1

Serverless Computing: A Survey

of Opportunities, Challenges and Applications
H. Shafiei, Member, IEEE, , A. Khonsari, and P. Mousavi

Abstract—The topic of serverless computing has proved to be a controversial subject both within academic and industrial communities.
Many have praised the approach to be a platform for a new era of computing and some have argued that it is in fact a step backward.
Though, both sides agree that there exist challenges that must be addressed in order to better utilize its potentials. This paper surveys
existing challenges toward vast adoption of serverless services and also explores some of the challenges that have not been thoroughly
discussed in the previous studies. Each challenge is discussed thoroughly and a number of possible directions for future studies is
proposed. Moreover, the paper reviews some of the unique opportunities and potentials that the serverless computing presents.

Index Terms—Cloud Services, Serverless Computing, Function-as-a-Service (FaaS)

1 I NTRODUCTION eventually [6]. This paper falls into the latter category.
In this paper, we review the opportunities presented
Large technology companies such as Amazon, Google
by serverless computing. We emphasize that serverless
and Microsoft offer serverless platforms under various
services are indeed more affordable approaches for many
brand names. Although the specifics of the services may
networked services, more customer friendly as they
differ but the essential idea behind the offered services
relieve customers from the intricacies of deployment,
is almost the same i.e., by rendering computation to
and also they are more environmentally friendly for the
the pay-as-you-go model, serverless computing tries to
reasons we will discuss later in this paper. Moreover,
achieve auto-scaling while providing more affordable
we argue that new market places will form around
computation services.
these services which implies new business opportunities
Serverless computing differs from traditional cloud
for computer engineers. Various serverless applications,
computing concepts (we refer to them as serverful in
which have been proposed in the course of the past few
this paper) in the sense that the infrastructure and the
years, are surveyed in this paper.
platforms in which the services are running, are trans-
The are a number of challenges that serverless services
parent to customers. In this approach, the customers
are currently facing. These challenges are thoroughly
are only concerned with the desired functionality of
surveyed in this paper. One of the main concerns in
their application and the rest is delegated to the service
these services, that has serious drawbacks on the overall
provider.
performance of serverless applications, is the cost of
There are successful commercial implementations of preserving the state. In fact, the serverless applications
this model. Amazon introduced Lambda [1] in 2014 are often compared with serverful applications (running
and later Google Cloud Functions [2], Microsoft Azure on a single VM), where objects and methods (functions)
Functions [3] and IBM OpenWhisk [4] were launched of the applications are executed on a single machine
in 2016. Since then many studies have focused on the and have access to a shared memory and cache [5],
challenges and open problems of this concept. Some of [7]. It is natural to see that the latter has significantly
the previous studies are skeptical about the potentials better performance than the former since the state of the
of serverless computing due to the poor performance system is preserved in the memory and various parts
of their case studies [5]. In contrast, others believe that of an application can access that. This shared memory
serverless computing will become the face of cloud space on a single machine is not always available in
computing and the performance issues will be addressed serverless applications due to its auto-scaling nature that
does not guarantee the execution of related functions
• H. Shafiei is with the School of Computer Science, IPM, Tehran, Iran. on a single machine. Several related work to address
E-mail: shafiei@ipm.ir
• A. Khonsari is with the Department of Electrical and Computer Engi-
this issue have been surveyed in this paper and future
neering, University of Tehran, Tehran, Iran. He is also with the School of research directions are also proposed.
Computer Science, IPM, Tehran, Iran. Another important challenge is the security and pri-
E-mail: ak@ipm.ir
• P. Mousavi is graduated from Department of Electrical and Computer
vacy of serverless services. Various categories of attacks
Engineering, University of Tehran, Iran and privacy breaches and their possible countermeasures
E-mail: pa.mousavi@ut.ac.ir are discussed in this paper. Furthermore, the issues
of scheduling, pricing, caching, provider management
 2

and function invocation in serverless computing are all

surveyed in this paper, and future directions are also F1
proposed.
The rest of this paper is organized as follows. Section Client F2 DB
2 presents definitions and characteristics of serverless
services. Section 3 focuses on the opportunities that the
F3
serverless computing model offers and also presents its
application. Section 4 surveys the challenges toward vast
adoption of the concept. Section 5 concludes the paper. Fig. 1: An example of a serverless application.

