research-article

Open access

Secure serverless computing using dynamic information flow control

Authors:

Kalev Alpernas,

Cormac Flanagan,

Sadjad Fouladi,

Thomas Schmitz,

Keith WinsteinAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 2, Issue OOPSLA

Article No.: 118, Pages 1 - 26

https://doi.org/10.1145/3276488

Published: 24 October 2018 Publication History

Abstract

The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC).

We show that in serverless applications, the termination channel found in most existing IFC systems can be arbitrarily amplified via multiple concurrent requests, necessitating a stronger termination-sensitive non-interference guarantee, which we achieve using a combination of static labeling of serverless processes and dynamic faceted labeling of persistent data.

We describe our implementation of this approach on top of JavaScript for AWS Lambda and OpenWhisk serverless platforms, and present three realistic case studies showing that it can enforce important IFC security properties with modest overhead.

References

[1]

Airbnb. 2017. StreamAlert: A serverless framework for real-time data analysis and alerting. http://airbnb.io/projects/ streamalert/ .

[2]

Kalev Alpernas, Cormac Flanagan, Sadjad Fouladi, Leonid Ryzhyk, Mooly Sagiv, Thomas Schmitz, and Keith Winstein. 2017. Trapeze source code repository. https://github.com/kalevalp/trapeze .

[3]

Amazon. 2017a. AWS Lambda. https://aws.amazon.com/lambda/ .

[4]

Amazon. 2017b. AWS Rekognition. https://aws.amazon.com/rekognition/ .

[5]

Apache Software Foundation. 2017. OpenWhisk. https://openwhisk.apache.org/ .

[6]

Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands. 2008. Termination-Insensitive Noninterference Leaks More Than Just a Bit. In Proc. of ESORICS 2008. Malaga, Spain, 333–348.

Digital Library

[7]

Thomas H. Austin and Cormac Flanagan. 2009. Efficient Purely-dynamic Information Flow Analysis. In Proc. of PLAS 2009. 113–124.

Digital Library

[8]

Thomas H. Austin and Cormac Flanagan. 2010. Permissive Dynamic Information Flow Analysis. In Proc. of PLAS 2010. 1–12.

Digital Library

[9]

Thomas H. Austin and Cormac Flanagan. 2012. Multiple Facets for Dynamic Information Flow. In Proc. of POPL 2012. 165–178.

Digital Library

[10]

Thomas H. Austin, Tommy Schmitz, and Cormac Flanagan. 2017. Multiple Facets for Dynamic Information Flow with Exceptions. ACM Trans. Program. Lang. Syst. 39, 3, Article 10 (May 2017), 56 pages.

Digital Library

[11]

Thomas H. Austin, Jean Yang, Cormac Flanagan, and Armando Solar-Lezama. 2013. Faceted Execution of Policy-agnostic Programs. In Proc. of PLAS. Seattle, Washington, USA, 15–26.

Digital Library

[12]

Jean Bacon, David Eyers, Thomas F. J.-M. Pasquier, Jatinder Singh, Ioannis Papagiannis, and Peter Pietzuch. 2014. Information Flow Control for Secure Cloud Computing. IEEE Transactions on Network and Service Management 11, 1 (Jan. 2014), 76–89.

[13]

Andrew Baird, Michael Connor, and Patrick Brandt. 2016. Coca-Cola: Running Serverless Applications with Enterprise Requirements. https://aws.amazon.com/serverless/videos/video- lambda- coca- cola/ .

[14]

D. Elliott Bell and Leonard J. LaPadula. 1973. Secure Computer Systems: Mathematical Foundations. Technical Report 2547. MITRE.

[15]

Nataliia Bielova and Tamara Rezk. 2016. Spot the difference: Secure multi-execution and multiple facets. In European Symposium on Research in Computer Security. Springer, 501–519.

[16]

Arnab Kumar Biswas, Dipak Ghosal, and Shishir Nagaraja. 2017. A Survey of Timing Channels and Countermeasures. ACM Comput. Surv. 50, 1 (March 2017), 6:1–6:39.

