{"title":"无服务器计算中的工作流敏感访问管理","authors":"Anisha Kumari, Md. Akram Khan, B. Sahoo","doi":"10.1109/iSSSC56467.2022.10051255","DOIUrl":null,"url":null,"abstract":"In recent years, serverless computing has been emerging as a most profitable cloud framework, which drastically improves the development and deployment policy of online services, but as a result, it is highly exposed to tempting targets for attackers. These attackers are proposing innovative strategies to get beyond the transitory nature of serverless activities by taking advantage of container reuse for the execution of stateless functions. The external request for function invocation must be extensively verified to protect the valuable resources from attackers. Traditional access management policy usually checks the individual inbound request for function invocation by ignoring other dependencies associated with the complete workflow. In this paper, we have proposed a two-phase workflow sensitive access management (WAM) policy that provides authentication tokens and checks whether the incoming request possesses all the necessary permission or not. WAM is based on a state-dependency graph which is a representation of allowable permission required to make transitions among the functions in the workflow. AWS Lambda is considered as the base framework where WAM policy is integrated. The effectiveness of WAM is verified using four real-world serverless applications and the performance is extensively compared with other standard serverless frameworks like Openwhisk, Openfaas, and Microsoft Azure.","PeriodicalId":334645,"journal":{"name":"2022 IEEE 2nd International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC)","volume":" 23","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Workflow Sensitive Access Management in Serverless Computing\",\"authors\":\"Anisha Kumari, Md. Akram Khan, B. Sahoo\",\"doi\":\"10.1109/iSSSC56467.2022.10051255\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, serverless computing has been emerging as a most profitable cloud framework, which drastically improves the development and deployment policy of online services, but as a result, it is highly exposed to tempting targets for attackers. These attackers are proposing innovative strategies to get beyond the transitory nature of serverless activities by taking advantage of container reuse for the execution of stateless functions. The external request for function invocation must be extensively verified to protect the valuable resources from attackers. Traditional access management policy usually checks the individual inbound request for function invocation by ignoring other dependencies associated with the complete workflow. In this paper, we have proposed a two-phase workflow sensitive access management (WAM) policy that provides authentication tokens and checks whether the incoming request possesses all the necessary permission or not. WAM is based on a state-dependency graph which is a representation of allowable permission required to make transitions among the functions in the workflow. AWS Lambda is considered as the base framework where WAM policy is integrated. The effectiveness of WAM is verified using four real-world serverless applications and the performance is extensively compared with other standard serverless frameworks like Openwhisk, Openfaas, and Microsoft Azure.\",\"PeriodicalId\":334645,\"journal\":{\"name\":\"2022 IEEE 2nd International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC)\",\"volume\":\" 23\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 2nd International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/iSSSC56467.2022.10051255\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 2nd International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iSSSC56467.2022.10051255","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Workflow Sensitive Access Management in Serverless Computing
In recent years, serverless computing has been emerging as a most profitable cloud framework, which drastically improves the development and deployment policy of online services, but as a result, it is highly exposed to tempting targets for attackers. These attackers are proposing innovative strategies to get beyond the transitory nature of serverless activities by taking advantage of container reuse for the execution of stateless functions. The external request for function invocation must be extensively verified to protect the valuable resources from attackers. Traditional access management policy usually checks the individual inbound request for function invocation by ignoring other dependencies associated with the complete workflow. In this paper, we have proposed a two-phase workflow sensitive access management (WAM) policy that provides authentication tokens and checks whether the incoming request possesses all the necessary permission or not. WAM is based on a state-dependency graph which is a representation of allowable permission required to make transitions among the functions in the workflow. AWS Lambda is considered as the base framework where WAM policy is integrated. The effectiveness of WAM is verified using four real-world serverless applications and the performance is extensively compared with other standard serverless frameworks like Openwhisk, Openfaas, and Microsoft Azure.