Abstract
Serverless computing is one of the recent compelling paradigms in cloud computing. Serverless computing can quickly run user applications and services regardless of the underlying server architecture. Despite the availability of several commercial and open-source serverless platforms, there are still some open issues and challenges to address. One of the key concerns in serverless computing platforms is security. Therefore, in this paper, we present a multi-layer abstract model of serverless computing for an security investigation. We conduct a quantitative analysis of security risks for each layer. We observe that the Attack Tree and Attack-Defense Tree methodologies are viable approaches in this regard. Consequently, we make use of the Attack Tree and the Attack-Defense Tree to quantify the security risks and countermeasures of serverless computing. We also propose a novel measure called the Relative Risk Matrix (RRM) to quantify the probability of attack success. Stakeholders including application developers, researchers, and cloud providers can potentially apply these findings and implications to better understand and further enhance the security of serverless computing.
Original language | English |
---|---|
Article number | 140 |
Number of pages | 27 |
Journal | Journal of Cloud Computing |
Volume | 13 |
Issue number | 1 |
DOIs | |
Publication status | Published - 17 Sept 2024 |
Scopus Subject Areas
- Software
- Computer Networks and Communications
User-Defined Keywords
- Attack Tree
- Attack-Defense Tree
- FaaS
- Quantification
- Risk matrix
- Security
- Serverless computing