report. https://github.blog/2018-03-01-ddos-incident-report/Google Scholar
- Faisal Hafeez, Pezhman Nasirifard, and Hans-Arno Jacobsen. 2018. A Serverless Approach to Publish/Subscribe Systems. In Proceedings of the 19th International Middleware Conference (Posters) (Rennes, France) (Middleware ’18). Association for Computing Machinery, New York, NY, USA, 9–10. https://doi.org/10.1145/3284014.3284019Google ScholarDigital Library
- Adam Hall and Umakishore Ramachandran. 2019. An Execution Model for Serverless Functions at the Edge. In Proceedings of the International Conference on Internet of Things Design and Implementation (Montreal, Quebec, Canada) (IoTDI ’19). Association for Computing Machinery, New York, NY, USA, 225–236. https://doi.org/10.1145/3302505.3310084Google ScholarDigital Library
- Scott Hendrickson, Stephen Sturdevant, Tyler Harter, Venkateshwaran Venkataramani, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. 2016. Serverless Computation with OpenLambda. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 16). USENIX Association, Denver, CO. https://www.usenix.org/conference/hotcloud16/workshop-program/presentation/hendricksonGoogle Scholar
- V. C. Hu, D. R. Kuhn, D. F. Ferraiolo, and J. Voas. 2015. Attribute-Based Access Control. Computer 48, 2 (2015), 85–88.Google ScholarDigital Library
- Huang, Xiaowei. 2019. Forensic Analysis in Access Control: a Case-Study of a Cloud Application. http://hdl.handle.net/10012/15265Google Scholar
- Padmavathi Iyer and Amirreza Masoumzadeh. 2019. Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies (Toronto ON, Canada) (SACMAT ’19). Association for Computing Machinery, New York, NY, USA, 135–140. https://doi.org/10.1145/3322431.3325419Google ScholarDigital Library
- Abhinav Jangda, Donald Pinckney, Yuriy Brun, and Arjun Guha. 2019. Formal Foundations of Serverless Computing. Proc. ACM Program. Lang. 3, OOPSLA, Article 149 (Oct. 2019), 26 pages. https://doi.org/10.1145/3360575Google ScholarDigital Library
- Eric Jonas, Johann Schleier-Smith, Vikram Sreekanti, Chia-che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, Joao Carreira, Karl Krauth, Neeraja Jayant Yadwadkar, Joseph E. Gonzalez, Raluca Ada Popa, Ion Stoica, and David A. Patterson. 2019. Cloud Programming Simplified: A Berkeley View on Serverless Computing. CoRR abs/1902.03383(2019). arxiv:1902.03383http://arxiv.org/abs/1902.03383Google Scholar
- Eric Jonas, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, Joao Carreira, Karl Krauth, Neeraja Yadwadkar, 2019. Cloud Programming Simplified: A Berkeley View on Serverless Computing. arXiv preprint arXiv:1902.03383(2019).Google Scholar
- Rich Jones. 2019. Gone in 60 Milliseconds: Intrusion and Exfiltration in Server-less Architectures. https://media.ccc.de/v/33c3-7865-gone_in_60_milliseconds.Google Scholar
- Bendiab Keltoum and Boucherkha Samia. 2017. A Dynamic Federated Identity Management Approach for Cloud-Based Environments. In Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing (Cambridge, United Kingdom) (ICC ’17). Association for Computing Machinery, New York, NY, USA, Article 104, 5 pages. https://doi.org/10.1145/3018896.3025152Google ScholarDigital Library
- Ana Klimovic, Yawen Wang, Christos Kozyrakis, Patrick Stuedi, Jonas Pfefferle, and Animesh Trivedi. 2018. Understanding Ephemeral Storage for Serverless Analytics. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 789–794. https://www.usenix.org/conference/atc18/presentation/klimovic-serverlessGoogle Scholar
- Ana Klimovic, Yawen Wang, Patrick Stuedi, Animesh Trivedi, Jonas Pfefferle, and Christos Kozyrakis. 2018. Pocket: Elastic Ephemeral Storage for Serverless Analytics. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). USENIX Association, Carlsbad, CA, 427–444. https://www.usenix.org/conference/osdi18/presentation/klimovicGoogle ScholarDigital Library
- M. Koch, L. V. Mancini, and F. Parisi-Presicce. 2001. On the Specification and Evolution of Access Control Policies. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (Chantilly, Virginia, USA) (SACMAT ’01). Association for Computing Machinery, New York, NY, USA, 121–130. https://doi.org/10.1145/373256.373280Google ScholarDigital Library
