Xing Li,Xue Leng,Yan Chen

DOI: https://doi.org/10.1109/mnet.005.2100335

IF: 10.294

2022-01-01

IEEE Network

Abstract:Serverless computing is a new cloud service model that reduces both cloud providers' and consumers' costs through agile development, operation, and charging mechanisms. It has been widely applied since its emergence. Nevertheless, some characteristics of serverless computing, such as fragmented application boundaries, have raised new security challenges. Considerable literature has been committed to addressing these challenges. Commercial and open-source serverless platforms implement many security measures to enhance serverless environments. This article presents the first survey of serverless security that considers both the literature and industrial security measures. We summarize the primary security challenges, analyze corresponding solutions from the literature and industry, and identify potential research opportunities. Then, we conduct a gap analysis of the academic and industrial solutions, as well as commercial and open-source serverless platforms' security capabilities. Finally, we present a complete picture of current serverless security research.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Maciej Malawski,Bartosz Balis

DOI: https://doi.org/10.48550/arXiv.2309.01681

2023-09-04

Distributed, Parallel, and Cluster Computing

Abstract:Serverless computing has become an important model in cloud computing and influenced the design of many applications. Here, we provide our perspective on how the recent landscape of serverless computing for scientific applications looks like. We discuss the advantages and problems with serverless computing for scientific applications, and based on the analysis of existing solutions and approaches, we propose a science-oriented architecture for a serverless computing framework that is based on the existing designs. Finally, we provide an outlook of current trends and future directions.

Zijun Li,Linsong Guo,Jiagan Cheng,Quan Chen,Minyi Guo,BingSheng He

DOI: https://doi.org/10.1145/3508360

IF: 16.6

2022-01-14

ACM Computing Surveys

Abstract:The development of cloud infrastructures inspires the emergence of cloud-native computing. As the most promising architecture for deploying microservices, serverless computing has recently attracted more and more attention in both industry and academia. Due to its inherent scalability and flexibility, serverless computing becomes attractive and more pervasive for ever-growing Internet services. Despite the momentum in the cloud-native community, the existing challenges and compromises still wait for more advanced research and solutions to further explore the potentials of the serverless computing model. As a contribution to this knowledge, this article surveys and elaborates the research domains in the serverless context by decoupling the architecture into four stack layers: Virtualization, Encapsule, System Orchestration, and System Coordination. Inspired by the security model, we highlight the key implications and limitations of these works in each layer, and make suggestions for potential challenges to the field of future serverless computing.

computer science, theory & methods

Paul Castro,Vatche Ishakian,Vinod Muthusamy,Aleksander Slominski

DOI: https://doi.org/10.48550/arXiv.1906.02888

2019-06-07

Distributed, Parallel, and Cluster Computing

Abstract:Serverless computing -- an emerging cloud-native paradigm for the deployment of applications and services -- represents an evolution in cloud application development, programming models, abstractions, and platforms. It promises a real pay-as-you-go billing (with millisecond granularity) with no waste of resources, and lowers the bar for developers by asking them to delegate all their operational complexity and scalability to the cloud provider. Delivering on these promises comes at the expense of restricting functionality. In this article we provide an overview of serverless computing, its evolution, general architecture, key characteristics and uses cases that made it an attractive option for application development. Based on discussions with academics and industry experts during a series of organized serverless computing workshops (WoSC), we also identify the technical challenges and open problems.

