Enhancing Serverless Function Resilience Against Vulnerabilities with MoFaaS
摘要
Serverless computing has revolutionized cloud application development by eliminating infrastructure management complexities. However, its dynamic and ephemeral nature introduces security challenges that are difficult to mitigate using traditional mechanisms. In particular, function vulnerabilities remain a critical concern, as attackers can exploit them to compromise applications and escalate attacks across multi-tenant environments. To address these challenges, we propose an enhanced version of Moving Functions as a Service (MoFaaS), a security mechanism that leverages Moving Target Defense (MTD) and N-Version Programming (NVP) to introduce execution diversity and improve fault tolerance in serverless applications. Additionally, we incorporate a Large Language Model (LLM)-based feedback loop to assist developers in generating diverse function variants with reduced effort. We validate our contributions through open-source Proof of Concept (PoC) implementations on Knative and conduct an extensive security and performance evaluation on a realistic serverless application. The results demonstrate that our approach effectively increases attack complexity while maintaining performance within acceptable bounds.