Skip to main content
SpringerLink
Log in

Cloud vs Serverless Computing: A Security Point of View

  • Conference paper
  • First Online:
Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022) (UCAmI 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 594))

Abstract

In the last few years, there has been an evolution of the traditional cloud architectures which offers the possibility the provider assumes a big percentage of the security to the level of infrastructure, leaving the responsibility for the security of the applications to the developers. The new model of serverless computation, represents an evolution of the cloud architecture, improving also some appearances related with the security of the applications that use this new model. In this paper, we analyze which are the advantages and problems of the serverless architectures from the point of view of the security, comparing the main risks and attack vectors in both architectures. From this comparative, we can conclude that in serverless architectures new risks appear in the applications and improve others that are found in methodologies of safe development like Open Web Application Security Project (OWASP). Given the event-driven nature of serverless architectures, this type of applications add an additional complexity and arise new risks, among which can stand out those related with the data injection of events in functions and the creation of flows between serverless functions that could increase the attack surface of an application and do it vulnerable to attacks already known. To the best of our knowledge, this is the first paper to compare cloud and serverless computing from a security point of view.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bhajantri, L.B., Mujawar, T.: A survey of cloud computing security challenges, issues and their countermeasures. In: 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), 2019, pp. 376–380. https://doi.org/10.1109/I-SMAC47947.2019.9032545

  2. Rizwan, S., Zubair, M.: Basic security challenges in cloud computing. In: 2019 4th International Conference on Emerging Trends in Engineering, Sciences and Technology (ICEEST), 2019, pp. 1–4 (2019). https://doi.org/10.1109/ICEEST48626.2019.8981695

  3. Mora, H., Mora Gimeno, F.J., Signes-Pont, M.T., Volckaert, B.: Multilayer architecture model for mobile cloud computing paradigm, Complexity (2019). https://doi.org/10.1155/2019/3951495

  4. Mora-Gimeno, F.J., Mora-Mora, H., Marcos-Jorquera, D., Volckaert, B.: A secure multi-tier mobile edge computing model for data processing offloading based on degree of trust. Sensors 18(10), 3211 (2018). Doi: https://doi.org/10.3390/s18103211

  5. AWS responsibility model. https://aws.amazon.com/es/compliance/shared-responsibility-model

  6. Sewak, M., Singh, S.: Winning in the era of serverless computing and function as a service. In: 2018 3rd International Conference for Convergence in Technology (I2CT), 2018, pp. 1–5 (2018). https://doi.org/10.1109/I2CT.2018.8529465

  7. Fox, G.C., Ishakian, V., Muthusamy, V., Slominski. A.: Status of serverless computing and function-as-a-service (faas) in industry and research. arXiv preprint arXiv:1708.08028 (2017)

  8. Idris, M., Syarif, I., Winarno, I.: Development of vulnerable web application based on OWASP API security risks. In: 2021 International Electronics Symposium (IES), pp. 190–194

    Google Scholar 

  9. van Eyk, E., Toader, L., Talluri, S., Versluis, L., Uță, A., Iosup, A.: Serverless is more: from PaaS to present cloud computing. IEEE Internet Comput. 22(5), 8–17 (2018). https://doi.org/10.1109/MIC.2018.053681358

    Article  Google Scholar 

  10. Parres-Peredo, A., Piza-Davila, I., Cervantes, F.: Building and evaluating user network profiles for cybersecurity using serverless architecture. In: 2019 42nd International Conference on Telecommunications and Signal Processing (TSP), pp. 164–167 (2019)

    Google Scholar 

  11. Palade, A., Kazmi, A., Clarke, S.: An evaluation of open source serverless computing frameworks support at the edge. IEEE World Congress Serv. (SERVICES) 2019, 206–211 (2019). https://doi.org/10.1109/SERVICES.2019.00057