Digital Library

[17]

Aaron Bohannon, Benjamin C Pierce, Vilhelm Sjöberg, Stephanie Weirich, and Steve Zdancewic. 2009. Reactive noninterference. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 79–90.

Digital Library

[18]

Mark Boyd. 2017. iRobot Confronts the Challenges of Running Serverless at Scale. https://thenewstack.io/ irobot- confronts- challenges- running- serverless- scale/ .

[19]

Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, and Deian Stefan. 2017. Finding and Preventing Bugs in JavaScript Bindings. In Proc. of S&P 2017. 559–578.

[20]

Kuldeep Chowhan. 2016. Serverless Computing Patterns at Expedia. https://www.slideshare.net/AmazonWebServices/ aws- reinvent- 2016- serverless- computing- patterns- at- expedia- svr306 .

[21]

CNET Magazine. 2011. The PlayStation Network breach (FAQ). https://www.cnet.com/news/ the- playstation- network- breach- faq/ .

[22]

Computerworld. 2009. SQL injection attacks led to Heartland, Hannaford breaches. https://www.computerworld.com/ article/2527185/security0/sql- injection- attacks- led- to- heartland- - hannaford- breaches.html .

[23]

Computerworld. 2014. Two-factor authentication oversight led to JPMorgan breach. https://www.computerworld.com/ article/2862578/twofactor- authentication- oversight- led- to- jpmorgan- breach- investigators- reportedly- found.html .

[24]

Willem De Groef, Dominique Devriese, Nick Nikiforakis, and Frank Piessens. 2012. FlowFox: a web browser with flexible and precise information flow control. In Proc. of CCS 2012. 748–759.

Digital Library

[25]

Dorothy E Denning. 1976. A lattice model of secure information flow. Comm, of the ACM 19, 5 (1976), 236–243.

Digital Library

[26]

Dorothy E. Denning and Peter J. Denning. 1977. Certification of Programs for Secure Information Flow. Commun. ACM 20, 7 (July 1977), 504–513.

Digital Library

[27]

Dominique Devriese and Frank Piessens. 2010. Noninterference Through Secure Multi-execution. In Proc. IEEE SSP 2010. 109–124.

Digital Library

[28]

Digital Trends. 2016. The latest data breach involves the voting records of 93.4 million Mexican citizens. https://www. digitaltrends.com/computing/mexico- voting- breach/ .

[29]

Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, Frans Kaashoek, and Robert Morris. 2005. Labels and event processes in the Asbestos operating system. In Proc. of SOSP 2005.

Digital Library

[30]

Ken Ellis. 2017. How Reuters Replaced WebSockets with Amazon Cognito and SQS. https://serverless.com/blog/ how- reuters- replaced- websockets- with- amazon- cognito- and- sqs/ .

[31]

Marius Eriksen. 2013. Your server as a function. In In Proc. of PLOS 2013.

Digital Library

[32]

Fn Project. 2017. https://fnproject.io/ .

[33]

Forbes. 2014. eBay Suffers Massive Security Breach, All Users Must Change Their Passwords. https://www.forbes. com/sites/gordonkelly/2014/05/21/ebay- suffers- massive- security- breach- all- users- must- their- change- passwords/ #793467c57492 .

[34]

Forbes. 2017. How Hackers Broke Equifax: Exploiting A Patchable Vulnerability. https://www.forbes.com/sites/ thomasbrewster/2017/09/14/equifax- hack- the- result- of- patched- vulnerability/#20abe9015cda .

[35]

Sadjad Fouladi, Dan Iter, Shuvo Chatterjee, Christos Kozyrakis, Matei Zaharia, and Keith Winstein. 2017a. A Thunk to Remember: make -j1000 (and other jobs) on functions-as-a-service infrastructure (Under review). http://stanford.edu/ ~sadjad/gg- paper.pdf .

