Today’s industry has gradually realized the importance of lifting efficiency and saving costs during the life-cycle of an application. In particular, we see that most of the cloud-based applications and services often consist of hundreds of micro-services; however, the traditional monolithic pattern is no longer suitable for today’s development life-cycle. This is due to the difficulties of maintenance, scale, load balance, and many other factors associated with it. Consequently, people switch their focus on containerization—a lightweight virtualization technology. The saving grace is that it can use machine resources more efficiently than the virtual machine (VM). In VM, a guest OS is required to simulate on the host machine, whereas containerization enables applications to share a common OS. Furthermore, containerization facilitates users to create, delete, or deploy containers effortlessly. In order to manipulate and manage the multiple containers, the leading Cloud providers introduced the container orchestration platforms, such as Kubernetes, Docker Swarm, Nomad, and many others. In this paper, a rigorous study on Kubernetes from an administrator’s perspective is conducted. In a later stage, serverless computing paradigm was redefined and integrated with Kubernetes to accelerate the development of software applications. Theoretical knowledge and experimental evaluation show that this novel approach can be accommodated by the developers to design software architecture and development more efficiently and effectively by minimizing the cost charged by public cloud providers (such as AWS, GCP, Azure). However, serverless functions are attached with several issues, such as security threats, cold start problem, inadequacy of function debugging, and many other. Consequently, the challenge is to find ways to address these issues. However, there are difficulties and hardships in addressing all the issues altogether. Respectively, in this paper, we simply narrow down our analysis toward the security aspects of serverless. In particular, we quantitatively measure the success probability of attack in serverless (using Attack Tree and Attack–Defense Tree) with the possible attack scenarios and the related countermeasures. Thereafter, we show how the quantification can reflect toward the end-to-end security enhancement. In fine, this study concludes with research challenges such as the burdensome and error-prone steps of setting the platform, and investigating the existing security vulnerabilities of serverless computing, and possible future directions.

今天的行业已经逐渐意识到在应用程序的生命周期中提升效率和节省成本的重要性。特别是，我们看到大多数基于云的应用程序和服务通常由数百个微服务组成；然而，传统的单体模式已不再适合今天的开发生命周期。这是由于维护、规模、负载平衡以及与之相关的许多其他因素的困难。因此，人们将注意力转向容器化——一种轻量级虚拟化技术。优点是它可以比虚拟机 (VM) 更有效地使用机器资源。在 VM 中，需要在主机上模拟来宾操作系统，而容器化使应用程序能够共享公共操作系统。此外，容器化有助于用户轻松创建、删除或部署容器。为了操作和管理多个容器，领先的云提供商推出了容器编排平台，例如 Kubernetes、Docker Swarm、Nomad 等。在本文中，从管理员的角度对 Kubernetes 进行了严格的研究。在后期，无服务器计算范式被重新定义并与 Kubernetes 集成，以加速软件应用程序的开发。理论知识和实验评估表明，通过最小化公共云提供商（例如 AWS、GCP、Azure）收取的成本，开发人员可以采用这种新颖的方法来更有效地设计软件架构和开发。然而，冷启动问题，功能调试不足等。因此，挑战在于找到解决这些问题的方法。但是，从整体上解决所有问题，困难重重。分别地，在本文中，我们只是将分析范围缩小到无服务器的安全方面。特别是，我们量化了无服务器攻击的成功概率（使用Attack Tree和Attack-Defense Tree) 以及可能的攻击场景和相关对策。此后，我们展示了量化如何反映端到端安全性增强。总之，本研究以研究挑战结束，例如设置平台的繁琐和容易出错的步骤，调查无服务器计算的现有安全漏洞，以及未来可能的方向。