2 D EFINITION AND C HARACTERISTICS

A serverless application is usually comprised of two
2.1 Definitions parts:
There is no formal definition for the concept of serverless • A rich client. The client implements most of the
computing and its various services. So, here we present application logic. It interacts with two sides i.e.,
the most common acknowledged definitions. the end user and the provider, invoking functions
on one side and translating the results into usable
2.1.1 FaaS views for the other side.
Function as a service (FaaS) is a paradigm in which the • Registered functions on a provider. Functions are

customers are able to develop, run, and manage applica- uploaded to the provider. The provider invokes a
tion functionalities without the trouble of building and copy of the function per user’s request or based on
maintaining the infrastructure. a predefined event.
Figure 1 depicts an example of a serverless appli-
2.1.2 BaaS cation. In this example, the client invokes function F1
Backend as a Service (BaaS) is an online service that han- which retrieves data from the database, performs some
dles a specific task over the cloud, such as authentication operations on it and sends the result back to the client.
or notification. Both BaaS and FaaS require no resource In another scenario, the client invokes F2, F2 invokes
management from the customers. While FaaS only offers another function called F3, the result is sent back to F2
to execute users’ functions, BaaS offers a complete online and then it sends its result to the client. In this scenario
service. we saw a sequence of function executions. Later in this
paper, we argue that these sequences are important for
2.1.3 Serverless service the purpose of performance optimization.
Providers accept customers’ functions and store them.
A serverless service is a combination of FaaS and BaaS Upon receiving an invocation request, the provider as-
that incorporates the following characteristics. signs the function to one of its nodes for execution.
The parameters upon which the provider selects the
2.2 Characteristics execution node have great impact on the performance of
the system which is thoroughly surveyed in the Section 5
There are a number of properties that a service should
of this paper. The node (which can be a virtual machine,
have in order to call it a serverless service:
a container or even a sandbox execution environment)
1) The execution environment must be transparent executes the function, sends back the result to the client
to the customer. The processing node, the virtual and sends the execution log to the provider. The provider
machine, the container, its operating system and uses the log to improve further execution of the function.
etc. are all hidden to the customer. Figure 2 shows an example of such scenario.
2) The provider1 should provide an auto-scaling ser-
vice i.e., the resources should be made available to
the customer instantly per demand. 3 O PPORTUNITIES
3) The billing mechanism should only reflect the In this section, we discuss the opportunities that server-
amount of resources the customer actually used i.e., less computing offers.
pay-as-you-go billing model.
4) The provider does its best effort to complete the 3.1 Affordable Scalability
customer’s task as soon as it receives the request
The very first and foremost opportunity that serverless
and the execution duration is bounded.
computing offers is the ability for customers to deploy
5) The basic elements in serverless services are func-
the functionalities of their applications without worrying
tions. The functions are not transparent to the
about the scalability and the execution infrastructure or
provider. The provider knows their data dependen-
cies, dependencies to external libraries, run-time 1. Throughout this paper by service provider we mean the organi-
environments and state during and after execution. zation (or company) who serves customers in a serverless fashion.
 3

platform. The scalability is a direct result of the auto-

scaling nature of these services i.e., per request the PMS F1
F1
Fx
service invokes a copy of the requested function and
there is virtually no bound for the number of requests.
F1
Each invocation is assigned to the most feasible and Client
available resource for execution. VM1 VM2 VM3