[36]

Sadjad Fouladi, Riad S. Wahby, Brennan Shacklett, Karthikeyan Vasuki Balasubramaniam, William Zeng, Rahul Bhalerao, Anirudh Sivaraman, George Porter, and Keith Winstein. 2017b. Encoding, Fast and Slow: Low-Latency Video Processing Using Thousands of Tiny Threads. In Proc. of NSDI 2017. Boston, MA, 363–376.

Digital Library

[37]

Google. 2017. Google Cloud Functions. https://cloud.google.com/functions/ .

[38]

Nevin Heintze and Jon G. Riecke. 1998. The SLam Calculus: Programming with Secrecy and Integrity. In Proc. of POPL 1998. San Diego, California, USA, 365–377.

Digital Library

[39]

Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proc. of OSDI 2016. Savannah, GA, USA, 533–549.

Digital Library

[40]

IBM. 2017. IBM Cloud Functions. https://console.bluemix.net/openwhisk/ .

[41]

Intel Corporation. 2014. Intel Software Guard Extensions Programming Reference.

[42]

Eric Jonas, Shivaram Venkataraman, Ion Stoica, and Benjamin Recht. 2017. Occupy the Cloud: Distributed Computing for the 99%. CoRR abs/1702.04024 (2017). http://arxiv.org/abs/1702.04024

[43]

Murad Kablan, Azzam Alsudais, Eric Keller, and Franck Le. 2017. Stateless Network Functions: Breaking the Tight Coupling of State and Processing. In Proc. of NSDI 2017. Boston, MA, 97–112.

Digital Library

[44]

Vineeth Kashyap, Ben Wiedermann, and Ben Hardekopf. 2011. Timing-and termination-sensitive secure information flow: Exploring a new approach. In 2011 IEEE Symposium on Security and Privacy. IEEE, 413–428.

Digital Library

[45]

McKim, John. 2017. Announcing the Winners of the Inaugural ServerlessConf Architecture Competition. https://read. acloud.guru/announcing- the- winners- of- the- inaugural- serverlessconf- architecture- competition- 1dce2db6da3 .

[46]

Microsoft. 2017. Azure Functions. https://azure.microsoft.com/services/functions/ .

[47]

Andrew C Myers. 1999. JFlow: Practical mostly-static information flow control. In Proc. of POPL 1999. 228–241.

Digital Library

[48]

Andrew C Myers and Barbara Liskov. 2000. Protecting privacy using the decentralized label model. TOSEM 9, 4 (2000), 410–442.

Digital Library

[49]

National Vulnerability Database. 2017. CVE-2017-5638. https://nvd.nist.gov/vuln/detail/CVE- 2017- 5638 .

[50]

Nordstrom Technology. 2017. Hello, Retail! https://github.com/Nordstrom/hello- retail .

[51]

Thomas Pasquier, Jean Bacon, Jatinder Singh, and David Eyers. 2016. Data-Centric Access Control for Cloud Computing. In Proc. of SACMAT 2016. Shanghai, China, 81–88.

Digital Library

[52]

PCWorld. 2010. Microsoft Cloud Data Breach Heralds Things to Come. https://www.pcworld.com/article/214775/microsoft_ cloud_data_breach_sign_of_future.html .

[53]

Andrei Sabelfeld and Andrew C Myers. 2003. Language-based information-flow security. IEEE Journal on selected areas in communications 21, 1 (2003), 5–19.

Digital Library

[54]

Andrei Sabelfeld and David Sands. 2001. A Per Model of Secure Information Flow in Sequential Programs. Higher Order Symbol. Comput. 14, 1 (March 2001), 59–91.

Digital Library

[55]

Peter Sbarski. 2017. Serverless Architectures on AWS: With examples using AWS Lambda. Manning Publications, Shelter Island, NY.

[56]

Serverless, Inc. 2017. Serverless Examples. https://github.com/serverless/examples .

[57]

Geoffrey Smith and Dennis Volpano. 1998. Secure Information Flow in a Multi-threaded Imperative Language. In Proc. of POPL 1998. San Diego, California, USA, 355–364.

