The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC).
We show that in serverless applications, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive non-interference guarantee, which we achieve using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data.
We describe our implementation of this approach on top of JavaScript for AWS Lambda and OpenWhisk serverless platforms, and present three realistic case studies showing that it can enforce important IFC security properties with modest overhead.
Wed 7 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
13:30 - 15:00 | |||
13:30 22mTalk | A Derivation Framework for Dependent Security Label Inference OOPSLA | ||
13:52 22mTalk | MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts OOPSLA Neville Grech University of Athens, Michael Kong University of Sydney, Anton Jurisevic University of Sydney, Lexi Brent University of Sydney, Bernhard Scholz The University of Sydney, Yannis Smaragdakis University of Athens Link to publication Pre-print File Attached | ||
14:15 22mTalk | Faster Variational Execution with Transparent Bytecode Transformation OOPSLA Chu-Pan Wong Carnegie Mellon University, Jens Meinicke Magdeburg University, Lukas Lazarek , Christian Kästner Carnegie Mellon University | ||
14:37 22mTalk | Secure Serverless Computing Using Dynamic Information Flow Control OOPSLA Kalev Alpernas Tel Aviv University, Cormac Flanagan University of California, Santa Cruz, Sadjad Fouladi Stanford University, Leonid Ryzhyk VMware Research, Mooly Sagiv Tel Aviv University, Thomas Schmitz , Keith Winstein Stanford University | ||