{"title":"Serverless Computing Security: Protecting Application Logic","authors":"Wesley O'Meara, Ruth G. Lennon","doi":"10.1109/ISSC49989.2020.9180214","DOIUrl":null,"url":null,"abstract":"Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.","PeriodicalId":351013,"journal":{"name":"2020 31st Irish Signals and Systems Conference (ISSC)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 31st Irish Signals and Systems Conference (ISSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSC49989.2020.9180214","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.