Serverless Computing is a virtualisation-related paradigm that promises to
simplify application management and to solve one of the last architectural
challenges in the field: scale down. The implied cost reduction, coupled with a
simplified management of underlying applications, are expected to further push
the adoption of virtualisation-based solutions, including cloud-computing.
However, in this quest for efficiency, security is not ranked among the top
priorities, also because of the (misleading) belief that current solutions
developed for virtualised environments could be applied to this new paradigm.
Unfortunately, this is not the case, due to the highlighted idiosyncratic
features of serverless computing.
In this paper, we review the current serverless architectures, abstract their
founding principles, and analyse them from the point of view of security. We
show the security shortcomings of the analysed serverless architectural
paradigms, and point to possible countermeasures. We believe that our
contribution, other than being valuable on its own, also paves the way for
further research in this domain, a challenging and relevant one for both
industry and academia.
Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Marin_E/0/1/0/all/0/1">Eduard Marin</a>, <a href="http://arxiv.org/find/cs/1/au:+Perino_D/0/1/0/all/0/1">Diego Perino</a>, <a href="http://arxiv.org/find/cs/1/au:+Pietro_R/0/1/0/all/0/1">Roberto Di Pietro</a>