BAMBDA: A Real-Time Verification Framework for Serverless Computing

Serverless environments are rapidly emerging as the new paradigm for cloud computing due to their automatic scalability, cost efficiency, and ease of operation. However, IAM-based privilege management and event-driven execution mechanisms can introduce security vulnerabilities. In particular, complex inter-functional call relationships expose systems to attacks such as privilege abuse and event call condition exploitation. These attacks often occur dynamically at runtime, making them difficult to address with static defenses. Existing static analysis methods attempt to mitigate these risks, but are inherently limited in capturing dynamic attacks that occur at runtime. In this paper, we propose BAMBDA, a dynamic security framework for serverless environments that prevents privilege abuse and chained function call attacks. BAMBDA performs real-time function call verification through centralized logging and automated code injection based on application-specific log groups. Specifically, we introduce a multi-step verification process that distinguishes between direct calls, event-driven calls, and API calls, effectively preventing unauthorized attacks without requiring additional security configurations from developers. Experiments conducted in AWS Lambda environments demonstrate that BAMBDA effectively defends against privilege abuse and chained function call attacks, achieving practical deployment with minimal performance overhead of 8.12% under warm start conditions.