Serverless Security Analysis for IoT Applications | SpringerLink
Skip to main content
Springer Nature Link
Log in

Serverless Security Analysis for IoT Applications

  • Conference paper
  • First Online:
Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022) (UCAmI 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 594))

Abstract

In recent years, big data technologies have focused their efforts on promoting the use of IoT devices. Thanks to the latest advances, it is a consolidated reality today and the forecast of this phenomenon will continue to grow in the coming years. However, at the security level, new threats arise that must be taken into account when we try to connect our IoT devices with services that can expose our data. For example, from a security point of view, it would be interesting to analyze the actions and events that are sent to a serverless application taking an IoT device as its origin. In this paper we analyze the main security threats on IoT platforms and how some of these threats are related to security problems in serverless applications. First, we analyze the main threats we have in IoT devices and serverless applications, finally we analyze how IoT devices could lead to a security issue in serverless applications with which it is communicating, for example by producing a Denial of wallet due to events generated in an uncontrolled way.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 22879
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 28599
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Sewak, M., Singh, S.: Winning in the Era of Serverless Computing and Function as a Service. In: 2018 3rd International Conference for Convergence in Technology (I2CT), pp. 1–5 (2018). https://doi.org/10.1109/I2CT.2018.8529465

  2. Carver, B., Zhang, J., Wang, A., Cheng, Y.: In search of a fast and efficient serverless DAG engine. In: 2019 IEEE/ACM Fourth International Parallel Data Systems Workshop (PDSW) (2019)

    Google Scholar 

  3. Mora, H., Peral, J., Ferrandez, A., Gil, D., Szymanski, J.: Distributed architectures for intensive urban computing: a case study on smart lighting for sustainable cities. IEEE Access 7, 58449–58465 (2019)

    Article  Google Scholar 

  4. Mora, H., Mora Gimeno, F.J., Signes-Pont, M.T., Volckaert, B.: Multilayer architecture model for mobile cloud computing paradigm. Complexity 2019 (2019)

    Google Scholar 

  5. AWS IoT rule actions. https://docs.aws.amazon.com/iot/latest/developerguide/iot-rule-actions.html. Accessed 23 June 2022

  6. Lambda rule action. https://docs.aws.amazon.com/iot/latest/developerguide/lambda-rule-action.html. Accessed 23 June 2022

  7. Sharaf, S.: Security issues in serverless computing architecture. Int. J. Emerg. Trends Eng. Res. 8(2) (2020)

    Google Scholar 

  8. Hassan, W.H.: Current research on Internet of Things (loT) security: a survey. Comput. Netw. 148, 283–294 (2019)

    Article  Google Scholar 

  9. Khan, M.A., Salah, K.: loT security: review blockchain solutions and open challenges. Futur. Gener. Comput. Syst. 82, 395–411 (2018)

    Article  Google Scholar 

  10. Kumar, R., Goyal, R.: On cloud security requirements threats, vulnerabilities and countermeasures: a survey. Comput. Sci. Rev. 33, 1–48 (2019)

    Article  MathSciNet  Google Scholar 

  11. Wang, Z., et al.: An empirical study on business analytics affordances enhancing the management of cloud computing data security. Int. J. Inf. Manage. 50, 387–394 (2019)

    Article  Google Scholar 

  12. Zhou, W., et al.: Discovering and understanding the security hazards in the interactions between loT devices, mobile apps and clouds on smart home platforms. In: 28th {USENIX} Security Symposium ({USENIX} Security 19) (2019)

    Google Scholar 

  13. Baseline Security Recommendations for IoT. https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot. Accessed 14 Sep 2022

  14. OWASP IoT Top 10. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf. Accessed 14 Sep 2022

  15. MITRE attack cloud matrix. https://attack.mitre.org/matrices/enterprise/cloud/. Accessed 14 Sep 2022

  16. Marin, E., Perino, D., Di Pietro, R.: Serverless Computing: A Security Perspective (2021)

    Google Scholar 

  17. Shafiei, H., Khonsari, A., Mousavi, P.: Serverless computing: a survey of opportunities, challenges, and applications. ACM Comput. Surv. 1, 1 (2021)

    Google Scholar 

  18. Serverless security risks, Sysdig (2021). https://sysdig.com/learn-cloud-native/kubernetes-security/serverless-security-risks-and-best-practices. Accessed 14 Sep 2022

  19. Denial of wallet attack. https://www.cequence.ai/use-cases/denial-of-wallet. Accessed 23 June 2022

  20. Kelly, D., Glavin, F.G., Barrett, E.: Denial of wallet—defining a looming threat to serverless computing. J. Inf. Secur. Appl. 60, 102843 (2021). ISSN 2214–2126 https://doi.org/10.1016/j.jisa.2021.102843

  21. Junjie Xiong, Mingkui Wei, Zhuo Lu, and Yao Liu.: Warmonger: inflicting denial-of-service via serverless functions in the cloud. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS 2021), November 15–19, 2021, Virtual Event, Republic of Korea, p. 15. ACM, New York, NY, USA (2021). https://doi.org/10.1145/3460120.3485372

  22. Monge, M.A.S., Vidal, J.M., Pérez, G.M.: Detection of economic denial of sustainability (EDoS) threats in self-organizing networks. Comput. Commun. 145, 284–308 (2019)

    Article  Google Scholar 

  23. Twelve Factor App Methodology. https://12factor.net. Accessed 14 Sep 2022

  24. Case Study on Cloud Migration and Improvement of Twelve-Factor App. https://www.utupub.fi/bitstream/handle/10024/152389/DI_tyo_peltotalo.pdf. Accessed 14 Sep 2022

  25. Go Serverless: Securing Cloud via Serverless Design Patterns Sanghyun Hong and Abhinav Srivastava and William Shambrook and Tudor Dumitras, HotCloud (2018). https://www.usenix.org/conference/hotcloud18/presentation/hong

Download references

Acknowledgements

This work was supported by the Spanish Research Agency (AEI) under project HPC4Industry PID2020-120213RB-I00.

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Alicante University, Alicante, Spain

    José Manuel Ortega Candel, Francisco José Mora Gimeno & Higinio Mora Mora

Authors
  1. José Manuel Ortega Candel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francisco José Mora Gimeno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Higinio Mora Mora
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to José Manuel Ortega Candel .

Editor information

Editors and Affiliations

  1. Castilla-La Mancha University, Ciudad Real, Spain

    José Bravo

  2. Computer Science Department, University of Chile, Santiago, Chile

    Sergio Ochoa

  3. CICESE, Ensenada, Mexico

    Jesús Favela

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Candel, J.M.O., Gimeno, F.J.M., Mora Mora, H. (2023). Serverless Security Analysis for IoT Applications. In: Bravo, J., Ochoa, S., Favela, J. (eds) Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022). UCAmI 2022. Lecture Notes in Networks and Systems, vol 594. Springer, Cham. https://doi.org/10.1007/978-3-031-21333-5_39

Download citation

Publish with us

Policies and ethics

Search

Navigation