Yongkang Li,Yanying Lin,Yang Wang,Kejiang Ye,Cheng-Zhong Xu

DOI: https://doi.org/10.1109/tsc.2022.3166553

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Serverless computing is growing in popularity by virtue of its lightweight and simplicity of management. It achieves these merits by reducing the granularity of the computing unit to the function level. Specifically, serverless allows users to focus squarely on the function itself while leaving other cumbersome management and scheduling issues to the platform provider, who is responsible for striking a balance between high-performance scheduling and low resource cost. In this article, we conduct a comprehensive survey of serverless computing with a particular focus on its infrastructure characteristics. Whereby some existing challenges are identified, and the associated cutting-edge solutions are analyzed. With these results, we further investigate some typical open-source frameworks and study how they address the identified challenges. Given the great advantages of serverless computing, it is expected that its deployment would dominate future cloud platforms. As such, we also envision some promising research opportunities that need to be further explored in the future. We hope that our work in this article can inspire those researchers and practitioners who are engaged in related fields to appreciate serverless computing, thereby setting foot in this promising area and making great contributions to its development.

computer science, information systems, software engineering

Johann Schleier-Smith,Vikram Sreekanti,Anurag Khandelwal,Joao Carreira,Neeraja J. Yadwadkar,Raluca Ada Popa,Joseph E. Gonzalez,Ion Stoica,David A. Patterson

DOI: https://doi.org/10.1145/3406011

IF: 22.7

2021-05-01

Communications of the ACM

Abstract:The evolution that serverless computing represents, the economic forces that shape it, why it could fail, and how it might fulfill its potential.

computer science, theory & methods, software engineering, hardware & architecture

Jinfeng Wen,Zhenpeng Chen,Xuanzhe Liu

DOI: https://doi.org/10.48550/arxiv.2207.13263

2022-01-01

Abstract: Serverless computing is an emerging cloud computing paradigm that has been applied to various domains, including machine learning, scientific computing, video processing, etc. To develop serverless computing-based software applications (a.k.a., serverless applications), developers follow the new cloud-based software architecture, where they develop event-driven applications without the need for complex and error-prone server management. The great demand for developing serverless applications poses unique challenges to software developers. However, Software Engineering (SE) has not yet wholeheartedly tackled these challenges. In this paper, we outline a vision for how SE can facilitate the development of serverless applications and call for actions by the SE research community to reify this vision. Specifically, we discuss possible directions in which researchers and cloud providers can facilitate serverless computing from the SE perspective, including configuration management, data security, application migration, performance, testing and debugging, etc.

Sina Ahmadi,

DOI: https://doi.org/10.47191/ijcsrr/v7-i1-23

2024-01-11

International Journal of Current Science Research and Review

Abstract:This research study explores the challenges and solutions related to serverless computing so that the computer systems connected to the network can be protected. Serverless computing can be defined as a method of managing computer services without the need to have fixed servers. The qualitative research method is used by this research study, which does not include any numerical data and involves the examination of non-number data so that the network security challenges can be identified in detail. In the literature review, the past studies from 2019 to 2023 are reviewed to identify study gaps so that the foundation for investigating serverless network security. The literature review is based on thematic analysis, so all the data can be organized into meaningful themes. The findings of this research study include the solutions to the challenges like data privacy, insecure dependencies and limited control. The strategies to overcome these challenges include encryption, strong monitoring and other relevant strategies. This research study also suggests the use of blockchain technology and Artificial Intelligence. In short, this research study provides insights to improve serverless computing security and also guides future researchers to innovate creative solutions for developing security challenges.

Jinfeng Wen,Zhenpeng Chen,Xin Jin,Xuanzhe Liu

DOI: https://doi.org/10.48550/arXiv.2206.12275

2022-12-16

Abstract:Serverless computing is an emerging cloud computing paradigm, being adopted to develop a wide range of software applications. It allows developers to focus on the application logic in the granularity of function, thereby freeing developers from tedious and error-prone infrastructure management. Meanwhile, its unique characteristic poses new challenges to the development and deployment of serverless-based applications. To tackle these challenges, enormous research efforts have been devoted. This paper provides a comprehensive literature review to characterize the current research state of serverless computing. Specifically, this paper covers 164 papers on 17 research directions of serverless computing, including performance optimization, programming framework, application migration, multi-cloud development, testing and debugging, etc. It also derives research trends, focus, and commonly-used platforms for serverless computing, as well as promising research opportunities.

