Open Collections

Gupta, Praveen Kumar

University of British Columbia

Serverless computing has emerged as a new paradigm that offers developers a streamlined approach to building and deploying cloud-native applications. These applications are characterized by ephemeral, stateless functions written in heterogeneous programming languages and relying on diverse cloud services for storage and communication. Although serverless computing reduces the burden of managing and scaling the infrastructure for cloud tenants, it makes it challenging to protect the application data from inadvertent leaks due to bugs, misconfiguration, and human errors. Existing cloud security tools, such as Identity and Access Management (IAM), lack observability into application-level data flows, while state-of-the-art dataflow tracking tools often require extensive platform modifications and impose substantial runtime overheads. This work presents Growlithe, a developer-centric tool for serverless applications to enable continuous compliance with data policies by design. Growlithe allows declarative specification of access and data flow control policies over a language- and platform-independent dataflow graph abstraction of a serverless application. Growlithe enforces these policies efficiently using a hybrid approach of static and runtime checks. We demonstrate that Growlithe can provide efficient policy enforcement without requiring changes to the underlying cloud platform or incurring significant performance penalties. We used Growlithe with applications using serverless functions in Python and JavaScript on Amazon Web Services and Google Cloud Platform and empirically demonstrated that Growlithe is portable, efficient, and enables developers to adapt their applications and policies to evolving requirements.

Text

2024-12-12

Attribution-NonCommercial-NoDerivatives 4.0 International

http://hdl.handle.net/2429/89871

Computer Science

University of British Columbia

UBCV

http://creativecommons.org/licenses/by-nc-nd/4.0/