Workflow Sensitive Access Management in Serverless Computing

In recent years, serverless computing has been emerging as a most profitable cloud framework, which drastically improves the development and deployment policy of online services, but as a result, it is highly exposed to tempting targets for attackers. These attackers are proposing innovative strategies to get beyond the transitory nature of serverless activities by taking advantage of container reuse for the execution of stateless functions. The external request for function invocation must be extensively verified to protect the valuable resources from attackers. Traditional access management policy usually checks the individual inbound request for function invocation by ignoring other dependencies associated with the complete workflow. In this paper, we have proposed a two-phase workflow sensitive access management (WAM) policy that provides authentication tokens and checks whether the incoming request possesses all the necessary permission or not. WAM is based on a state-dependency graph which is a representation of allowable permission required to make transitions among the functions in the workflow. AWS Lambda is considered as the base framework where WAM policy is integrated. The effectiveness of WAM is verified using four real-world serverless applications and the performance is extensively compared with other standard serverless frameworks like Openwhisk, Openfaas, and Microsoft Azure.