Software Engineering

Danielle Lavi,Oleg Brodt,Dudu Mimran,Yuval Elovici,Asaf Shabtai

2024-08-06

Abstract:Serverless computing is an emerging cloud paradigm with serverless functions at its core. While serverless environments enable software developers to focus on developing applications without the need to actively manage the underlying runtime infrastructure, they open the door to a wide variety of security threats that can be challenging to mitigate with existing methods. Existing security solutions do not apply to all serverless architectures, since they require significant modifications to the serverless infrastructure or rely on third-party services for the collection of more detailed data. In this paper, we present an extendable serverless security threat detection model that leverages cloud providers' native monitoring tools to detect anomalous behavior in serverless applications. Our model aims to detect compromised serverless functions by identifying post-exploitation abnormal behavior related to different types of attacks on serverless functions, and therefore, it is a last line of defense. Our approach is not tied to any specific serverless application, is agnostic to the type of threats, and is adaptable through model adjustments. To evaluate our model's performance, we developed a serverless cybersecurity testbed in an AWS cloud environment, which includes two different serverless applications and simulates a variety of attack scenarios that cover the main security threats faced by serverless functions. Our evaluation demonstrates our model's ability to detect all implemented attacks while maintaining a negligible false alarm rate.

Cryptography and Security,Machine Learning

Mingyu Wu,Zeyu Mi,Yubin Xia

DOI: https://doi.org/10.1109/JCC49151.2020.00023

2020-01-01

Abstract:Serverless computing is known as an appealing alternative cloud computing paradigm with its auto-scaling nature and pay-as-you-go charging model. Mainstream cloud vendors have proposed their own serverless platforms, while various kinds of applications have been refactored in a serverless manner for execution. However, the serverless computing model still entails refinement as it introduces performance and security issues. In this paper, we conduct a comprehensive survey on the serverless computing, mainly in three aspects: the type of applications suitable for serverless, the performance issues, and the security issues. We specifically elaborate previous efforts on resolving issues in serverless and shed light on the unresolved issues. We also discuss the opportunities and challenges in integrating serverless computing in the jointcloud infrastructure.

Muhammad Hamza,Muhammad Azeem Akbar,Rafael Capilla

2023-11-22

Abstract:The advent of serverless computing has revolutionized the landscape of cloud computing, offering a new paradigm that enables developers to focus solely on their applications rather than managing and provisioning the underlying infrastructure. These applications involve integrating individual functions into a cohesive workflow for complex tasks. The pay-per-use model and nontransparent reporting by cloud providers make it difficult to estimate serverless costs, imped-ing informed business decisions. Existing research studies on serverless compu-ting focus on performance optimization and state management, both from empir-ical and technical perspectives. However, the state-of-the-art shows a lack of em-pirical investigations on the understanding of the cost dynamics of serverless computing over traditional cloud computing. Therefore, this study delves into how organizations anticipate the costs of adopting serverless. It also aims to com-prehend workload suitability and identify best practices for cost optimization of serverless applications. To this end, we conducted a qualitative (interviews) study with 15 experts from 8 companies involved in the migration and development of serverless systems. The findings revealed that, while serverless computing is highly suitable for unpredictable workloads, it may not be cost-effective for cer-tain high-scale applications. The study also introduces a taxonomy for comparing the cost of adopting serverless versus traditional cloud.

Software Engineering

Pablo Serrano,Claudio Cicconetti,Adel N. Toosi,Meryem Simsek

DOI: https://doi.org/10.1109/mcom.2024.10494949

IF: 9.03

2024-04-09

IEEE Communications Magazine

Abstract:Networking technology is slowly but steadily adopting two key principles from cloud computing, namely, softwarization and modularization. This has resulted in the success of technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), which are being adopted by mobile networking as well. In the meantime, cloud computing has been revolutionized by serverless computing, with the Function-as-a-Service (FaaS) paradigm enabling extreme scalability in a convenient manner.

