Securing Serverless Computing: Challenges, Solutions, and Opportunities
It addresses security issues in serverless computing, a widely used cloud model, by synthesizing academic and industrial insights, though it is incremental as a survey.
This paper presents the first survey of serverless security, summarizing key challenges, analyzing solutions from both literature and industry, and identifying research opportunities to provide a comprehensive overview of the field.
Serverless computing is a new cloud service model that reduces both cloud providers' and consumers' costs through extremely agile development, operation, and charging mechanisms and has been widely applied since its emergence. Nevertheless, some characteristics of serverless computing, such as fragmented application boundaries, have raised new security challenges. Considerable literature work has been committed to addressing these challenges. Commercial and open-source serverless platforms implement many security measures to enhance serverless environments. This paper presents the first survey of serverless security that considers both literature work and industrial security measures. We summarize the primary security challenges, analyze corresponding solutions from the literature and industry, and identify potential research opportunities. Then, we conduct a gap analysis of the academic and industrial solutions as well as commercial and open-source serverless platforms' security capabilities, and finally, we present a complete picture of current serverless security research.