Serverless Computing Security: Protecting Application Logic

Wesley O'Meara; Ruth G. Lennon

doi:10.1109/ISSC49989.2020.9180214

Serverless Computing Security: Protecting Application Logic

Wesley O'Meara, Ruth G. Lennon

Department of Computing

Atlantic Technological University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Citations (Scopus)

Abstract

Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.

Original language	English
Title of host publication	2020 31st Irish Signals and Systems Conference, ISSC 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781728194189
DOIs	https://doi.org/10.1109/ISSC49989.2020.9180214
Publication status	Published - Jun 2020
Event	31st Irish Signals and Systems Conference, ISSC 2020 - Letterkenny, Ireland Duration: 11 Jun 2020 → 12 Jun 2020

Publication series

Name	2020 31st Irish Signals and Systems Conference, ISSC 2020

Conference

Conference	31st Irish Signals and Systems Conference, ISSC 2020
Country/Territory	Ireland
City	Letterkenny
Period	11/06/20 → 12/06/20

Keywords

application security
cloud computing
cybersecurity
function as a service
serverless

Access to Document

10.1109/ISSC49989.2020.9180214

Cite this

@inproceedings{fa12589d260d4df29449157c1cf14eae,

title = "Serverless Computing Security: Protecting Application Logic",

abstract = "Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.",

keywords = "application security, cloud computing, cybersecurity, function as a service, serverless",

author = "Wesley O'Meara and Lennon, {Ruth G.}",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 31st Irish Signals and Systems Conference, ISSC 2020 ; Conference date: 11-06-2020 Through 12-06-2020",

year = "2020",

month = jun,

doi = "10.1109/ISSC49989.2020.9180214",

language = "English",

series = "2020 31st Irish Signals and Systems Conference, ISSC 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2020 31st Irish Signals and Systems Conference, ISSC 2020",

}

O'Meara, W & Lennon, RG 2020, Serverless Computing Security: Protecting Application Logic. in 2020 31st Irish Signals and Systems Conference, ISSC 2020., 9180214, 2020 31st Irish Signals and Systems Conference, ISSC 2020, Institute of Electrical and Electronics Engineers Inc., 31st Irish Signals and Systems Conference, ISSC 2020, Letterkenny, Ireland, 11/06/20. https://doi.org/10.1109/ISSC49989.2020.9180214

Serverless Computing Security: Protecting Application Logic. / O'Meara, Wesley; Lennon, Ruth G.
2020 31st Irish Signals and Systems Conference, ISSC 2020. Institute of Electrical and Electronics Engineers Inc., 2020. 9180214 (2020 31st Irish Signals and Systems Conference, ISSC 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Serverless Computing Security

T2 - 31st Irish Signals and Systems Conference, ISSC 2020

AU - O'Meara, Wesley

AU - Lennon, Ruth G.

PY - 2020/6

Y1 - 2020/6

N2 - Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.

AB - Serverless computing enables organisations to avail of the inherent and unlimited flexibility and scalability that serverless provides, without having to consider the underlying infrastructure. However, there are security considerations that are unique to serverless architectures, that if not included early in application design, can lead to vulnerabilities which could be exposed to common attack vectors. While cloud service providers manage the security of the underlying infrastructure, it is up to the consumer to ensure that serverless applications are fully protected. We go on to discuss common attack vectors, the risks associated with misconfiguration within security and application setup, how attackers target vulnerabilities within the workflow logic of serverless applications and their functions to focus their attacks, and how consumers can implement measures to protect their applications within a serverless architecture.

KW - application security

KW - cloud computing

KW - cybersecurity

KW - function as a service

KW - serverless

UR - http://www.scopus.com/inward/record.url?scp=85092720995&partnerID=8YFLogxK

U2 - 10.1109/ISSC49989.2020.9180214

DO - 10.1109/ISSC49989.2020.9180214

M3 - Conference contribution

AN - SCOPUS:85092720995

T3 - 2020 31st Irish Signals and Systems Conference, ISSC 2020

BT - 2020 31st Irish Signals and Systems Conference, ISSC 2020

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 11 June 2020 through 12 June 2020

ER -

Serverless Computing Security: Protecting Application Logic

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this