SCIFFS: Enabling secure third-party security analytics using serverless computing

Isaac Polinsky, Pubali Datta, Adam Bates, William Enck

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Third-party security analytics allow companies to outsource threat monitoring tasks to teams of experts and avoid the costs of in-house security operations centers. By analyzing telemetry data from many clients these services are able to offer enhanced insights, identifying global trends and spotting threats before they reach most customers. Unfortunately, the aggregation that drives these insights simultaneously risks exposing sensitive client data if it is not properly sanitized and tracked. In this work, we present SCIFFS, an automated information flow monitoring framework for preventing sensitive data exposure in third-party security analytics platforms. SCIFFS performs decentralized information flow control over customer data it in a serverless setting, leveraging the innate polyinstantiated nature of serverless functions to assure precise and lightweight tracking of data flows. Evaluating SCIFFS against a proof-of-concept security analytics framework on the widely-used OpenFaaS platform, we demonstrate that our solution supports common analyst workflows data ingestion, custom dashboards, threat hunting) while imposing just 3.87% runtime overhead on event ingestion and the overhead on aggregation queries grows linearly with the number of records in the database (e.g., 18.75% for 50,000 records and 104.27% for 500,000 records) as compared to an insecure baseline. Thus, SCIFFS not only establishes a privacy-respecting model for third-party security analytics, but also highlights the opportunities for security-sensitive applications in the serverless computing model.

Original languageEnglish (US)
Title of host publicationSACMAT 2021 - Proceedings of the 26th ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages175-186
Number of pages12
ISBN (Electronic)9781450383653
DOIs
StatePublished - Jun 11 2021
Event26th ACM Symposium on Access Control Models and Technologies, SACMAT 2021 - Virtual, Online, Spain
Duration: Jun 16 2021Jun 18 2021

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference26th ACM Symposium on Access Control Models and Technologies, SACMAT 2021
Country/TerritorySpain
CityVirtual, Online
Period6/16/216/18/21

Keywords

  • Decentralized information flow control
  • Security analytics
  • Serverless computing

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint

Dive into the research topics of 'SCIFFS: Enabling secure third-party security analytics using serverless computing'. Together they form a unique fingerprint.

Cite this