The affordability of serverless services is mainly due

to the reduced costs of the providers. There are two DB
main reasons for the more reduced costs, (1) resource Serverless Provider
multiplexing and (2) infrastructure heterogeneity. Re-
source multiplexing leads to higher utilization of avail- Fig. 2: An example of a serverless provider.
able resources. For example, consider the case in which
an application has one request every minute and it
takes milliseconds to complete each request. In this case, and resource usage. The function markets may present
the mean CPU usage is very low. If the application is buyers with a catalog for every function which shows
deployed to a dedicated machine then this is highly the resource usage of the function and prices it incurs
inefficient. Many similar applications could all share that per request. Thus, the buyer can choose from possibly
one machine. Infrastructure heterogeneity means that, thousands of options for a specific task.
the providers also can use their older machines that are
less attractive for other direct services to reduce their
costs (this is mainly due to the transparency of execution 3.4 A New Programming Paradigm
environment). In a serverless programming paradigm, functions play a
key role in designing software services. In fact, serverless
3.2 No Deployment and Maintenance Complexity applications can be viewed as a composition of functions
rather than a construction of code blocks. This can be
One of the promises of the cloud computing listed in
called “composition over construction” paradigm. As
[8] is to relieve users from managing the infrastructure,
discussed, function markets will offer programmers with
which is now already accomplished in Infrastructure-
various functions per customers’ requirements. Thus, by
as-a-Service (IaaS), however, users still have to manage
providing tested, efficient and widely used functions to
their virtual resources i.e, installing and configuring
programmers, the complexity of software development
related packages and libraries. Certainly, Platform-as-a-
is reduced drastically. However, this bears new chal-
Service (PaaS) providers such as Heroku [9] have made
lenges which programmers could face i.e., they should
the management slightly easier, although, users still have
move from widely adopted and accepted object-oriented
to configure the application to match the PaaS require-
programming to functional programming paradigm. Al-
ments which is not a trivial task. Serverless computing
though, functions can still be used in an object-oriented
takes a big step in this manner. Users only have to
environment, with the so-called mutability of data in
register their functions and then receive the credentials
such environments, the complexity of code will increase
to invoke the functions.
significantly [12]. Functional programming is an old
concept, however, it is gaining new traction during the
3.3 New Market Places past few years among software developers [13].
With the advent of modern operating systems for mobile
devices such as Android or iOS, various market places 3.5 Green Computing
for applications, that are specifically designed for those
operating systems, have emerged such as Google Play Serverless computing promotes green computing from
Store [10] and Apple’s App Store [11]. Such a scenario is two different perspectives:
predictable for serverless computing i.e., with the growth
in the popularity of serverless computing, new market 3.5.1 Resource Sharing
places for functions will arise. In these types of markets, By on-demand execution of functions and releasing the
developers can sell their developed functions to others. resources after execution, the energy consumption is
Every generalized or domain-specific functionality can reduced significantly. In other alternative services such
be bought or offered in those markets. For example, as IaaS, even for a single small request the whole virtual
a software developer may need a geo-spatial function machine with its resources must be kept alive. By sharing
that checks whether a point resides inside a geo-spatial the resources of the infrastructure with other functions,
polygon. He/she could buy such function from those serverless computing improves resource utilization.
markets.
The competition forced by the economics of these mar- 3.5.2 Quality of Code
kets will lead to high quality functions i.e., both from the By billing per execution time, serverless computing
perspective of code efficiency, cleanness, documentation forces the economical incentives upon programmers to
 4

improve the resource usage of their implemented code. We believe disagreement lies in the fact that the range
This is not a great concern in other services. For example, of scientific computing and its applications are vast and
billing of IaaS is per allocated resource such as the there are certainly some areas in this field for which the
number of CPU cores. How much a CPU core is uti- utilization of serverless services is feasible.
lized does not usually affect the bill. Indeed, automated Spillner et.al., [24] argue that serverless approaches
testing tools should be developed that not only verify provide a more efficient platform for scientific and high-
the soundness of code but also evaluate the quality of performance computing by presenting various proto-
code from the perspective of its resource usage. types and their respective measurements. This idea is
also echoed in [25] where high-performance Function-
as-a-Service is proposed for scientific applications. A
4 A PPLICATIONS
serverless tool for linear algebra problems is proposed in
Although the concept is relatively new, many real-world [26] and a case for matrix multiplication is presented in
serverless applications have been proposed in the liter- [27]. Serverless is harnessed for large-scale optimization
ature. In what follows, we categorize and review these in [28]. A serverless case study for scientific workflows
applications: is discussed in [29].
Serverless approaches have been also used in DNA
4.1 Real-time Collaboration and Analytics and RNA computing [30], [31]. On-demand high per-
formance serverless infrastructures and approaches for
The stateless nature of serverless services makes them an
biomedical computing is proposed in [32].
attractive platform for real-time collaboration tools such
as instant messaging and chatbots. Yan et.al., [14] pro-
4.4 Machine Learning
posed an architecture for chatbot on OpenWhisk [4]. An
XMPP-based serverless approach for instant messaging Machine learning in general and specifically approaches
is also introduced in [15]. based on neural networks, are currently one of the
Real-time tracking is another example of collaboration most attractive research trends. A case of serverless
tools that are very suitable for serverless services as these machine learning is discussed in [33]. Ishakian et.al., [34]
applications are not heavily dependant on the system’s discussed various deep learning models for serverless
state. Anand et.al., [16], [17] proposed two real-time GPS platforms. Neural network training of serverless services
tracking methods on low-power processors. is explored in [35]. Also a pay-per-request deployment
Serverless services are also utilized for data analytics of neural network models using serverless services is
applications [18]. In these applications, various sources discussed in [36].
stream real-time data to a serverless service. The service
gathers, analyses and then represents the data analytics. 4.5 Video Processing
The auto-scaling feature of serverless computing makes Serverless approaches have been proposed for video
the handling of concurrent massive data streams, possi- processing. Sprocket [37] is a serverless video process-
ble. ing framework that exploits intra-video parallelism to
achieve low latency and low cost. The authors claim
4.2 Urban and Industrial Management Systems that a video with 1,000-way concurrency using Amazon
Lambda on a full-length HD movie costs about $3 per
The pay-as-you-go model of serverless services paved hour of processed video.
the way for introduction and implementation of vari- Zhang et al. [38] present a measurement study to
ous budget-restricted urban and industrial management extract contributing factors such as the execution dura-
systems. Al-Masri et.al., [19] presented an urban smart tion and monetary cost of serverless video processing
waste management system. A serverless monitoring and approaches. They reported that the performance of video
detection approach for smart grid is presented in [20]. processing applications could be affected by the under-
Hussain et.al., [21] proposed a serverless service for oil lying infrastructure.
and gas field management system.
Serverless services have been also utilized for urban
4.6 Security
disaster recovery applications. Franz et.al., [22] proposed
a community formation method after disasters using The power of serverless computing has been leveraged
serverless services. Another similar approach is also for providing security for various systems and infras-
proposed in [23]. tructures. A mechanism for securing Linux containers
has been proposed in [39]. Serverless services have also
been utilized for intrusion detection. StreamAlert [40] is
4.3 Scientific Computing a serverless, real-time intrusion detection engine built
It has been debated in [5] that serverless computing upon Amazon Lambda. Serverless approaches have been
is not an attractive alternative for scientific computing also used for ensuring data security. A method for au-
applications, albeit, many studies have focused their at- tomatically securing sensitive data in public cloud using
tentions toward serverless services for those application. serverless architectures has been introduced in [41].
 5

