2022
DOI: 10.1186/s13677-022-00347-w
|View full text |Cite
|
Sign up to set email alerts
|

Serverless computing: a security perspective

Abstract: In this article we review the current serverless architectures, abstract and categorize their founding principles, and provide an in-depth security analysis. In particular, we: show the security shortcomings of the analyzed serverless architectural paradigms; point to possible countermeasures; and, highlight several research directions for practitioners, Industry, and Academia.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
11
0
4

Year Published

2022
2022
2024
2024

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 32 publications
(15 citation statements)
references
References 16 publications
0
11
0
4
Order By: Relevance
“…175 With numerous components and the nature of function triggering, serverless computing exposes a large attack surface compared to its predecessors. 176 Poorly-designed functions meant for internal purposes often lack authentication and can be attacked via a direct triggering or an injection attack. 177 Meanwhile, the fact that serverless functions are stateless and short-lived limits the time available to attackers and the impact of successful attacks.…”
Section: Trustworthinessmentioning
confidence: 99%
See 1 more Smart Citation
“…175 With numerous components and the nature of function triggering, serverless computing exposes a large attack surface compared to its predecessors. 176 Poorly-designed functions meant for internal purposes often lack authentication and can be attacked via a direct triggering or an injection attack. 177 Meanwhile, the fact that serverless functions are stateless and short-lived limits the time available to attackers and the impact of successful attacks.…”
Section: Trustworthinessmentioning
confidence: 99%
“…Security is one of the criteria for developers in selecting a serverless platform 175 . With numerous components and the nature of function triggering, serverless computing exposes a large attack surface compared to its predecessors 176 . Poorly‐designed functions meant for internal purposes often lack authentication and can be attacked via a direct triggering or an injection attack 177 .…”
Section: Potential Future Research Directionsmentioning
confidence: 99%
“…La idea central de BaaS es proporcionar a los desarrolladores de software un conjunto de servicios y herramientas (por ejemplo, bases de datos, API (Application Program Interface), almacenamiento de archivos o notificaciones push) para facilitar y acelerar el desarrollo de aplicaciones móviles y web. En cuanto a FaaS, se centra en permitir a los desarrolladores de software desplegar y ejecutar sus propias funciones en la nube (sin perjuicio que que las funciones también pueden utilizar servicios adicionales como los ofrecidos en BaaS) (Marin et al, 2022).…”
Section: "Computación Sin Servidor" Evolución De La Computación En La...unclassified
“…Una plataforma "sin servidores" se compone al menos de cinco componentes: (Marin et al, 2022) • Funciones -Las funciones suelen ejecutarse dentro de un entorno de ejecución aislado y recién generado (por ejemplo, un contenedor) dentro de un nodo operacional. Los adversarios externos suelen llevar a cabo sus ataques desde fuera de la nube aprovechando los campos de entrada controlados por el usuario en cualquiera de las APIs existentes que se ofrecen para gestionar eventos.…”
Section: "Computación Sin Servidor" Evolución De La Computación En La...unclassified
See 1 more Smart Citation