Serverless Computing: A Security Perspective

TL;DR

This paper reviews serverless computing architectures, analyzing their security features and shortcomings, and discusses potential countermeasures and future research directions to address security challenges.

Contribution

It provides a comprehensive security analysis of serverless architectures, highlighting unique vulnerabilities and proposing targeted security countermeasures.

Findings

Identifies security shortcomings in current serverless architectures

Highlights the need for specialized security solutions beyond traditional virtualisation

Suggests research directions for enhancing serverless security

Abstract

Serverless Computing is a virtualisation-related paradigm that promises to simplify application management and to solve the last challenges in the field: scale down and easy to use. The implied cost reduction, coupled with a simplified management of underlying applications, are expected to further push the adoption of virtualisation-based solutions, including cloud-computing or telco-cloud solutions. However, in this quest for efficiency, security is not ranked among the top priorities, also because of the (misleading) belief that current solutions developed for virtualised environments could be applied (as is) to this new paradigm. Unfortunately, this is not the case, due to the highlighted idiosyncratic features of serverless computing. In this paper, we review the current serverless architectures, abstract and categorise their founding principles, and provide an in depth analyse of them from the point of view of security, referring to principles and practices of the cybersecurity domain. In particular, we show the security shortcomings of the analysed serverless architectural paradigms, point to possible countermeasures, and highlight a few research directions.