Digital Library

[58]

Deian Stefan, Alejandro Russo, Pablo Buiras, Amit Levy, John C Mitchell, and David Mazieres. 2012. Addressing covert termination and timing channels in concurrent information flow systems. In ACM SIGPLAN Notices, Vol. 47. 201–214.

Digital Library

[59]

Deian Stefan, Alejandro Russo, John C. Mitchell, and David Mazières. 2011. Flexible Dynamic Information Flow Control in Haskell. In Proc. of Haskell 2011. 95–106.

Digital Library

[60]

TechRepublic. 2017. Massive Amazon S3 leaks highlight user blind spots in enterprise race to the cloud. https://www. techrepublic.com/article/massive- amazon- s3- breaches- highlight- blind- spots- in- enterprise- race- to- the- cloud/ .

[61]

The Register. 2011. RSA explains how attackers breached its systems. https://www.theregister.co.uk/2011/04/04/rsa_hack_ howdunnit/ .

[62]

Tom Van Cutsem and Mark S. Miller. 2013. Trustworthy Proxies: Virtualizing Objects with Invariants. In Proc. of ECOOP 2013. Montpellier, France, 154–178.

Digital Library

[63]

VM2 2017. VM2. https://github.com/patriksimek/vm2 .

[64]

Wikipedia. 2017a. Anthem medical data breach. https://en.wikipedia.org/wiki/Anthem_medical_data_breach .

[65]

Wikipedia. 2017b. Sony Pictures hack. https://en.wikipedia.org/wiki/Sony_Pictures_hack .

[66]

Wikipedia. 2017c. Yahoo! data breaches. https://en.wikipedia.org/wiki/Yahoo!_data_breaches .

[67]

Wired. 2016. Inside the Cyberattack That Shocked the US Government. https://www.wired.com/2016/10/ inside- cyberattack- shocked- us- government/ .

[68]

Jean Yang, Travis Hance, Thomas H. Austin, Armando Solar-Lezama, Cormac Flanagan, and Stephen Chong. 2016. Precise, Dynamic Information Flow for Database-backed Applications. In Proc. of PLDI 2016. Santa Barbara, CA, USA.

Digital Library

[69]

Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauley, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient Distributed Datasets: A Fault-tolerant Abstraction for In-memory Cluster Computing. In Proc. of NSDI 2012. San Jose, CA.

Digital Library

[70]

Stephan Arthur Zdancewic. 2002. Programming languages for information security. Ph.D. thesis, Cornell University.

[71]

ZDNet. 2015. Anatomy of the Target data breach: Missed opportunities and lessons learned. http://www.zdnet.com/article/ anatomy- of- the- target- data- breach- missed- opportunities- and- lessons- learned/ .

[72]

ZDNet. 2016. AdultFriendFinder network hack exposes 412 million accounts. http://www.zdnet.com/article/ adultfriendfinder- network- hack- exposes- secrets- of- 412- million- users .

Cited By

Alqahtani FAlmutairi MSheldon F(2024)Cloud Security Using Fine-Grained Efficient Information Flow TrackingFuture Internet10.3390/fi1604011016:4(110)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040110
Liang HZhang SLiu XCheng GMa HWang Q(2024)SMWE: A Framework for Secure and Makespan-Oriented Workflow Execution in Serverless ComputingElectronics10.3390/electronics1316324613:16(3246)Online publication date: 15-Aug-2024
https://doi.org/10.3390/electronics13163246
Deka RGhosh ANanda SBarik RSaikia M(2024)Smart Healthcare System in Server-Less Environment: Concepts, Architecture, Challenges, Future DirectionsComputers10.3390/computers1304010513:4(105)Online publication date: 19-Apr-2024
https://doi.org/10.3390/computers13040105
Show More Cited By

Index Terms

Secure serverless computing using dynamic information flow control
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control

Recommendations

On Merits and Viability of Multi-Cloud Serverless
SoCC '21: Proceedings of the ACM Symposium on Cloud Computing

