Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Watch this 14-minute conference presentation from USENIX Security '25 that introduces CloudFlow, a novel framework for statically detecting security-sensitive data flows in serverless applications. Learn how researchers Giuseppe Raffa, Jorge Blasco, Dan O'Keeffe, and Santanu Kumar Dash address the unique security challenges posed by serverless computing, where traditional static analysis becomes complex due to event-triggered code and black-box cloud services. Discover how CloudFlow leverages infrastructure definitions to identify events, permissions, and entry points, then instruments application code using custom models for events and cloud API calls to enable analysis with general-purpose static analysis methods. Explore the evaluation results against CloudBench, a new suite of 40 microbenchmarks, and examine findings from analyzing 104 real-world applications - representing the largest security-focused analysis of serverless applications to date. Understand how the framework successfully passes nearly all microbenchmarks and detects 11 code injection and information leakage vulnerabilities in production applications, with both CloudFlow and CloudBench available as open-source tools to support future research in serverless security.
