Securing Serverless Computing: Challenges, Solutions, and Opportunities

Serverless computing is a new cloud service model that reduces both cloud providers' and consumers' costs through extremely agile development, operation, and charging mechanisms and has been widely applied since its emergence. Nevertheless, some characteristics of serverless computing, such as fragmented application boundaries, have raised new security challenges. Considerable literature work has been committed to addressing these challenges. Commercial and open-source serverless platforms implement many security measures to enhance serverless environments. This paper presents the first survey of serverless security that considers both literature work and industrial security measures. We summarize the primary security challenges, analyze corresponding solutions from the literature and industry, and identify potential research opportunities. Then, we conduct a gap analysis of the academic and industrial solutions as well as commercial and open-source serverless platforms' security capabilities, and finally, we present a complete picture of current serverless security research.

[1]  Mengyuan Li,et al.  Peeking Behind the Curtains of Serverless Platforms , 2018, USENIX Annual Technical Conference.

[2]  Alexandru Agache,et al.  Firecracker: Lightweight Virtualization for Serverless Applications , 2020, NSDI.

[3]  Andrea C. Arpaci-Dusseau,et al.  The True Cost of Containing: A gVisor Case Study , 2019, HotCloud.

[4]  Stacy Patterson,et al.  Static Call Graph Construction in AWS Lambda Serverless Applications , 2019, HotCloud.

[5]  Qiang Weizhong,et al.  Se-Lambda: Securing Privacy-Sensitive Serverless Applications Using SGX Enclave , 2018 .

[6]  Chandra Krintz,et al.  Tracking Causal Order in AWS Lambda Applications , 2018, 2018 IEEE International Conference on Cloud Engineering (IC2E).

[7]  Rüdiger Kapitza,et al.  Trust more, serverless , 2019, SYSTOR.

[8]  Vinod Yegneswaran,et al.  BASTION: A Security Enforcement Network Stack for Container Networks , 2020, USENIX Annual Technical Conference.

[9]  David A. Patterson,et al.  Cloud Programming Simplified: A Berkeley View on Serverless Computing , 2019, ArXiv.

[10]  A. Khonsari,et al.  Serverless Computing: A Survey of Opportunities, Challenges, and Applications , 2019, ACM Comput. Surv..

[11]  Boris Grot,et al.  Benchmarking, analysis, and optimization of serverless function snapshots , 2021, ASPLOS.

[12]  Adam Bates,et al.  Workflow Integration Alleviates Identity and Access Management in Serverless Computing , 2020, ACSAC.

[13]  Adam Bates,et al.  Valve: Securing Function Workflows on Serverless Computing Platforms , 2020, WWW.

[14]  Han Dong,et al.  SEUSS: skip redundant paths to make serverless fast , 2020, EuroSys.

[15]  Hai Jin,et al.  Se-Lambda: Securing Privacy-Sensitive Serverless Applications Using SGX Enclave , 2018, SecureComm.