Securing Serverless Computing: Challenges, Solutions, and Opportunities

Serverless computing is a new cloud service model that reduces both cloud providers' and consumers' costs through agile development, operation, and charging mechanisms. It has been widely applied since its emergence. Nevertheless, some characteristics of serverless computing, such as fragmented application boundaries, have raised new security challenges. Considerable literature has been committed to addressing these challenges. Commercial and open-source serverless platforms implement many security measures to enhance serverless environments. This article presents the first survey of serverless security that considers both the literature and industrial security measures. We summarize the primary security challenges, analyze corresponding solutions from the literature and industry, and identify potential research opportunities. Then, we conduct a gap analysis of the academic and industrial solutions, as well as commercial and open- source serverless platforms' security capabilities. Finally, we present a complete picture of current serverless security research.