- Manuel Koch, Luigi V. Mancini, and Francesco Parisi-Presicce. 2002. A Graph-Based Formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5, 3 (Aug. 2002), 332–365. https://doi.org/10.1145/545186.545191Google ScholarDigital Library
- M. Koch, L. V. Mancini, and F. Parisi-Presicce. 2004. Administrative Scope in the Graph-Based Framework. In Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (Yorktown Heights, New York, USA) (SACMAT ’04). Association for Computing Machinery, New York, NY, USA, 97–104. https://doi.org/10.1145/990036.990051Google ScholarDigital Library
- Andrew Krug and Graham Jones. 2019. Hacking serverless runtimes: Profiling AWS Lambda, Azure Functions, And more. https://www.blackhat.com/us-17/briefings/schedule/#hacking-serverless-runtimes-profiling-aws-lambda-azure-functions-and-more-6434.Google Scholar
- Jörn Kuhlenkamp, Sebastian Werner, Maria C. Borges, Karim El Tal, and Stefan Tai. 2019. An Evaluation of FaaS Platforms as a Foundation for Serverless Big Data Processing. In Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing(Auckland, New Zealand) (UCC’19). Association for Computing Machinery, New York, NY, USA, 1–9. https://doi.org/10.1145/3344341.3368796Google ScholarDigital Library
- Philipp Leitner, Erik Wittern, Josef Spillner, and Waldemar Hummer. 2019. A mixed-method empirical study of Function-as-a-Service software development in industrial practice. Journal of Systems and Software 149 (2019), 340 – 359. http://www.sciencedirect.com/science/article/pii/S0164121218302735Google ScholarCross Ref
- B. Reaves M. Meli, M. McNiece. 2019. How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories. In Proceedings of the Networked and Distributed Systems Security Symposium (NDSS).Google ScholarCross Ref
- Johannes Manner, Stefan Kolb, and Guido Wirtz. 2019. Troubleshooting Serverless functions: a combined monitoring and debugging approach. SICS Software-Intensive Cyber-Physical Systems 34, 2 (01 Jun 2019), 99–104. https://doi.org/10.1007/s00450-019-00398-6Google ScholarCross Ref
- G. McGrath and P. R. Brenner. 2017. Serverless Computing: Design, Implementation, and Performance. In 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW). 405–410. https://doi.org/10.1109/ICDCSW.2017.36Google ScholarCross Ref
- Dominik Meissner, Benjamin Erb, Frank Kargl, and Matthias Tichy. 2018. Retro-λ: An Event-sourced Platform for Serverless Applications with Retroactive Computing Support. In Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand) (DEBS ’18). ACM, New York, NY, USA, 76–87. https://doi.org/10.1145/3210284.3210285Google ScholarDigital Library
- Hai Duc Nguyen, Chaojie Zhang, Zhujun Xiao, and Andrew A. Chien. 2019. Real-Time Serverless: Enabling Application Performance Guarantees. In Proceedings of the 5th International Workshop on Serverless Computing (Davis, CA, USA) (WOSC ’19). Association for Computing Machinery, New York, NY, USA, 1–6. https://doi.org/10.1145/3366623.3368133Google ScholarDigital Library
- Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea Arpaci-Dusseau, and Remzi Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 57–70. https://www.usenix.org/conference/atc18/presentation/oakesGoogle ScholarDigital Library
- Matthew Obetz, Anirban Das, Timothy Castiglia, Stacy Patterson, and Ana Milanova. 2020. Formalizing Event-Driven Behavior of Serverless Applications. In Service-Oriented and Cloud Computing, Antonio Brogi, Wolf Zimmermann, and Kyriakos Kritikos(Eds.). Springer International Publishing, Cham, 19–29.Google Scholar
- Sylvia Osborn and Yuxia Guo. 2000. Modeling Users in Role-Based Access Control. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control (Berlin, Germany) (RBAC ’00). Association for Computing Machinery, New York, NY, USA, 31–37. https://doi.org/10.1145/344287.344299Google ScholarDigital Library
- Per Persson and Ola Angelsmark. 2017. Kappa: Serverless IoT Deployment. In Proceedings of the 2nd International Workshop on Serverless Computing (Las Vegas, Nevada) (WoSC ’17). Association for Computing Machinery, New York, NY, USA, 16–21. https://doi.org/10.1145/3154847.3154853Google ScholarDigital Library
