Serverless computing: a security perspective

被引:12
作者
Marin, Eduard [1 ]
Perino, Diego [1 ]
Di Pietro, Roberto [2 ]
机构
[1] Telefon Res, Barcelona, Spain
[2] Hamad Bin Khalifa Univ HBKU, Coll Sci & Engn CSE, Informat & Comp Technol ICT, Doha, Qatar
来源
JOURNAL OF CLOUD COMPUTING-ADVANCES SYSTEMS AND APPLICATIONS | 2022年 / 11卷 / 01期
关键词
Cloud computing; Serverless computing; Security; Threat models; Vulnerabilities; Architectures;
D O I
10.1186/s13677-022-00347-w
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this article we review the current serverless architectures, abstract and categorize their founding principles, and provide an in-depth security analysis. In particular, we: show the security shortcomings of the analyzed serverless architectural paradigms; point to possible countermeasures; and, highlight several research directions for practitioners, Industry, and Academia.
引用
收藏
页数:12
相关论文
共 46 条
[31]   Attribute-Based Access Control [J].
Hu, Vincent C. ;
Kuhn, D. Richard ;
Ferraiolo, David F. .
COMPUTER, 2015, 48 (02) :85-88
[32]  
Jonas Eric., 2019, CoRR
[33]   Denial of wallet-Defining a looming threat to serverless computing [J].
Kelly, Daniel ;
Glavin, Frank G. ;
Barrett, Enda .
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2021, 60
[34]   Spectre Attacks: Exploiting Speculative Execution [J].
Kocher, Paul ;
Horn, Jann ;
Fogh, Anders ;
Genkin, Daniel ;
Gruss, Daniel ;
Haas, Werner ;
Hamburg, Mike ;
Lipp, Moritz ;
Mangard, Stefan ;
Prescher, Thomas ;
Schwarz, Michael ;
Yarom, Yuval .
2019 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2019), 2019, :1-19
[35]  
Lipp M, 2018, PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM, P973
[36]  
Liu GN, 2022, PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, P35
[37]  
Lombardi F, 2015, ARTECH HSE INF SECUR, P1
[38]   Cloak & Co-locate: Adversarial Railroading of Resource Sharing-based Attacks on the Cloud [J].
Makrani, Hosein Mohammadi ;
Sayadi, Hossein ;
Nazari, Najmeh ;
Khasawneh, Khaled N. ;
Sasan, Avesta ;
Rafatirad, Setareh ;
Homayoun, Houman .
2021 INTERNATIONAL SYMPOSIUM ON SECURE AND PRIVATE EXECUTION ENVIRONMENT DESIGN (SEED 2021), 2021, :1-13
[39]  
Nam J, 2020, PROCEEDINGS OF THE 2020 USENIX ANNUAL TECHNICAL CONFERENCE, P81
[40]  
Razavi K, 2016, PROCEEDINGS OF THE 25TH USENIX SECURITY SYMPOSIUM, P1