Guarding Serverless Applications with SecLambda
It addresses security vulnerabilities in serverless applications, which are increasingly targeted by attackers, by providing a novel protection mechanism.
The paper tackles the security challenges in serverless computing by introducing SecLambda, an extensible framework that uses local and global state to protect applications, achieving control flow integrity, credential protection, and rate limiting with relatively low performance overhead.
As an emerging application paradigm, serverless computing attracts attention from more and more attackers. Unfortunately, security tools for conventional applications cannot be easily ported to serverless, and existing serverless security solutions are inadequate. In this paper, we present \emph{SecLambda}, an extensible security framework that leverages local function state and global application state to perform sophisticated security tasks to protect an application. We show how SecLambda can be used to achieve control flow integrity, credential protection, and rate limiting in serverless applications. We evaluate the performance overhead and security of SecLambda using realistic open-source applications, and our results suggest that SecLambda can mitigate several attacks while introducing relatively low performance overhead.