Serverless computing is a rapidly growing paradigm in the cloud industry that envisions functions as the computational building blocks of an application. Instead of forcing the application developer to provision cloud resources for their application, ...
FaaSKeeper: Learning from Building Serverless Services with ZooKeeper as an Example
HPDC '24: Proceedings of the 33rd International Symposium on High-Performance Parallel and Distributed Computing

FaaS (Function-as-a-Service) revolutionized cloud computing by replacing persistent virtual machines with dynamically allocated resources. This shift trades locality and statefulness for a pay-as-you-go model more suited to variable and infrequent ...
Building a Chatbot with Serverless Computing
MOTA '16: Proceedings of the 1st International Workshop on Mashups of Things and APIs

Chatbots are emerging as the newest platform used by millions of consumers worldwide due in part to the commoditization of natural language services, which provide provide developers with many building blocks to create chatbots inexpensively. However, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 2, Issue OOPSLA

November 2018

1656 pages

EISSN:2475-1421

DOI:10.1145/3288538

Issue’s Table of Contents

Copyright © 2018 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2018

Published in PACMPL Volume 2, Issue OOPSLA

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

36
Total Citations
View Citations
1,986
Total Downloads

Downloads (Last 12 months)492
Downloads (Last 6 weeks)61

Reflects downloads up to 17 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alqahtani FAlmutairi MSheldon F(2024)Cloud Security Using Fine-Grained Efficient Information Flow TrackingFuture Internet10.3390/fi1604011016:4(110)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040110
Liang HZhang SLiu XCheng GMa HWang Q(2024)SMWE: A Framework for Secure and Makespan-Oriented Workflow Execution in Serverless ComputingElectronics10.3390/electronics1316324613:16(3246)Online publication date: 15-Aug-2024
https://doi.org/10.3390/electronics13163246
Deka RGhosh ANanda SBarik RSaikia M(2024)Smart Healthcare System in Server-Less Environment: Concepts, Architecture, Challenges, Future DirectionsComputers10.3390/computers1304010513:4(105)Online publication date: 19-Apr-2024
https://doi.org/10.3390/computers13040105
Polinsky IDatta PBates AEnck WChua TNgo CKa-Wei Lee RKumar RLauw H(2024)GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security PoliciesProceedings of the ACM Web Conference 202410.1145/3589334.3645436(1644-1655)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645436
Raffa GBlasco JO'Keeffe DDash S(2024)Towards Inter-Service Data Flow Analysis of Serverless Applications2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00072(654-658)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00072
Ashkenazi AGrolman EElyashar AMimran DBrodt OElovici YShabtai A(2024)SMART: Serverless Module Analysis and Recognition Technique for Managed Applications2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00057(442-452)Online publication date: 6-May-2024
https://doi.org/10.1109/CCGrid59990.2024.00057
Palma GGiallorenzo SMauro JTrentin MZavattaro G(2024)Function-as-a-Service Allocation Policies Made FormalLeveraging Applications of Formal Methods, Verification and Validation. REoCAS Colloquium in Honor of Rocco De Nicola10.1007/978-3-031-73709-1_19(306-321)Online publication date: 9-Oct-2024
https://doi.org/10.1007/978-3-031-73709-1_19
Ghorbian MGhobaei-Arani M(2024)A Blockchain-Enabled Serverless Security Mechanism for IoT-Based DronesBuilding Cybersecurity Applications with Blockchain and Smart Contracts10.1007/978-3-031-50733-5_3(55-82)Online publication date: 22-Feb-2024
https://doi.org/10.1007/978-3-031-50733-5_3
Bocci AForti SGuanciale RFerrari GBrogi A(2023)Secure Partitioning of Cloud Applications, with Cost Look-AheadFuture Internet10.3390/fi1507022415:7(224)Online publication date: 22-Jun-2023
https://doi.org/10.3390/fi15070224
Bocci AForti SFerrari GBrogi A(2023)Declarative Secure Placement of FaaS Orchestrations in the Cloud-Edge ContinuumElectronics10.3390/electronics1206133212:6(1332)Online publication date: 10-Mar-2023
https://doi.org/10.3390/electronics12061332
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents