The serverless platform aims to facilitate cloud applications' straightforward deployment, scaling, and management. Unfortunately, the distributed nature of serverless computing makes it difficult to port traditional security tools directly. The existing serverless solutions primarily identify potential threats or performance bottlenecks through post-analysis of modified operating system audit logs, detection of encrypted traffic offloading, or the collection of runtime metrics. However, these methods often prove inadequate for comprehensively detecting communication violations across functions. This limitation restricts the real-time log monitoring and validation capabilities in distributed environments while impeding the maintenance of minimal communication overhead. Therefore, this paper presents FaaSMT, which aims to fill this gap by addressing research questions related to security checks and the optimization of performance and costs in serverless applications. This framework employs parallel processing for the collection of distributed data logs, incorporating Merkle Tree algorithms and heuristic optimisation methods to achieve adaptive inline security task execution. The results of experimental trials demonstrate that FaaSMT is capable of effectively identifying major attack types (e.g., Denial of Wallet (DoW) and Business Logic attacks), thereby providing comprehensive monitoring and validation of function executions while significantly reducing performance overhead.
翻译:无服务器平台旨在简化云应用程序的部署、扩展与管理。然而,无服务器计算的分布式特性使得传统安全工具难以直接移植。现有的无服务器解决方案主要通过修改操作系统审计日志的后分析、加密流量卸载检测或运行时指标收集来识别潜在威胁或性能瓶颈。但这些方法通常无法全面检测函数间的通信违规。这一局限不仅制约了分布式环境中的实时日志监控与验证能力,也阻碍了维持最低通信开销的目标。因此,本文提出FaaSMT框架,旨在通过解决无服务器应用中安全检查及性能与成本优化的相关研究问题来填补这一空白。该框架采用并行处理收集分布式数据日志,结合默克尔树算法与启发式优化方法,实现自适应的内联安全任务执行。实验结果表明,FaaSMT能够有效识别主要攻击类型(例如钱包拒绝攻击与业务逻辑攻击),从而在显著降低性能开销的同时,为函数执行提供全面的监控与验证。