Growlithe: A Developer-Centric Compliance Tool for Serverless Applications
Praveen Gupta, Arshia Moghimi, Devam Sisodraker, Mohammad Shahrad, Aastha Mehta
IEEE Symposium on Security and Privacy 2025 · Day 3 · Systems Security and Access Control
The talk introduces Growlithe, an innovative compliance tool developed by researchers at the University of British Columbia, designed to empower serverless developers in meeting their data protection obligations. As serverless applications increasingly handle sensitive information like personally identifiable data, financial records, and user credentials, the unique characteristics of this paradigm—such as heterogeneity, unpredictable execution environments, and complex distributed architectures—present significant data protection challenges. Growlithe aims to address these by providing a structured, automated approach to define, enforce, and validate data access and information flow policies throughout the serverless development lifecycle.