Securing Serverless Computing: Challenges, Solutions, and Opportunities

Abstract: Serverless computing is a new cloud service model that reduces both cloud providers' and consumers' costs through extremely agile development, operation, and charging mechanisms and has been widely applied since its emergence. Nevertheless, some characteristics of serverless computing, such as fragmented application boundaries, have raised new security challenges. Considerable literature work has been committed to addressing these challenges. Commercial and open-source serverless platforms implement many security measures to enhance serverless environments. This paper presents the first survey of serverless security that considers both literature work and industrial security measures. We summarize the primary security challenges, analyze corresponding solutions from the literature and industry, and identify potential research opportunities. Then, we conduct a gap analysis of the academic and industrial solutions as well as commercial and open-source serverless platforms' security capabilities, and finally, we present a complete picture of current serverless security research.