Multi-Layered Security Policy Enforcement for Confidential Data in Serverless Cloud Functions
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V6I1P114Keywords:
Serverless Computing, Confidential Data, Multi-Layered Security, Policy Enforcement, AWS Lambda, Azure Functions, Function-as-a-ServiceAbstract
Serverless computing has disrupted the way clouds bring customized applications to the market because it removes the need to manage the infrastructure, allowing flexible, event-based implementations. Nevertheless, this paradigm presents new security issues, particularly, how to manage and secure confidential information. Serverless functions have ephemeral, stateless, and distributed characteristics, exposing them to an elevated level of attack surfaces, misconfigurations, and privilege escalation threats. The paper offers a complex stacked policy enforcement model that protects sensitive data in the Function-as-a-Service (FaaS) computing environment, including AWS Lambda, Azure Functions, and Google Cloud Functions. The framework suggested contains five layers interconnected with each other: authentication and access control, data classification and isolation, a context-aware policy engine, runtime tracking with anomaly detection, and audit logging with compliance verification. In deployments to production and simulated attacks (Denial-Of-Service (DoS) and API injections, and data exfiltration), we show that our system can provide high mitigation rates (up to 99.1%) at low overhead (~11.2%). We also seek to apply reinforcement learning to dynamically update the policy and fit well into DevSecOp pipelines to partake in continuous protection. We also compare the performance of cold/warm starting, cross-cloud compatibility and evolution of policy over a long time. The findings emphasize the level of protection that the layered defence offers against serverless-based applications, and they also present the potential of automated policy synthesis and edge-cloud policy extension. This work provides a scalable and extensible future of safe policy-driven serverless computing
Downloads
References
[1] Khan, S., Parkinson, S., & Crampton, A. (2017, December). A multi-layered cloud protection framework. In Companion Proceedings of the 10th International Conference on Utility and Cloud Computing (pp. 233-238).
[2] Shafiei, H., Khonsari, A., & Mousavi, P. (2022). Serverless computing: a survey of opportunities, challenges, and applications. ACM Computing Surveys, 54(11s), 1-32.
[3] Li, Z., Guo, L., Cheng, J., Chen, Q., He, B., & Guo, M. (2022). The serverless computing survey: A technical primer for design architecture. ACM Computing Surveys (CSUR), 54(10s), 1-34.
[4] Cinar, B. (2023). The Rise of Serverless Architectures: Security Challenges and Best Practices. Asian Journal of Research in Computer Science, 16(4), 194-210.
[5] Ouyang, R., Wang, J., Xu, H., Chen, S., Xiong, X., Tolba, A., & Zhang, X. (2023). A Microservice and Serverless Architecture for Secure IoT Systems. Sensors, 23(10), 4868.
[6] Yau, S. S., An, H. G., & Buduru, A. B. (2012). An approach to data confidentiality protection in cloud environments. International Journal of Web Services Research (IJWSR), 9(3), 67-83.
[7] Hossain, M. E., Kabir, M. F., Al Noman, A., Akter, N., & Hossain, Z. (2022). Enhancing Data Privacy And Security In Multi-Cloud Environments. BULLET: Jurnal Multidisiplin Ilmu, 1(05), 967-975.
[8] What Is Cloud Data Protection?, Palo Alto Networks, online. https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-data-protection
