GRASP: Hardening Serverless Applications through Graph Reachability Analysis of Security Policies
Isaac Polinsky, Pubali Datta, Adam Bates, William Enck
Abstract
Serverless computing is supplanting past versions of cloud computing as the easiest way to rapidly prototype and deploy applications. However, the reentrant and ephemeral nature of serverless functions only exacerbates the challenge of correctly specifying security policies. Unfortunately, with role-based access control solutions like Amazon Identity and Access Management (IAM) already suffering from pervasive misconfiguration problems, the likelihood of policy failures in serverless applications is high.
Topics & Concepts
ReachabilityComputer scienceGRASPHardening (computing)GraphComputer securityTheoretical computer scienceProgramming languageChemistryOrganic chemistryLayer (electronics)Security and Verification in ComputingAccess Control and TrustCloud Data Security Solutions