    Article  Google Scholar 

  12. Json Web Tokens. https://jwt.io

  13. Li, X., Leng, X., Chen, Y.: Securing Serverless Computing: Challenges, Solutions, and Opportunities (2021)

    Google Scholar 

  14. Rajan, R.A.P.: A review on serverless architectures-function as a service (FaaS) in cloud computing. Telkomnika Telecommun. Comput. Electron. Control. 18, 530–537 (2020)

    Google Scholar 

  15. Kritikos, K., Skrzypek, P.: A review of serverless frameworks. In: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion), 2018, pp. 161–168 (2018). https://doi.org/10.1109/UCC-Companion.2018.00051

  16. AWS Lambda. https://aws.amazon.com/lambda

  17. Google Cloud Functions. https://cloud.google.com/functions

  18. Azure Functions. https://azure.microsoft.com/en-us/services/functions

  19. Daly, J.: Event injection: Protecting your serverless applications (2019). https://www.jeremydaly.com/event-injection-protecting-your-serverless-applications

  20. Maroc, S., Zhang, J.B.: Cloud services security evaluation for multi-tenants. In: 2019 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC), pp. 1–6 (2019). https://doi.org/10.1109/ICSPCC46631.2019.8960871

  21. Gupta, H., Kumar, D.: Security threats in cloud computing. In: 2019 International Conference on Intelligent Computing and Control Systems (ICCS), 2019, pp. 1158–1162 (2019)

    Google Scholar 

  22. Eltaeib, T., Islam, N.: Taxonomy of challenges in cloud security. In: 2021 8th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2021 7th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2021, pp. 42–46 (2021). https://doi.org/10.1109/CSCloud-EdgeCom52276.2021.00018

  23. AWS API Gateway https://aws.amazon.com/es/api-gateway. Accessed 11 June 2022

  24. Marin, E., Perino, D., Di Pietro, R.: Serverless Computing: A Security Perspective (2021)

    Google Scholar 

  25. Shafiei, H., Khonsari, A., Mousavi, P.: Serverless computing: a survey of opportunities, challenges, and applications. ACM Comput. Surv. 1, 1 (2021)

    Google Scholar 

  26. OWASP Serverless TOP 10. https://github.com/OWASP/Serverless-Top-10-Project. Accessed 11 June 2022

  27. The Ten Most Critical Risks for Serverless Applications v1.0. https://github.com/puresec/sas-top-10. Accessed 11 June 2022

  28. Lala, S.K., Kumar, A., S.T.: Secure Web development using OWASP Guidelines. In: 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), 2021, pp. 323–332 (2021). https://doi.org/10.1109/ICICCS51141.2021.9432179

  29. Hong, S., Srivastava, A., Shambrook, W., Dumitras, T.: Go Serverless: Securing Cloud via Serverless Design Patterns. HotCloud (2018)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the Spanish Research Agency (AEI) under project HPC4Industry PID2020-120213RB-I00.

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, University of Alicante, Alicante, Spain

    José Manuel Ortega Candel, A. Elouali, Francisco José Mora Gimeno & Higinio Mora

Authors
  1. José Manuel Ortega Candel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Elouali
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francisco José Mora Gimeno
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Higinio Mora
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Higinio Mora .

Editor information

Editors and Affiliations

  1. Castilla-La Mancha University, Ciudad Real, Spain

    José Bravo

  2. Computer Science Department, University of Chile, Santiago, Chile

    Sergio Ochoa

  3. CICESE, Ensenada, Mexico

    Jesús Favela

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Candel, J.M.O., Elouali, A., Gimeno, F.J.M., Mora, H. (2023). Cloud vs Serverless Computing: A Security Point of View. In: Bravo, J., Ochoa, S., Favela, J. (eds) Proceedings of the International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2022). UCAmI 2022. Lecture Notes in Networks and Systems, vol 594. Springer, Cham. https://doi.org/10.1007/978-3-031-21333-5_109

Download citation

Publish with us

Policies and ethics

Search

Navigation