Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.

Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

Abstract: The disclosed serverless security access control system leverages static analysis information about application code and runtime information to create and assign on-the-fly transient serverless function roles. A default role can be initially assigned to serverless functions of the application. The default role allows the function to communicate with a security access broker. The access broker accesses least privilege information about an invoked serverless function and then creates and assigns a transient role to the serverless function based on that information. The short life of the role reduces and possibly eliminates the security risk of an over-permissive role. The access broker can update the least privilege information based on updated analysis of the application code and runtime information to allow flexibility and adaptation over executions.

Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.

Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment. The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.

Abstract: The disclosed serverless security access control system leverages static analysis information about application code and runtime information to create and assign on-the-fly transient serverless function roles. A default role can be initially assigned to serverless functions of the application. The default role allows the function to communicate with a security access broker. The access broker accesses least privilege information about an invoked serverless function and then creates and assigns a transient role to the serverless function based on that information. The short life of the role reduces and possibly eliminates the security risk of an over-permissive role. The access broker can update the least privilege information based on updated analysis of the application code and runtime information to allow flexibility and adaptation over executions.

Abstract: A system facilitates detection of malicious properties of software packages. A generic application which comprises known functionality into which a software package has been included is analyzed through a static analysis and/or dynamic analysis, which is performed based on executing the generic application in a controlled environment The static analysis and/or dynamic analysis are performed to determine whether one or more properties associated with the software package comprise deviations from the known behavior of the generic application. Behavior deviations identified based on the static and/or dynamic analysis are associated with a score. An aggregate score is calculated for the software package based on the scores which have been assigned to the identified behavior deviations and may be adjusted based on a reputation multiplier determined based on metadata of the software package. If the aggregate score of the software package exceeds a score threshold, the software package is flagged as malicious.

Abstract: A method for securing a serverless application including: (a) receiving a list of components which make up the serverless application and one or more intended usage flows of the serverless application; (b) creating and applying a security policy for each component of the serverless application, the security policy denying all access requests except from authorized components, wherein the authorized components are selected based on access requirements dictated by the one or more intended usage flows.

Abstract: There is provided a method of creating a virtual machine (VM)-container guest operating system (OS) image for executing a container within a virtual machine started from above guest OS image, comprising: assembling a VM-container guest OS image based on: (i) a kernel image of a host OS currently running on a host computing device hosting the virtual machine, (ii) predefined kernel modules of the host OS that support virtualized hardware on the host computing device, (iii) host userspace applications for executing the container within the virtual machine, created from VM-container guest OS image, running on the host computing device, and (iv) container code constructions that set-up at least one of the virtual machine and the assembled VM-container guest OS image, for running of the container within the virtual machine, and executing the container within the virtual machine based on the assembled VM-container guest OS image.