In a completely different approach, serverless ap- in long term. To remedy this shortcoming, Perez et al.
proaches have been used to develop a botnet [42]. We [52] propose a programming model and middleware
think that preventing attackers from using serverless for serverless computing applications. The focus of the
infrastructures to conduct these types of attacks is an paper is limited to file processing applications. A formal
important issue that needs to be addressed. model for serverless computing using lambda calculus
is presented in [53]. Also, a model-based analysis of
4.7 Internet of Things (IoTs) serverless application is discussed in [54].
Debugging and testing tools are integral parts of any
Serverless computing model has been exploited for var- software development approach. Serverless computing
ious IoT domains. Cheng et al. [43] propose a serverless is not an exception. Few papers have elaborated on this;
fog computing approach to support data-centric IoT [55] proposes a combined monitoring and debugging
services. A smart Internet of Things (IoT) approach using approach for serverless functions. Integration testing of
the serverless and microservice architecture is proposed serverless functions is discussed in [56].
in [44]. A serverless body area network for e-health IoT Another important tool to test the applicability and
applications is presented in [45]. performance of any new idea is benchmark suites. A rich
In another research direction, Presson et al. [46] intro- set of benchmark suites for serverless infrastructures is
duced Kappa which is a flexible and intuitive serverless presented in [57].
platform for IoTs.
5.2 Pricing
5 C HALLENGES Many big technology companies now offer serverless
This section presents challenges toward serverless com- computing services with different specifications and
puting. Instead of referring to various papers individu- prices. As the popularity of serverless services increase,
ally, we summarize the challenges presented in [5], [6], the number of companies and their options for pricing
[47]–[50] as follows. will grow. Many factors affect the price offered by each
As the topic of serverless computing is relatively company. These factors range from company’s revenue
new, there are a number of challenges that need to strategy to the platform it uses and the energy prices
be addressed. Some of these challenges are not unique (based on the region or the time of day during which the
to the serverless computing model and can arise in function execution occurs). For example, a request that is
any computing environment such as security and pri- received by a server at 2 a.m. in Winter incurs less energy
vacy, caching or pricing. There are also some types bills compared to that of an exactly same request with
of challenges that are specifically unique to serverless the same resource consumption at 12 p.m. workday in
services such as function invocation or functions’ intra- Summer. Another factor is the load level that is imposed
communication. In this section, we review both types. to the provider at that moment. The price offered by the
Discussing the challenges toward vast adoption of competitors is also a key decision factor. Various pricing
serverless services is particularly important since there models have been proposed for cloud computing in
has been a controversy between various pundits about general [58] that are not directly applicable to serverless
the benefits of migration from serverful approaches to service. Extracting a pricing model for service providers
serverless ones. The drawbacks listed in [5] and poor is a challenging issue that should further be studied by
emulation results presented in [51] are all rooted in the research community.
existing challenges that are unique to serverless services The pricing problem is also important for customers.
and need to be addressed in future studies. For example, As discussed above, the diversity of the prices will lead
placement of functions in physical infrastructure (pro- to a competitive environment between service providers.
cessing nodes) is one of those challenges. In fact, with Thus the customer can choose between various price
poor placement of functions on nodes without consider- options in an online manner to reduce the costs. In this
ing their data dependencies, dependency to other func- way, customers put their functions on multiple serverless
tions (i.e., putting the ones that share state, physically services (or ship it instantly) and then based on the
far from each other) or lack of any knowledge about the online available prices, the software decides to place
function itself, we will end up with systems that perform the request to the most affordable service provider. The
lower than their serverful counterparts. ultimate goal of customers is to reduce their costs while
maintaining quality of service. Note that, one of the
important factors in determining the quality of service
5.1 Programming, Modeling, Testing and Debugging is the response time.
As the topic of serverless computing is relatively new, Finding the optimal pricing strategy with multiple
its development tools are not rich enough. This poses a providers and customer constraints is a challenging issue
great challenge for software developers. Also, the lack that must be addressed in research studies. A similar no-
of proper modeling paradigms leads to non-unified de- tion have extensively discussed in the area of smart grids
velopment approaches which will reduce quality of the where supply and demand are considered in extracting
code and also complicate collaborations of developers online pricing models [59].
 6

