Abstract
Serverless computing has brought new changes to cloud computing. The decoupled serverless functions have more flexible scheduling methods and use resources efficiently with the help of autoscaling. However, it exposes more attack surfaces. If an insecure function becomes a serverless function, a significant security risk will be brought to its service. This paper analyzes the risk of asymmetric DDoS attacks faced by insecure serverless functions. These attacks can occupy a large amount of CPU or memory resources without redundant connections. They can affect the quality of service, delay response time, or even interrupt the service. Autoscaling lacks resilience to such attacks. We test the effects of these attacks in experimental environments and Alibaba Cloud's serverless application engine (SAE). In SAE, we increase the response time from 0.2 seconds to 25 seconds or crash the target function within 6 seconds. Compared with traditional DDoS attacks, asymmetric DDoS attacks are more effective for serverless applications. Finally, we design solutions to mitigate asymmetric DDoS attacks for applications with long and short response times in serverless environments.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
