Wed 7 Nov 2018 14:37 - 15:00 at Studio 1 - Security Chair(s): Tobias Wrigstad

The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC).

We show that in serverless applications, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive non-interference guarantee, which we achieve using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data.

We describe our implementation of this approach on top of JavaScript for AWS Lambda and OpenWhisk serverless platforms, and present three realistic case studies showing that it can enforce important IFC security properties with modest overhead.

Wed 7 Nov

splash-2018-OOPSLA
13:30 - 15:00: OOPSLA - Security at Studio 1
Chair(s): Tobias WrigstadUppsala University
splash-2018-OOPSLA13:30 - 13:52
Talk
Peixuan LiPenn State University, Danfeng ZhangPennsylvania State University
splash-2018-OOPSLA13:52 - 14:15
Talk
Neville GrechUniversity of Athens, Michael KongUniversity of Sydney, Anton JurisevicUniversity of Sydney, Lexi BrentUniversity of Sydney, Bernhard ScholzThe University of Sydney, Yannis SmaragdakisUniversity of Athens
Link to publication Pre-print File Attached
splash-2018-OOPSLA14:15 - 14:37
Talk
Chu-Pan WongCarnegie Mellon University, Jens MeinickeMagdeburg University, Lukas Lazarek, Christian KästnerCarnegie Mellon University
splash-2018-OOPSLA14:37 - 15:00
Talk
Kalev AlpernasTel Aviv University, Cormac FlanaganUniversity of California, Santa Cruz, Sadjad FouladiStanford University, Leonid RyzhykVMware Research, Mooly SagivTel Aviv University, Thomas Schmitz, Keith WinsteinStanford University