PhD Candidate
University of Illinois Urbana-Champaign
Areas of Interest
- Operating Systems and Networking
- Security
Poster
Workflow-Centric Audit and Authorization in the Serverless Ecosystem
Abstract
Serverless computing has garnered popularity among cloud application developers for the conveniences of no infrastructure management, rapid deployment and pay-per-use model, but its security claims are less tested. The attack surface in a serverless application increases manifold due to the breakdown of a monolithic application into small units that may interact with diverse range of web artifacts and third-party services. While serverless platforms offer some visibility into the inner workings of a single function, they do not offer a microscopic view of the cross-invocation and multi-function flows within the serverless ecosystem, and consequently the immense potential of such flows in exfiltrating data is overlooked. This poster addresses the key design and security challenges in developing mechanisms to retrofit existing serverless platforms to detect and prevent such attacks. One solution discussed in this poster presents the design and implementation of a workflow-aware transparent flow control technique "Valve". Valve discovers implicit information flows within a serverless application and facilitates constituting a security policy to mediate the network activities, thus restricting insecure flow paths. The insights gained in designing Valve steered my recent efforts towards designing a workflow-aware auditing framework to explore causal paths in a serverless setting enabling fine-grained attack investigation. The key observations and initial findings in designing a workflow-centric serverless audit framework are summarized in this poster that contributes to the ongoing cloud forensics research.
Bio
Pubali Datta is a PhD student at the University of Illinois at Urbana-Champaign, where she is advised by Professor Adam Bates and is a part of The Secure & Transparent Systems Laboratory. Her research interests include system security and privacy with a focus on information flow control and analysis in modern distributed systems like Internet-of-Things and Serverless platforms. Before joining the PhD program, she worked at TCS Innovations Lab in India on several projects involving distributed mobile computing, IoT and static analysis of proprietary softwares. She obtained her B.Tech from West Bengal University of Technology in 2011 and M.E. from Jadavpur University in 2013, both in Computer Science and Engineering. She is expected to earn her PhD in Computer Science from the University of Illinois at Urbana-Champaign in May 2022. Pubali has participated in graduate internships at Samsung Research America and SRI international.
