PrivFlow: Secure and Privacy Preserving Serverless Workflows on Cloud

Abstract

The recent advancement of serverless computing in the widespread deployment of applications prompts the need to protect serverless workflows against cloud vulnerabilities and threats. We propose PrivFlow, a workflow-centric, privacy preserving framework to protect the information flow in serverless computing applications in semi-honest (S-PrivFlow) and malicious (M-PrivFlow) adversarial settings. An Authenticated Data Structure is used to store the valid workflows encoded in the proposed format. The validation of workflows is performed in a privacy preserving manner that leaks no sensitive information to any unauthorized user. We focus on the two most prevalent attacks on the serverless cloud platforms, namely the Denial-of-Wallet and Wrong Function Invocation attacks. We demonstrate that PrivFlow mitigates both of these attacks. Further, we evaluate PrivFlow on the popular benchmark application- Hello Retail, and a customized scaled application. Though the comparison with the state-of-the-art approaches in terms of the runtime performance shows a latency of 1.6 times for S-PrivFlow and 8 times for M-PrivFlow, the PrivFlow provides high security and privacy. PrivFlow acts as a wrapper to the application resulting in no change to the source code.