Secure FaaS orchestration in the fog: how far are we?

Bocci, Alessandro; Forti, Stefano; Ferrari, Gian Luigi; Brogi, Antonio

doi:10.1007/s00607-021-00924-y

Cited by 17 publications

(7 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [ 32 ] provided a literature review on security in FaaS orchestration systems [ 32 ]. They have classified the existing works considering various criteria including the protected asset, the cause of threats, and the protection approach.…”

Section: Related Workmentioning

confidence: 99%

Deep learning approach to security enforcement in cloud workflow orchestration

Kassabi¹,

Serhani²,

Masud³

et al. 2023

J Cloud Comp

View full text Add to dashboard Cite

Supporting security and data privacy in cloud workflows has attracted significant research attention. For example, private patients’ data managed by a workflow deployed on the cloud need to be protected, and communication of such data across multiple stakeholders should also be secured. In general, security threats in cloud environments have been studied extensively. Such threats include data breaches, data loss, denial of service, service rejection, and malicious insiders generated from issues such as multi-tenancy, loss of control over data and trust. Supporting the security of a cloud workflow deployed and executed over a dynamic environment, across different platforms, involving different stakeholders, and dynamic data is a difficult task and is the sole responsibility of cloud providers. Therefore, in this paper, we propose an architecture and a formal model for security enforcement in cloud workflow orchestration. The proposed architecture emphasizes monitoring cloud resources, workflow tasks, and the data to detect and predict anomalies in cloud workflow orchestration using a multi-modal approach that combines deep learning, one class classification, and clustering. It also features an adaptation scheme to cope with anomalies and mitigate their effect on the workflow cloud performance. Our prediction model captures unsupervised static and dynamic features as well as reduces the data dimensionality, which leads to better characterization of various cloud workflow tasks, and thus provides better prediction of potential attacks. We conduct a set of experiments to evaluate the proposed anomaly detection, prediction, and adaptation schemes using a real COVID-19 dataset of patient health records. The results of the training and prediction experiments show high anomaly prediction accuracy in terms of precision, recall, and F1 scores. Other experimental results maintained a high execution performance of the cloud workflow after applying adaptation strategy to respond to some detected anomalies. The experiments demonstrate how the proposed architecture prevents unnecessary wastage of resources due to anomaly detection and prediction.

show abstract

Section: Related Workmentioning

confidence: 99%

Deep learning approach to security enforcement in cloud workflow orchestration

Kassabi¹,

Serhani²,

Masud³

et al. 2023

J Cloud Comp

View full text Add to dashboard Cite

show abstract

“…Real-world serverless platforms that are ready to be used also play an important role in the serverless adoption across its different realms of usage, and they are responsible for implementing all the other advancements in terms of security, scheduling, and efficiency in a comprehensive, ready to use package. Bocci et al provide [31] a systematic review of serverless computing platforms, focusing on supported languages, models, and methodologies to define FaaS orchestrations. Special attention is also given to security issues, but single node serverless platforms are purposefully excluded.…”

Section: Related Workmentioning

confidence: 99%

“…Even though there are research papers that deal with serverless security and evaluate isolation levels of the various platforms available today [31], the analysis of Stack Overflow [32] questions related to FaaS products suggests that developers rarely concern themselves with such topics, focusing more on the implementation and functional aspects of their applications instead. Still, many serverless platforms mandate strong runtime isolation between different serverless functions, in part mitigating such security concerns, albeit leading to reduced performance, additional function non-portability, and vendor lock-in [22].…”

Section: Related Workmentioning

confidence: 99%

IoT Serverless Computing at the Edge: A Systematic Mapping Review

2021

View full text Add to dashboard Cite

Serverless computing is a new concept allowing developers to focus on the core functionality of their code, while abstracting away the underlying infrastructure. Even though there are existing commercial serverless cloud providers and open-source solutions, dealing with the explosive growth of new Internet of Things (IoT) devices requires more efficient bandwidth utilization, reduced latency, and data preprocessing closer to the source, thus reducing the overall data volume and meeting privacy regulations. Moving serverless computing to the edge of the network is a topic that is actively being researched with the aim of solving these issues. This study presents a systematic mapping review of current progress made to this effect, analyzing work published between 01.01.2015 and 01.09.2021. Using a document selection methodology which emphasizes the quality of the papers obtained through querying several popular databases with relevant search terms, we have included 64 entries, which we then further categorized into eight main categories. Results show that there is an increasing interest in this area with rapid progress being made to solve the remaining open issues, which have also been summarized in this paper. Special attention is paid to open-source efforts, as well as open-access contributions.

show abstract

“…9. Bocci et al 2021 [5] presented an up to date overview of the existing literature on FaaS orchestrations, and their executions environments.…”

Section: An Abstract View Of Serverless Architecture Of Microservicementioning

confidence: 99%

Functionals in the Clouds: An abstract architecture of serverless Cloud-Native Apps

Ambroszkiewicz¹,

Bartyna²,

Bylka³

2021

Preprint

View full text Add to dashboard Cite

Cloud Native Application CNApp (as a distributed system) is a collection of independent components (micro-services) interacting via communication protocols. This gives rise to present an abstract architecture of CNApp as dynamically reconfigurable acyclic directed multi graph where vertices are microservices, and edges are the protocols. Generic mechanisms for such reconfigurations evidently correspond to higher-level functions (functionals). This implies also internal abstract architecture of microservice as a collection of event-triggered serverless functions (including functions implementing the protocols) that are dynamically composed into event-dependent data-flow graphs. Again, generic mechanisms for such compositions correspond to calculus of functionals and relations. 1 Computations are coming back to "virtual"clouded mainframes Contemporary mainframes are huge data centers comprising tens or hundreds of thousands of interconnected physical servers and disk arrays. Usually, they are built according to cloud architecture where almost everything is virtualized starting with IaaS, PaaS and Saas. The next virtualizations are FaaS (Function as a Service) and BaaS (Backend as a Service) that constitute a new computing paradigm called Serverless. It is based on an execution model in which an application consists of interrelated individual functions and backend services that can be managed, scaled and executed by cloud provider by automatic and dynamic allocations of compute resources. Developers (of the applications) are charged for-only the compute resources and storage needed to execute a particular piece of code. Using FaaS and BaaS, developers can effectively implement micro-services that comprise the applications. Cloud providers are responsible for deploying the code, and for an application runtime environment. The book by Brendan Burns 2018 [6] (http:// www.istrsjournal.org/wp-content/uploads/2018/06/Designing_Distributed_Systems. pdf) may serve as a classic (now a bit obsolete) introduction to this subject.There are many serverless platforms provided by main players like Amazon Web Services, Microsoft Azure, Google Cloud Platform, IBM Cloud, Alibaba, etc. as well

show abstract

Secure FaaS orchestration in the fog: how far are we?

Cited by 17 publications

References 57 publications

Deep learning approach to security enforcement in cloud workflow orchestration

Deep learning approach to security enforcement in cloud workflow orchestration

IoT Serverless Computing at the Edge: A Systematic Mapping Review

Functionals in the Clouds: An abstract architecture of serverless Cloud-Native Apps

Contact Info

Product

Resources

About