Overcoming Security Obstacles in Serverless Function as-a-Service (FaaS) for Healthcare Insurance

  IJCTT-book-cover
 
         
 
© 2024 by IJCTT Journal
Volume-72 Issue-10
Year of Publication : 2024
Authors : Sanjeev Kumar
DOI :  10.14445/22312803/IJCTT-V72I10P114

How to Cite?

Sanjeev Kumar, "Overcoming Security Obstacles in Serverless Function as-a-Service (FaaS) for Healthcare Insurance," International Journal of Computer Trends and Technology, vol. 72, no. 10, pp. 86-93, 2024. Crossref, https://doi.org/10.14445/22312803/IJCTT-V72I10P114

Abstract
In recent years, serverless computing, particularly FaaS, has gained much popularity as a method by which developers can develop and publish their code without having to manage any underlying infrastructure. With these conveniences and scalability opportunities come a particular set of security challenges: function-level vulnerabilities, insecure APIs, data leakage risks, improper resource permissions, and bad monitoring practices. Furthermore, the stateless nature of FaaS combined with shared environments in the cloud increases the number of attack vectors, which include injection attacks, DoS, and privilege escalation. This paper searches for general security challenges of serverless applications, especially FaaS, and provides a detailed review of best practices available to mitigate the risks. The studies are analyzed based on case study data, and the findings from security testing tools, such as OWASP ZAP and Burp Suite, which have identified the vulnerabilities of the application and measured the effectiveness of various security practices, are considered. These tools are applied in a simulated FaaS environment, and the findings are drawn from the attack frequency impact of security measures on system performance, so demonstrating how best practices such as least privilege access, API security, and encryption can really make a difference in security outcomes. Risks will be reduced, and compliance with modern security standards will be upheld by adopting a holistic, security-first approach to the design of serverless applications. This paper provides an overall roadmap for building secure and efficient FaaS with real-world examples and empirical evidence.

Keywords
Serverless Security, Function-as-a-Service (FaaS), Cloud Security, API Security, Secure architecture.

Reference

[1] Gabriele Russo Russo, Valeria Cardellini, and Francesco Lo Presti, “Serverless Functions in the Cloud-Edge Continuum: Challenges and Opportunities,” 2023 31st Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), Naples, Italy, pp. 321-328, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Xing Li, Xue Leng, and Yan Chen, “Securing Serverless Computing: Challenges, Solutions, and Opportunities,” IEEE Network, vol. 37, no. 2, pp. 166-173, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Bader Alouffi et al., “A Systematic Literature Review on Cloud Computing Security: Threats and Mitigation Strategies,” IEEE Access, vol. 9, pp. 57792-57807, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Sanjaa Bold, and Batchimeg Sosorbaram, “Security and Privacy Concerns of the Internet of Things? (IoT) in IT and its Help in the Various Sectors across the World,” International Journal of Computer Trends and Technology, vol. 68, no. 4, pp. 266-272, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Marwa A. Elsayed, and Mohammad Zulkernine “PredictDeep: Security Analytics as a Service for Anomaly Detection and Prediction,” IEEE Access, vol. 8, pp. 45184-45197, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Ben Wang et al., “Security-Aware Service Function Chaining and Embedding with Asymmetric Dedicated Protection,” IEEE Access, vol. 12, pp. 53944-53957, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Qinzhe Wu, and Lizy K. John, “Performance of Java in Function-as-a-Service Computing,” Proceeding 2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC), Vancouver, WA, USA, pp. 261-266, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Hassan B. Hassan, Saman A. Barakat, and Qusay I. Sarhan, “Survey on Serverless Computing,” Journal of Cloud Computing, vol. 10, pp. 1 29, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[9] John Michener, “Security Issues with Functions as a Service,” IT Professional, vol. 22, no. 5, pp. 24-31, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Eduard Marin, Diego Perino, and Roberto Di Pietro “Serverless Computing: A Security Perspective,” Journal of Cloud Computing, vol. 11, no. 1, pp. 1-12, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Johannes Manner et al., “Cold Start Influencing Factors in Function as a Service,” 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion), Zurich, Switzerland, pp. 181-188, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Paweł Żuk, and Krzysztof Rzadca, “Scheduling Methods to Reduce Response Latency of Function as a Service,” 2020 IEEE 32nd International Symposium on Computer Architecture and High-Performance Computing (SBAC-PAD), Porto, Portugal, pp. 132-140, 2020.
[CrossRef] [Google Scholar] [Publisher Link]