Understanding Serverless Computing and OpenFaaS
Serverless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application logic without the need to provision or manage any servers. Serverless computing can quickly run user applications and services regardless of the underlying server architecture. Despite the availability of several commercial and open-source serverless platforms, there are still some open issues and challenges to address.
One of the key concerns in serverless computing platforms is security. Serverless computing exacerbates the trend of customers distrusting cloud service providers’ security measures, as users have even less visibility and control over the underlying infrastructure. Therefore, in this paper, we present a multi-layer abstract model of serverless computing for a security investigation. We conduct a quantitative analysis of security risks for each layer.
We observe that the Attack Tree and Attack-Defense Tree methodologies are viable approaches in this regard. Consequently, we make use of the Attack Tree and the Attack-Defense Tree to quantify the security risks and countermeasures of serverless computing. We also propose a novel measure called the Relative Risk Matrix (RRM) to quantify the probability of attack success. Stakeholders including application developers, researchers, and cloud providers can potentially apply these findings and implications to better understand and further enhance the security of serverless computing.
Serverless Computing and OpenFaaS
The serverless computing paradigm has received a lot of attention since its birth. Both the rise of the 5G and 6G era and the popularity of various edge devices make the industry and academia pay more and more attention to this new computing paradigm. Serverless computing has gained popularity through the concept of Function-as-a-Service (FaaS), which requires a smaller domain to manage traditional Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Enthusiastically, it allows developers to focus on the core security logic of the application, regardless of virtual machine (VM) or cloud server infrastructure.
One of the most popular open-source serverless frameworks is OpenFaaS. OpenFaaS makes it easy for developers to deploy functions and microservices regardless of the underlying infrastructure and servers. Developers can package code and binaries into Docker images and deploy them to OpenFaaS for autoscaling and metrics monitoring. OpenFaaS supports most container choreography platforms, such as Kubernetes, OpenShift, and Docker Swarm.
The core of OpenFaaS consists of two parts: API gateway and Watchdog. The former is responsible for routing function of the API, autosacling, and providing various metrics of the function. The latter is responsible for starting and monitoring OpenFaaS functions, and the watchdog can turn any binary into a function, similar to a simple initialization process.
Security Quantification Mechanism
To quantify the security of serverless computing, our main goal is to find an intuitive measure to do it. We have used attack defense trees to model some of the risks of serverless computing and have visualized them with ADTool.
An important question is how to assign an appropriate probability value to each risk. We applied the risk matrix to each risk in the attack tree to get the risk probability values. Then, we propose a new quantitative measure called Relative Risk Matrix (RRM) to evaluate the probability of risk effectively and efficiently.
The proposed measure can be described step by step:
- Compute the matrix value by multiplying the evaluation factor values. The three factors are Vulnerability Severity, Consequence Impact, and Exploitability.
- Standardize these matrix values to conform to a standard normal distribution.
- Use the Cumulative Distribution Function (CDF) to generate probabilities from these standardized values.
This novel integration of relative risk matrix and attack modelling techniques provides an enhanced understanding of the security landscape in serverless computing environments, a necessary step towards mitigating potential threats.
Security Quantification of Serverless Computing
In the following sections, we conduct a security quantification for serverless computing. Leveraging the RRM that we developed, we assess potential probabilities associated with various risk events. This information is then modeled and analyzed using Attack Trees and Attack Defense Trees methodology.
Cloud Layer
The security challenges that Serverless Computing faces first come from the Cloud Layer. Cloud computing presents plenty of security issues and challenges. The security problems relate to the cloud model architecture, multi-tenancy, elasticity, and layer dependency stack.
We find three perspectives in cloud computing that would have threats, and there is a great deal of attack to be put into effect:
- Attack of CSP side: Focuses on the risks that may occur in the cloud service provider (CSP) while their platform, infrastructure, application, or storage services might have some vulnerabilities.
- Attack of cloud user side: Produces the risks in cloud users while users do not secure their credentials and secrets properly.
- Other attacks: Are related to emergencies which are not caused by the CSP or cloud users.
We model potential threats in serverless computing by using an attack tree approach.
After using the attack tree to point out some security risks in the Cloud layer of Serverless Computing, we also find some countermeasures to eliminate or mitigate these risks. Thus, we model an attack-defense tree for it.
Container Infrastructure Layer
The next layer is the Container Infrastructure Layer. Container technology and container orchestration are popular concepts in cloud computing. The prosperous of the container ecosystem accelerated the development of container technology in the last decade. Docker is the most prevalent representative of container technology.
On the other hand, Kubernetes is the fastest-growing project and the most famous container orchestration framework which is mature in production in arranging containerized applications. As a rapidly evolving and iterative cloud native project, Kubernetes Infrastructure security has a high priority in the community and industry.
In the container infrastructure layer of serverless computing, we analyze the security risks from the container side and the Kubernetes side while these two sides are the fundamental of FaaS. We construct an attack tree and an attack-defense tree for the container infrastructure layer of serverless computing.
Serverless Layer
After the analysis of the cloud layer and container infrastructure layer, the perspective moves to the Serverless Layer which is the layer where the serverless framework such as OpenFaaS, Kubeless, Fission, or any other is aligned/integrated with the serverless computing stack.
Security issues primarily exist in four components of OpenFaaS: the OpenFaaS gateway, NATS streaming, OpenFaaS provider, and Watchdog.
Access Layer
The Access Layer offers users the ability to access serverless computing services via a variety of intelligent network devices. Today, people have access to the Internet from anywhere at any time. With the rapid development of the network and the diversification of devices, rich access devices such as smart TVs, fixed workstations, personal computers, tablets, and smartphones can easily interact with the Internet.
Although we have a general way to build some attack scenarios and countermeasures, we will not conduct in-depth modeling of this layer and analyze related security risks and defense measures in consideration of the complexity of the device and the importance that users attach to this layer.
Conclusion and Future Works
In this paper, we present a new measure of quantitative analysis in order to objectively quantify the analysis of serverless computing systems. The quantification measure of relative risk matrix, relative risk mitigation matrix, and probability of success directly shows the risk probability of each layer in serverless computing.
We have discussed the results of the security quantification analysis. Based on these results, we also propose some suggestions on how to improve the security of serverless computing systems. We also appeal to enterprises and communities to pay more attention to the security of serverless computing to protect all stakeholders and mitigate losses when risks occur.
In the future, we plan to perform a comparative study between our study and other quantitative methods in the security field. We would also perform comprehensive penetration testing to evaluate and validate our analysis that is more convincingly judge the security of serverless computing systems. Additionally, we plan to derive the minimum cost of attack and the minimum cost of defense while mitigating all the attacks/risks, and perform a comparative analysis with the study of Meng et al.
