A Fully Decentralized Architecture for Access Control Verification in Serverless Environments

2022 IEEE Symposium on Computers and Communications (ISCC)(2022)

引用 1|浏览19
暂无评分
摘要
Serverless computing is a novel paradigm that has been widely adopted, in recent years, across many sectors due to its fine-grained scalability and fast time-to-market. This paradigm aims at offloading users from heavy burden tasks including those related to authentication and authorization. However, existing security mechanisms provided by cloud providers do not seem to be adequate to completely secure serverless platforms. In particular, typical access control solutions rely either on centralized authorization services or implement access control verification within the business logic. These approaches respectively degrade system performance and lead to security issues derived from the tight coupling among code and authorization verification. In this paper, we present a solution to address these problems with a fully decentralized architecture integrating access control verification in serverless environments. We implemented a prototype of the proposed architecture and evaluated its performance under different load conditions. Experiments show that our proposal outperforms other approaches.
更多
查看译文
关键词
Serverless,FaaS,Access Control,Information Flow Control,Distributed System Security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要