telecommunications,engineering, electrical & electronic

Emilian Simion,Yuandou Wang,Hsiang-ling Tai,Uraz Odyurt,Zhiming Zhao

2024-01-04

Abstract:Serverless computing has emerged as an attractive paradigm due to the efficiency of development and the ease of deployment without managing any underlying infrastructure. Nevertheless, serverless computing approaches face numerous challenges to unlock their full potential in hybrid environments. To gain a deeper understanding and firsthand knowledge of serverless computing in edge-cloud deployments, we review the current state of open-source serverless platforms and compare them based on predefined requirements. We then design and implement a serverless computing platform with a novel edge orchestration technique that seamlessly deploys serverless functions across the edge and cloud environments on top of the Knative serverless platform. Moreover, we propose an offloading strategy for edge environments and four different functions for experimentation and showcase the performance benefits of our solution. Our results demonstrate that such an approach can efficiently utilize both cloud and edge resources by dynamically offloading functions from the edge to the cloud during high activity, while reducing the overall application latency and increasing request throughput compared to an edge-only deployment.

Distributed, Parallel, and Cluster Computing

Weizhong Qiang,Zezhao Dong,Hai Jin

DOI: https://doi.org/10.1007/978-3-030-01701-9_25

2018-01-01

Abstract:Serverless computing is an emerging trend in the cloud, which represents a new paradigm for deploying applications and services. In the serverless computing framework, cloud users can deploy arbitrary code and process data on the service runtime. However, as neither cloud users nor cloud providers are trustworthy, serverless computing platform suffers from trust issues caused by both sides. In this paper, we propose a new serverless computing framework called Se-Lambda, which protects the API gateway by using SGX enclave and the service runtime by leveraging a two-way sandbox that combines SGX enclave and WebAssembly sandboxed environment. In the proposed service runtime, users’ untrusted code is confined by WebAssembly sandboxed environment, while SGX enclave prevents malicious cloud providers from stealing users’ privacy-sensitive data. In addition, we implement a privilege monitoring mechanism in SGX enclave to manage the access control of function modules from users. We implement the prototype of Se-Lambda based on the open source project OpenLambda. The experimental results show that the Se-Lambda imposes a low performance penalty, while buying a significantly increased level of security.

Neetu Rani,Parikshit Verma,Paurav Goel

DOI: https://doi.org/10.1109/CCICT62777.2024.00034

2024-04-19

Abstract:The worldview of serverless computing addresses a significant evolutionary leap to smooth out the designer experience. Serverless computing, a feature of the cloud computing, seeks to ease the devlopers from the weights related with the server organization and essential infrastructure choices. Generally, it endeavors to satisfy its essential responsibility by releiving the designers from worries connected with server arrangement, setup, and scaling. The integration of FaaS plays a vital part in understanding the execution of serverless computing. This state of the art approach of the cloud computing works on application configuration, offering designers the capacity to evade server management through the reception of the ongoing Serverless Computing Paradigm. Working on a computational architecture that uses discrete functions as executables. These functions are sent exclusively on a serverless stage, giving quick adaptability per request to the clients. However, this adaptability frequently leads to the test known as the “Cold Starts”, where the delays happen during the task allocation to a runtime container. Presented by Amazon in 2014, AWS Lambda is one of the noticeable illustration of serverless computing architecture. Post-launch, different entities, incorporating both open-source and for benefit associations, embraced and popularized this innovation. Eminently, every platform tends to cold starts uniquely, provoking broad examination of every platforms performance under conditions comparable to the cold start in the recent years. This paper offers a top to bottom survey of the most recent progressions and cutting edge examinations in the space of serverless engineering for cold start interval reduction. By digging into the complexities of different platform performance and their ways to deal with the mitigation of the cold start challenge, this review aims to contribute significant insights to the continuous talk in the field of serverless computing.

