Go Serverless: Securing Cloud via Serverless Design Patterns


Sanghyun Hong, University of Maryland, College Park; Abhinav Srivastava and William Shambrook, Frame.io; Tudor DumitraČ™, University of Maryland, College Park


Due to the shared responsibility model of clouds, tenants have to manage the security of their workloads and data. Developing security solutions using VMs or containers creates further problems as these resources also need to be secured. In this paper, we advocate for taking a serverless approach by proposing six serverless design patterns to build security services in the cloud. For each design pattern, we describe the key advantages and present applications and services utilizing the pattern. Using the proposed patterns as building blocks, we introduce a threat-intelligence platform that collects logs from various sources, alerts malicious activities, and take actions against such behaviors. We also discuss the limitations of serverless design and how future implementations can overcome those limitations.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {216833,
author = {Sanghyun Hong and Abhinav Srivastava and William Shambrook and Tudor Dumitras},
title = {Go Serverless: Securing Cloud via Serverless Design Patterns},
booktitle = {10th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 18)},
year = {2018},
address = {Boston, MA},
url = {https://www.usenix.org/conference/hotcloud18/presentation/hong},
publisher = {USENIX Association},
month = jul