Serverless Computing: A Security Perspective

Serverless Computing is a virtualisation-related paradigm that promises to simplify application management and to solve one of the last architectural challenges in the field: scale down. The implied cost reduction, coupled with a simplified management of underlying applications, are expected to further push the adoption of virtualisation-based solutions, including cloud-computing. However, in this quest for efficiency, security is not ranked among the top priorities, also because of the (misleading) belief that current solutions developed for virtualised environments could be applied to this new paradigm. Unfortunately, this is not the case, due to the highlighted idiosyncratic features of serverless computing. In this paper, we review the current serverless architectures, abstract their founding principles, and analyse them from the point of view of security. We show the security shortcomings of the analysed serverless architectural paradigms, and point to possible countermeasures. We believe that our contribution, other than being valuable on its own, also paves the way for further research in this domain, a challenging and relevant one for both industry and academia.