Engineering,Computer Science

Jinfeng Wen,Zhenpeng Chen,Yi Liu,Yiling Lou,Yun Ma,Gang Huang,Xin Jin,Xuanzhe Liu

DOI: https://doi.org/10.1145/3468264.3468558

2021-01-01

Abstract:Serverless computing is an emerging paradigm for cloud computing, gaining traction in a wide range of applications such as video processing and machine learning. This new paradigm allows developers to focus on the development of the logic of serverless computing based applications (abbreviated as serverless-based applications) in the granularity of function, thereby freeing developers from tedious and error-prone infrastructure management. Meanwhile, it also introduces new challenges on the design, implementation, and deployment of serverless-based applications, and current serverless computing platforms are far away from satisfactory. However, to the best of our knowledge, these challenges have not been well studied. To fill this knowledge gap, this paper presents the first comprehensive study on understanding the challenges in developing serverless-based applications from the developers’ perspective. We mine and analyze 22,731 relevant questions from Stack Overflow (a popular Q&A website for developers), and show the increasing popularity trend and the high difficulty level of serverless computing for developers. Through manual inspection of 619 sampled questions, we construct a taxonomy of challenges that developers encounter, and report a series of findings and actionable implications. Stakeholders including application developers, researchers, and cloud providers can leverage these findings and implications to better understand and further explore the serverless computing paradigm.

Abhinav Jangda,Donald Pinckney,Yuriy Brun,Arjun Guha

DOI: https://doi.org/10.1145/3360575

2020-10-05

Abstract:Serverless computing (also known as functions as a service) is a new cloud computing abstraction that makes it easier to write robust, large-scale web services. In serverless computing, programmers write what are called serverless functions, and the cloud platform transparently manages the operating system, resource allocation, load-balancing, and fault tolerance. When demand for the service spikes, the platform automatically allocates additional hardware to the service and manages load-balancing; when demand falls, the platform silently deallocates idle resources; and when the platform detects a failure, it transparently retries affected requests. In 2014, Amazon Web Services introduced the first serverless platform, AWS Lambda, and similar abstractions are now available on all major cloud computing platforms. Unfortunately, the serverless computing abstraction exposes several low-level operational details that make it hard for programmers to write and reason about their code. This paper sheds light on this problem by presenting $\lambda_\Lambda$, an operational semantics of the essence of serverless computing. Despite being a small (half a page) core calculus, $\lambda_\Lambda$ models all the low-level details that serverless functions can observe. To show that $\lambda_\Lambda$ is useful, we present three applications. First, to ease reasoning about code, we present a simplified naive semantics of serverless execution and precisely characterize when the naive semantics and $\lambda_\Lambda$ coincide. Second, we augment $\lambda_\Lambda$ with a key-value store to allow reasoning about stateful serverless functions. Third, since a handful of serverless platforms support serverless function composition, we show how to extend $\lambda_\Lambda$ with a composition language. We have implemented this composition language and show that it outperforms prior work.

Programming Languages

Qingyuan Liu,Dong Du,Yubin Xia,Ping Zhang,Haibo Chen

DOI: https://doi.org/10.1145/3620678.3624785

2023-01-01

Abstract:With the emergence of the serverless computing paradigm in the cloud, researchers have explored many challenges of serverless systems and proposed solutions such as snapshot-based booting. However, we have noticed that some of these optimizations are based on oversimplified assumptions that lead to infeasibility and hide real-world issues. This paper aims to analyze the gap between current serverless research and real-world systems from a perspective of industry, and present new observations, challenges, opportunities, and insights that may address the discrepancies.

Samuel Kounev,Nikolas Herbst,Cristina L. Abad,Alexandru Iosup,Ian Foster,Prashant Shenoy,Omer Rana,Andrew A. Chien

DOI: https://doi.org/10.1145/3587249

IF: 22.7

2023-08-23

Communications of the ACM

Abstract:Dispelling the confusion around serverless computing by capturing its essential and conceptual characteristics.

computer science, theory & methods, software engineering, hardware & architecture