National Cyber Warfare Foundation (NCWF)

NDSS 2025 – Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
0 user ratings		2025-12-16 20:57:04
milo
Suckurity , Blue Team (CND) , Attacks

Session 6B: Confidential Computing 1


Authors, Creators & Presenters: Maryam Rostamipoor (Stony Brook University), Seyedhamed Ghavamnia (University of Connecticut), Michalis Polychronakis (Stony Brook University)


PAPER

LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms


As the use of language-level sandboxing for running untrusted code grows, the risks associated with memory disclosure vulnerabilities and transient execution attacks become increasingly significant. Besides the execution of untrusted JavaScript or WebAssembly code in web browsers, serverless environments have also started relying on language-level isolation to improve scalability by running multiple functions from different customers within a single process. Web browsers have adopted process-level sandboxing to mitigate memory leakage attacks, but this solution is not applicable in serverless environments, as running each function as a separate process would negate the performance benefits of language-level isolation. In this paper we present LeakLess, a selective data protection approach for serverless computing platforms. LeakLess alleviates the limitations of previous selective data protection techniques by combining in-memory encryption with a separate I/O module to enable the safe transmission of the protected data between serverless functions and external hosts. We implemented LeakLess on top of the Spin serverless platform, and evaluated it with real-world serverless applications. Our results demonstrate that LeakLess offers robust protection while incurring a minor throughput decrease under stress-testing conditions of up to 2.8% when the I/O module runs on a different host than the Spin runtime, and up to 8.5% when it runs on the same host.



ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.



Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.


Permalink


The post NDSS 2025 – Selective Data Protection against Memory Leakage Attacks for Serverless Platforms appeared first on Security Boulevard.



Marc Handelman

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/12/ndss-2025-selective-data-protection-against-memory-leakage-attacks-for-serverless-platforms/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Suckurity
Blue Team (CND)
Attacks


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.