Toward security quantification of serverless computing

Kan Ni, Subrota Kumar Mondal*, H. M. Dipu Kabir, Tian Tan, Hong Ning Dai

*Corresponding author for this work

Research output: Contribution to journalJournal articlepeer-review

Abstract

Serverless computing is one of the recent compelling paradigms in cloud computing. Serverless computing can quickly run user applications and services regardless of the underlying server architecture. Despite the availability of several commercial and open-source serverless platforms, there are still some open issues and challenges to address. One of the key concerns in serverless computing platforms is security. Therefore, in this paper, we present a multi-layer abstract model of serverless computing for an security investigation. We conduct a quantitative analysis of security risks for each layer. We observe that the Attack Tree and Attack-Defense Tree methodologies are viable approaches in this regard. Consequently, we make use of the Attack Tree and the Attack-Defense Tree to quantify the security risks and countermeasures of serverless computing. We also propose a novel measure called the Relative Risk Matrix (RRM) to quantify the probability of attack success. Stakeholders including application developers, researchers, and cloud providers can potentially apply these findings and implications to better understand and further enhance the security of serverless computing.

Original languageEnglish
Article number140
Number of pages27
JournalJournal of Cloud Computing
Volume13
Issue number1
DOIs
Publication statusPublished - 17 Sept 2024

Scopus Subject Areas

  • Software
  • Computer Networks and Communications

User-Defined Keywords

  • Attack Tree
  • Attack-Defense Tree
  • FaaS
  • Quantification
  • Risk matrix
  • Security
  • Serverless computing

Cite this