<p>Serverless computing has revolutionized cloud application development by eliminating infrastructure management complexities. However, its dynamic and ephemeral nature introduces security challenges that are difficult to mitigate using traditional mechanisms. In particular, function vulnerabilities remain a critical concern, as attackers can exploit them to compromise applications and escalate attacks across multi-tenant environments. To address these challenges, we propose an enhanced version of Moving Functions as a Service (MoFaaS), a security mechanism that leverages Moving Target Defense (MTD) and N-Version Programming (NVP) to introduce execution diversity and improve fault tolerance in serverless applications. Additionally, we incorporate a Large Language Model (LLM)-based feedback loop to assist developers in generating diverse function variants with reduced effort. We validate our contributions through open-source Proof of Concept (PoC) implementations on Knative and conduct an extensive security and performance evaluation on a realistic serverless application. The results demonstrate that our approach effectively increases attack complexity while maintaining performance within acceptable bounds.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing Serverless Function Resilience Against Vulnerabilities with MoFaaS

  • Pedro Escaleira,
  • Vitor A. Cunha,
  • João P. Barraca,
  • Diogo Gomes,
  • Rui L. Aguiar

摘要

Serverless computing has revolutionized cloud application development by eliminating infrastructure management complexities. However, its dynamic and ephemeral nature introduces security challenges that are difficult to mitigate using traditional mechanisms. In particular, function vulnerabilities remain a critical concern, as attackers can exploit them to compromise applications and escalate attacks across multi-tenant environments. To address these challenges, we propose an enhanced version of Moving Functions as a Service (MoFaaS), a security mechanism that leverages Moving Target Defense (MTD) and N-Version Programming (NVP) to introduce execution diversity and improve fault tolerance in serverless applications. Additionally, we incorporate a Large Language Model (LLM)-based feedback loop to assist developers in generating diverse function variants with reduced effort. We validate our contributions through open-source Proof of Concept (PoC) implementations on Knative and conduct an extensive security and performance evaluation on a realistic serverless application. The results demonstrate that our approach effectively increases attack complexity while maintaining performance within acceptable bounds.