An official website of the United States government
Serverless Computing has quickly emerged as a dominant cloud computing paradigm, allowing developers to rapidly prototype event-driven applications using a composition of small functions that each perform a single logical task. However, many such application workflows are based in part on publicly-available functions developed by third-parties, creating the potential for functions to behave in unexpected, or even malicious, ways. At present, developers are not in total control of where and how their data is flowing, creating significant security and privacy risks in growth markets that have embraced serverless (e.g., IoT). As a practical means of addressing this problem, we present Valve, a serverless platform that enables developers to exert complete fine-grained control of information flows in their applications. Valve enables workflow developers to reason about function behaviors, and specify restrictions, through auditing of network-layer information flows. By proxying network requests and propagating taint labels across network flows, Valve is able to restrict function behavior without code modification. We demonstrate that Valve is able defend against known serverless attack behaviors including container reuse-based persistence and data exfiltration over cloud platform APIs with less than 2.8% runtime overhead, 6.25% deployment overhead and 2.35% teardown overhead.
more »
« less
- Home
- Search Results
- Page 1 of 1
Search for: All records
Creators/Authors contains:
"Grace, Michael"
-
Total Resources4
- Resource Type
-
0001000003000000
- More
- Availability
-
40
- Author / Contributor
- Filter by Author / Creator
-
-
Grace, Michael R. (3)
-
Richmond, Erinn K. (2)
-
Bates, Adam (1)
-
Bixby, Rebecca J. (1)
-
Compton, T. Scott (1)
-
Crossey, Laura J. (1)
-
Dahm, Clifford N. (1)
-
Datta, Pubali (1)
-
González-Pinzón, Ricardo (1)
-
Grace, Michael (1)
-
Horn, David J. (1)
-
Kelly, John J. (1)
-
Kumar, Prabuddha (1)
-
Lee, Sylvia S. (1)
-
Morris, Tristan (1)
-
Parmenter, Robert R. (1)
-
Rahmati, Amir (1)
-
Reisinger, Alexander J. (1)
-
Rosi, Emma J. (1)
-
Rosi-Marshall, Emma J. (1)
-
- Filter by Editor
-
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
(submitted - in Review for IEEE ICASSP-2024) (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
-
Summers, Betsy M.; Horn, David J.; González-Pinzón, Ricardo; Bixby, Rebecca J.; Grace, Michael R.; Sherson, Lauren R.; Crossey, Laura J.; Stone, Mark C.; Parmenter, Robert R.; Compton, T. Scott; et al (, Freshwater Science)
-
Richmond, Erinn K.; Grace, Michael R.; Kelly, John J.; Reisinger, Alexander J.; Rosi, Emma J.; Walters, David M. (, Elem Sci Anth)
-
Richmond, Erinn K.; Rosi-Marshall, Emma J.; Lee, Sylvia S.; Thompson, Ross M.; Grace, Michael R. (, Freshwater Science)