It is noteworthy to mention that, the nature of server- kept ready for function invocation to handle a request
less services makes the online pricing more feasible whilst the main containers are being started. Then, new
compared to that of other cloud services. In those ser- requests are forwarded to the main containers after-
vices such as IaaS, the cost of shipping and maintaining wards. One may argue that this approach leads to waste
multiple virtual machines or containers in multiple ser- in resources available to the provider. However, the
vice providers is higher compared to that of serverless rationale behind this approach is the fact that by multi-
settings. plexing the available resources on the warm containers
between various inactive functions, the energy actually
5.3 Scheduling can be saved while improving the response time of the
In order to save energy, serverless service providers put service. The provider should prepare warm containers
the execution infrastructure in a sleep mode, after a beforehand and scale them in a smart fashion.
period of inactivity. This period for Amazon’s Lambda 5.3.4 Service-level Agreement (SLA)
is 15 minutes [1]. Usually, the state of the function is
The provider may agree upon preparing an always-on
saved in a persistent storage so that after the wake-up it
service for a set of functions or prepare a warm container
can be restored. Upon receiving a request for a function
based on the agreement with the customer.
that is in the sleep mode, the provider wakes up the
A serverless platform designed for latency-sensitive
infrastructure and restores the state of the system. This,
DAG-structured serverless applications is presented in
naturally takes some time and leads to some latency
[60]. The key idea in the paper is to utilize a deadline-
in the service of the serverless software which in turn
aware job scheduling for serverless environments. A
reduces the users’ so-called quality of experience. For
cluster-level centralized and core-granular scheduler for
example, consider a simple login functionality that uses
serverless functions is introduced in [61].
a serverless back-end. In an extreme scenario, a user
has to wait up to an order of minutes to be able to
5.4 Sharing and Intra-communications
login to an application after a brief period of inactivity.
This may render the entire system useless. Thus, sleep Serverless software is a composition of many functions
scheduling is an important issue that must be addressed that work together to provide the desired functionality.
for serverless service providers. To attain this, the functions need to somehow communi-
Currently service providers consider constant duration cate with each other and share their data or the state. In
for the inactivity period. It is unclear why Amazon sets other cloud services, such data sharing infrastructure this
15 minutes for inactivity duration. But it is obvious that is attained through network addressing. For example
setting the same period for all functions seems naive. in IaaS, each virtual machine can send and receive
There are some approaches that must be considered for data through point-to-point networking using network
the scheduling: addresses.
Function-level network addressing is not available
5.3.1 Prediction and Forecasting in today’s serverless infrastructures, thus, two func-
The pattern on which the requests receive to the server- tions communicate through intermediary storage sys-
less service provider should be extracted. Using model- tems. This burdens a huge amount of load on relatively
ing and advanced techniques such as machine learning, slow and expensive storage systems compared to that of
the pattern of incoming requests can be predicted. There direct network connections.
are various parameters that may contribute to the pattern Here, there are two separate challenges that must
such as the activity of other related functions, time of day be addressed: (1) function addressing and (2) intra-
or external events (e.g. a sport match). communication for functions.
Functions in serverless services have some character-
5.3.2 Data Probing istics that must be considered in order to be able to
There are cases in which two functions are not directly introduce an addressing scheme for them:
related, however, moderate or extreme changes in data • Due to the auto-scaling nature of serverless comput-
caused by one function leads to execution of other func- ing, at any given time there may be several running
tions. For example, in a location-based recommendation invocations of the same function inside various
application, when a user moves far than a couple of computing nodes around the world. This rules out
kilometers (they change their vicinity), a function that the possibility of addressing based on function name
finds and suggests nearest attractions is called. Note that or location.
the function that reports the geo-location is not directly • The functions are often short-lived. The short life
related to that of suggestion extraction function. span of the functions means that any addressing
scheme should be fast enough to track the rapid
5.3.3 Warm Services changing of the system’s entire state.
The service providers could preserve a warm state for • With the growth in the usage of serverless services,
each function to handle requests after a period of in- the number of copies of functions that are being de-
activity. In this approach, some of the containers are ployed will growth drastically. Thus, the proposed
 7

