ALPS: Automated Least-Privilege Enforcement for Securing Serverless Functions

Computer Science > Cryptography and Security [Submitted on 26 Mar 2026] ALPS: Automated Least-Privilege Enforcement for Securing Serverless Functions Changhee Shin, Bom Kim, Seungsoo Lee Serverless computing is increasingly adopted for AI-driven workloads due to its automatic scaling and pay-as-you-go model. However, its function-based architecture creates significant security risks, including excessive privilege allocation and poor permission management. In this paper, we present ALPS, an automated framework for enforcing least privilege in serverless environments. Our system employs serverless-tailored static analysis to extract precise permission requirements from function code and a fine-tuned Large Language Model (LLM) to generate language- and vendor-specific security policies. It also performs real-time monitoring to block unauthorized access and adapt to policy or code changes, supporting heterogeneous cloud providers and programming languages. In an evaluation of 8,322 real-world functions across AWS, Google Cloud, and Azure, ALPS achieved 94.8\% coverage for least-privilege extraction, improved security logic generation quality by 220\% (BLEU), 124\% (ChrF++) and 100\% (ROUGE-2), and added minimum performance overhead. These results demonstrate that ALPS provides an effective, practical, and vendor-agnostic solution for securing serverless workloads. Comments: Accepted at IEEE INFOCOM 2026 Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2603.25393 [cs.CR]   (or arXiv:2603.25393v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.25393 Focus to learn more Submission history From: Changhee Shin [view email] [v1] Thu, 26 Mar 2026 12:39:58 UTC (1,919 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)