DeepAI AI Chat
Log In Sign Up

Guarding Serverless Applications with SecLambda

11/10/2020
by   Deepak Sirone Jegan, et al.
0

As an emerging application paradigm, serverless computing attracts attention from more and more attackers. Unfortunately, security tools for conventional applications cannot be easily ported to serverless, and existing serverless security solutions are inadequate. In this paper, we present SecLambda, an extensible security framework that leverages local function state and global application state to perform sophisticated security tasks to protect an application. We show how SecLambda can be used to achieve control flow integrity, credential protection, and rate limiting in serverless applications. We evaluate the performance overhead and security of SecLambda using realistic open-source applications, and our results suggest that SecLambda can mitigate several attacks while introducing relatively low performance overhead.

READ FULL TEXT

page 1

page 2

page 3

page 4

09/25/2019

SIP Shaker: Software Integrity Protection Composition

Man-At-The-End (MATE) attackers are almighty adversaries against whom th...
12/11/2020

TEEMon: A continuous performance monitoring framework for TEEs

Trusted Execution Environments (TEEs), such as Intel Software Guard eXte...
11/07/2018

Shining Light On Shadow Stacks

Control-Flow Hijacking attacks are the dominant attack vector to comprom...
04/18/2023

InversOS: Efficient Control-Flow Protection for AArch64 Applications with Privilege Inversion

With the increasing popularity of AArch64 processors in general-purpose ...
06/01/2022

Stopping Silent Sneaks: Defending against Malicious Mixes with Topological Engineering

Mixnets are a fundamental type of anonymous communication system and rec...
09/24/2020

Lic-Sec: an enhanced AppArmor Docker security profile generator

Along with the rapid development of cloud computing technology, containe...
07/12/2020

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation

Generic taint analysis is a pivotal technique in software security. Howe...