addressing space should be scalable enough to be

able to handle such number of functions. F2 F5 F7

Even with a proper addressing scheme, intra- F4

F1
communication between functions is still challenging.
There are a number of possible approaches: F3 F6
1) Intermediate functions that serve as brokers be-
tween functions. Current serverless services use a Fig. 3: An example of a dependency graph for a server-
variation of this basic idea. However, it has been less application. This application has 7 functions where
argued in [6] that this burdens extreme overhead the start function is F1.
on the infrastructure. A performance evaluation
of this approach that reveals the bottlenecks and
further investigation and optimization of contribut- sequences plays a key role in improving the performance
ing factors, is a good direction for related research of serverless services. Providers can use this knowledge
studies. to pre-fetch, prepare and optimize functions to reduce
2) Communicate through stateless communication costs and serve customers with better performance.
schemes (or protocols) such as REST or SOAP. From each serverless application, a directed depen-
These protocols are vastly used over the Internet dency graph can be exploited where the nodes are
and seem to be good candidates. However, the functions and edges show precedence of the execution
existing protocols may not be directly applicable of one function to another. Figure 3 shows an example
in serverless scenarios. For example, REST is too of such a graph. The application depicted in the figure
coupled with the HTTP protocol and also its vocab- has 7 functions (F1 to F7). A directed edge from F1 to F2
ulary is not rich enough for handling the situations means that each of the executions of F2 must be preceded
which arise between functions. Introducing new by F1. For example, users must sign up to be able to check
protocols that are specifically designed for function out.
communication needs researchers’ attention. A unique path in the graph is simply the list of unique
3) Distributed message queues are also good candi- nodes (not containing cycles) connected to each other by
dates for serverless computing. This type of com- directed edges. In each application, there are a number
munication medium has already been introduced of unique paths that are more common than the others,
and investigated for cloud systems [62]. Available let this number be n. We call the set of n most frequent
messages queues such as Apache Kafka [63] are not unique paths in the dependency graph as the “n modes
directly applicable for serverless environments due of execution” of the regarding application. Assuming
to their performance issues. Amazon developed that n is a system-wide variable we simply refer to it
Kinesis Data Streams [64] that can be used for as “modes of execution” of applications.
this purpose. The topic has potential for further There are two approaches to extract the modes of
research. execution for a serverless application:

5.5 Modes of Execution 5.5.1 Predefined Modes

As discussed earlier in this paper, a serverless applica- In this approach, the application developer submits a file
tion is a composition of various functions working in that contains the modes of execution, after registering
coordination with each other to accomplish the desired their functions. The provider receives and processes the
tasks. Rarely, we have applications that are composed file for further actions. Extraction of modes of execution
of single functions, instead, usually there are many for an application is not a trivial task. Automated tools
interdependent functions, processing and passing data must be developed such that by giving the application
to each other and send back the result to the application. as an input, the tool generates the modes of execution.
For example, a real-world implementation of an online
social network (with functionalities similar to Facebook 5.5.2 Detection during Execution
[65]) on Amazon’s Lambda infrastructure has around 170 In this approach, the dependency graph is formed in-
functions [7]. side the service provider based on the activities of the
In each application, functions are executed in various application. This approach is more user-friendly since it
sequences. For example, users sign up in the application, does not need any further dependency graph generation
view latest products, click on the add-to-cart button and tools. It is also more flexible in the sense that it extracts
check out. These 4 functions are executed in a sequence. the modes of execution based on actual behavior of the
Obviously, this is not the only execution sequence in application. Recall that by definition, we are seeking n
the application since the user may have already signed most frequent paths for the application. In large ap-
up and just needs to sign in. Also, there are many plications with hundreds of functions, there are many
other possibilities for the sequences of functions. As paths and sometimes it is not trivial to predict the exact
we will discuss later in this paper, knowledge of these behavior of the users to extract the most frequent ones.
 8

