/plushcap/analysis/cloudflare/mitigating-spectre-and-other-security-threats-the-cloudflare-workers-security-model

Mitigating Spectre and Other Security Threats: The Cloudflare Workers Security Model

What's this blog post about?

Cloudflare Workers, a serverless computing platform, has an architecture designed to ensure security when running code written by third parties. The platform uses V8 isolates for secure execution environments, which prevent code from accessing memory outside the isolate even within the same process. This allows many thousands of guest apps to be hosted on every machine with minimal overhead. Workers also employ a "layer 2" sandbox using Linux namespaces and seccomp to prohibit all access to the filesystem and network, restricting communication to local Unix domain sockets. The platform's security architecture is an ongoing project, with continuous efforts to reduce the risk and impact of future vulnerabilities.

Company
Cloudflare

Date published
July 29, 2020

Author(s)
Kenton Varda

Word count
5020

Language
English

Hacker News points
26


By Matt Makai. 2021-2024.