- Protego. 2020. Is AWS Lambda the Most Secure Application Platform? Probably.https://www.protego.io/is-aws-lambda-secure/.Google Scholar
- Qifan Pu, Shivaram Venkataraman, and Ion Stoica. 2019. Shuffling, Fast and Slow: Scalable Analytics on Serverless Infrastructure. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). USENIX Association, Boston, MA, 193–206. https://www.usenix.org/conference/nsdi19/presentation/puGoogle ScholarDigital Library
- Mark Ryland. 2016. Identity and access management-based access control in virtual networks. US Patent 9,438,506.Google Scholar
- Josep Sampé, Gil Vernik, Marc Sánchez-Artigas, and Pedro García-López. 2018. Serverless Data Analytics in the IBM Cloud. In Proceedings of the 19th International Middleware Conference Industry (Rennes, France) (Middleware ’18). Association for Computing Machinery, New York, NY, USA, 1–8. https://doi.org/10.1145/3284028.3284029Google ScholarDigital Library
- Tyler J. Skluzacek, Ryan Chard, Ryan Wong, Zhuozhao Li, Yadu N. Babuji, Logan Ward, Ben Blaiszik, Kyle Chard, and Ian Foster. 2019. Serverless Workflows for Indexing Large Scientific Data. In Proceedings of the 5th International Workshop on Serverless Computing (Davis, CA, USA) (WOSC ’19). Association for Computing Machinery, New York, NY, USA, 43–48. https://doi.org/10.1145/3366623.3368140Google ScholarDigital Library
- Nordstrom Technology. 2019. Hello, Retail!https://github.com/Nordstrom/hello-retailGoogle Scholar
- Ivonne Thomas and Christoph Meinel. 2010. An Identity Provider to Manage Reliable Digital Identities for SOA and the Web. In Proceedings of the 9th Symposium on Identity and Trust on the Internet (Gaithersburg, Maryland, USA) (IDTRUST ’10). Association for Computing Machinery, New York, NY, USA, 26–36. https://doi.org/10.1145/1750389.1750393Google ScholarDigital Library
- Kailas Vodrahalli and Eric Zhou. [n.d.]. Using Software-defined Caching to Enable Efficient Communication in a Serverless Environment. ([n. d.]).Google Scholar
- He Wang and Sylvia L. Osborn. 2007. Discretionary Access Control with the Administrative Role Graph Model. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (Sophia Antipolis, France) (SACMAT ’07). Association for Computing Machinery, New York, NY, USA, 151–156. https://doi.org/10.1145/1266840.1266865Google ScholarDigital Library
- Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. 2018. Peeking Behind the Curtains of Serverless Platforms. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 133–146. https://www.usenix.org/conference/atc18/presentation/wang-liangGoogle ScholarDigital Library
- Miao Zhang, Yifei Zhu, Cong Zhang, and Jiangchuan Liu. 2019. Video Processing with Serverless Computing: A Measurement Study. In Proceedings of the 29th ACM Workshop on Network and Operating Systems Support for Digital Audio and Video (Amherst, Massachusetts) (NOSSDAV ’19). Association for Computing Machinery, New York, NY, USA, 61–66. https://doi.org/10.1145/3304112.3325608Google ScholarDigital Library
Index Terms
- Workflow Integration Alleviates Identity and Access Management in Serverless Computing
Recommendations
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel ProcessingServerless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...
Protecting outsourced data in cloud computing through access management
Data outsourcing is a major component for cloud computing because data owners are able to distribute resources to external services for sharing with users and organizations. A crucial problem for owners is how to secure sensitive information accessed by ...
Identity and Access Management Framework for Multi-tenant Resources in Hybrid Cloud Computing
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityWhile more organizations have been trying to move their infrastructure to the cloud in recent years, there have been significant challenges in the identity management in the hybrid cloud. This paper showcases a novel identity and access management ...
Comments