Exploiting them during execution leads to more accurate the defining features of functions in these environments,
estimations. This approach is also more robust than the the function might not “live” enough to be able to
others since the predefined modes presented by the users resend the callback. Also, if the request is function-based,
could be faulty or suffer from less elaborate processing. the requester function must outlive the called function.
The provider must consider these cases and extend the
5.6 Function Invocation lifespan of the functions. However, the extension of
function’s lifespan increases the resource consumption
Every serverless provider must enable two basic meth- inside providers. The trade-off between these two must
ods for the application developers; registration of func- be further studied by future research studies.
tions and invocation of those registered functions. In a Serverless providers usually enable variety of ap-
function invocation, a request is sent to the provider that proaches to invoke registered function. This often ranges
contains the input data of the function (or the address from well-known REST-based approaches to custom
to the data) and the ID of the function. The function command-line interfaces (CLIs) [66]. Although using
invocation has various types: REST is very common for today’s serverless function
invocation, one can be skeptical about the feasibility of
5.6.1 Application-based vs Function-based
these approaches in low-power devices. Making HTTP
In many practical scenarios, the customer’s application requests does not bear heavy computation loads on
sends a request for function invocation and the result is the requester, however, for the requester to be able to
sent back to it. Then, based on the result, the application handle asynchronous callbacks, an HTTP server must be
may send another invocation request to the provider. available inside the device which consumes vast amount
There are also a number of scenarios in which the of the device’s scarce resource and sometimes goes be-
function itself invokes another function during or at the yond its hardware capabilities. To overcome this issue,
end of its execution. either the devices should use some sort of intermediary
broker between them and the serverless provider, or they
5.6.2 Request-based vs Event-based should use other protocols that are designed to handle
In a request-based invocation, an application (or a func- these cases.
tion) requests the invocation of a function, whereas, in an
event-based approach a probe is defined by the function
5.7 Packing
owner such that an event is triggered based on changes
detected by the probe. For example, a probe can be The main purpose of serverless’s existence lies in its abil-
defined over a database that if the number of purchases ity to auto-scale itself by invoking copies of customers’
in a day goes beyond a threshold, a certain function from functions and assign each request to those copies. There
accounting service must be invoked. are no predefined approaches to where to put the copies
of functions physically. Instead, load balancing systems
5.6.3 Synchronous vs Asynchronous inside the service provider decide based on current
The invocation of the function can either be synchronous utilization of computing nodes and their available re-
to the caller or asynchronous. In a synchronous invoca- sources. As reported in [6], this approach leads to serious
tion the caller (which could either be an application or performance degradation. It has also been reported that
a function) is dependent on the called function i.e., it a serverless application has performed 2.5 orders of
waits until the called function ends. In an asynchronous magnitude slower in this setting compared to that of
invocation, the caller invokes the function and proceeds an IaaS-based approach [5]. This lower performance is
to its other tasks. In the latter, the owner must pro- mainly due to the fact that the data needs to be shipped
vide callback mechanisms to notify the caller after the across the network (i.e., nodes and racks) in order to
execution. For example, in an online social network be received by the function. This leads to higher traffic
application, the login function is synchronous since the inside the provider which in turn exacerbates the latency
application cannot proceed without user authentication, and reduces the overall performance of the system. Thus,
whereas, avatar preparation function (a function which it seems wise to ship the function as near as possible to
generates multiple scales of the avatar i.e, thumbnail, the data i.e., “pack” functions with data.
etc.) can be invoked asynchronously. There are some considerations for packing of functions
Asynchronous function invocation is challenging in that must be taken into account:
some of the serverless’s real-world application domains.
For example, there are two challenges regarding this type 5.7.1 Multiple Data Sources and a Single Function
of function invocation in low-power IoTs. Those devices There are some scenarios in which a function consumes
put the hardware in a sleep mode after a period of various data sources. The basic idea would be to ship the
inactivity. If during one of these sleep cycles the callback data sources together and then pack the function with
of an asynchronous function reaches to the device, it those data sources. However, this may not be possible
will be missed. This scenario is not unique to serverless due to various reasons: (1) one or more of the data
environments, however, as being short-lived is one of sources are already near another functions that consume
 9

the data, (2) the movement is not physically possible due 5.8 Data Caching
to the lack of sufficient storage, (3) the movement is not To avoid the bottlenecks and latencies of persistent
feasible since the number of times that functions access storage, software applications utilize multiple levels of
the data is considerably low. Thus, finding an optimal caches. This is a common practice among cloud-based
point for the function based on the distance between applications as well [67]. Utilizing caches in serverless
the physical location of the function and its data sources environments is a challenging issue since functions are
on the network topology is an interesting problem that executed independent of the infrastructure. For example,
needs to be addressed. consider a serverless customer management application.
When a function requests the data of a user from
5.7.2 Multiple Functions and A Single Data Source the database, the platform usually caches the data to
handle any further requests and to reduce the num-
This case is actually simpler. In this case, multiple func- ber of costly database accesses. This works perfectly
tions are packed together with the data source. However, in serverful services. However, in a serverless service,
there are scenarios in which the number of functions and the next execution of the function may be assigned to
their processing requirements are not readily available another available computing node, which renders the
for packing. caching totally useless. This is also true when multiple
functions consecutively work on a chunk of data i.e., if
the infrastructure changes, the cached data becomes ex-
5.7.3 Chunks of Data vs Bulk of Data pired. Without caching, the costs, overheads and latency
The packing of function and data can be done with grow dramatically which make the serverless services
chunks of data instead of the whole data. For exam- infeasible. Thus, this is one of the important challenges
ple, for a function that queries customers table of a toward the successful implementation of any serverless
company’s database, that specific table is important and service.
can be packed with the function instead of the whole In designing and implementing caches, the following
database. must be considered:

