MSc thesis presentation - Praveen Gupta

Date

Name: Praveen Gupta

Date: Nov 08, 2024

Time: 4pm-5pm

Location: ICCS 304
Zoom: https://ubc.zoom.us/j/69463213044?pwd=Lz7roTinU4Vr101E3HzbKWpawXfX52.1

Supervisors: Aastha Mehta, Mohammad Shahrad

Title: A Developer-Centric Compliance Tool for Serverless Applications

Abstract:

Serverless computing has emerged as a new paradigm that offers developers a streamlined approach to building and deploying cloud-native applications. These applications are characterized by ephemeral, stateless functions written in heterogeneous programming languages and relying on diverse cloud services for storage and communication. Although serverless computing reduces the burden of managing and scaling the infrastructure for cloud tenants, it makes it challenging to protect the application data from inadvertent leaks due to bugs, misconfigurations, and human errors. Existing cloud security tools, such as Identity and Access Management (IAM), lack observability into application-level data flows, while state- of-the-art dataflow tracking tools often require extensive platform modifications and impose substantial runtime overheads.

This work presents Growlithe, a developer-centric tool for serverless applica- tions to enable continuous compliance with data policies by design. Growlithe allows declarative specification of access and data flow control policies over a language- and platform-independent dataflow graph abstraction of a serverless appli- cation. Growlithe enforces these policies efficiently using a hybrid approach which combines static checks with deferred runtime checks when necessary.

We demonstrate that Growlithe can provide efficient policy enforcement without requiring changes to the underlying cloud platform or incurring significant performance penalties. We used Growlithe with applications using serverless functions in Python and JavaScript on Amazon Web Services and Google Cloud Platform and empirically demonstrated that Growlithe is portable, efficient, and enables developers to adapt their applications and policies to evolving requirements.