5.8.1 Effect of packing

5.7.4 Evolutionary vs Revolutionary Movement of Data In packing of function and data, the functions are
As mentioned above there are scenarios in which data shipped as near as possible to the data. This may lead
must be moved toward the function. This can be done to a scenario in which multiple invocations of the same
in evolutionary or revolutionary modes. In the former function are executed in a computing node near the
mode, the chunks of data is moved based on requests data. This actually reduces the complexity of caching.
from the function, the movement is done incrementally. Instead of focusing on a system-wide cache solution,
This may lead to inconsistency in the data which must one can focus on efficient local caching mechanisms. The
be taken care of by the provider. In the latter, the data action of packing also tends to ship other functions that
is moved all together. consumes the data toward the vicinity of the data, and
thus with a proper local caching, the chance of cache hits
is improved.
5.7.5 Source Location
5.8.2 Effect of the modes of execution
The relative geographical location of the request to the
function also may play a role. In fact, packing data The mode upon which a batch of functions is executed
and functions together and then shipping them to the also has a great impact on designing caches. In fact, in a
nearest possible location to the requester would reduce sequential execution, the likelihood of data dependency
the delays that the service faces due to network traffic. between two or more consecutive functions is high.
Thus, caching will be effective if the execution mode is
The packing can be done before, during, or after
considered in the local caching strategy.
the first execution of a function. In the case in which
the packing is done prior to the execution of function, 5.8.3 Local caching vs distributed caching
careful manifestation of data dependency is needed in
order to find the optimum placement of the function. In As discussed above, in some of the real-world scenarios
the evolutionary mode which was described above, the of serverless computing an efficient local caching can be
packing is done during the execution. The packing can feasible2 . However, there are cases in which the functions
also be done after the first execution. In this case, the cannot be shipped to the vicinity of the data. In these
monitoring data is revised after the first execution and cases a distributed caching can be utilized.
by using optimization techniques and machine learning Distributed in-memory caches usually utilize dis-
approaches the optimal packing strategy is extracted in tributed hash functions (DHT) to extract the location
order to improve the performance of the service and to 2. Here, by local we mean a caching mechanism shared between
minimize costs. multiple servers in a rack or possibly a cluster of racks near each other
 10

of cached data [68]. Then, the data is routed to the are various pieces of information that contribute to the
requester. If the data does not reside in the distributed formation of this view, such as:
cache, the requester extracts the data and caches it. This 1) Information about the functions: their data depen-
works well when the cost of extracting data from its dency, the modes of execution, their owner, the
source is higher than that of getting it from the remote origin of the requests, rate of invocations, etc.
cache. 2) The state of the infrastructure: the location of
In the case of serverless services, this may actually nodes, the communication infrastructure, their on-
incur more costs. We are facing a scenario in which the line available resources, which functions are as-
function cannot be shipped to the vicinity of the data. In signed to them, the execution logs, etc.
this scenario, caching the data in the server that executes 3) The data sources: the format of data, the location
the function may accelerate the future invocations of the of data sources, their infrastructure, etc.
same function. However, as most other functions are 4) The state of local caches: what they have in the
shipped near the data, the cost of routing the cached caches, what policy for cache they use, what is the
data to the functions compared to that of extracting it size of their cache, etc.
from the source directly may actually be higher. This Having all of the above information in an online man-
must be considered in any distributed cache design for ner incurs heavy overhead on the provider. On the other
serverless services. hand, having partial information may lead to imprecise
decisions by the PMS.
5.9 Provider Management
The management operation inside the serverless 5.10 Security and Privacy
providers is a complex and resource-demanding task. It Security is an indispensable concern in any computa-
involves many monitoring and provisioning operations tion service, be it serverless or not. There are various
for each of the infrastructures inside the provider. The security challenges that are common between serverless
provider management system (PMS) should handle and and other cloud services. Those challenges are not the
keep track of functions’ registration, invocation and concern of this paper. Instead we focus on the security
execution. Below, we discuss each operation in detail: issues that specifically threaten the normal operation of
• Registration: Every user should be able to upload serverless service. Moreover, we consider the privacy of
their function, select its category and required re- users in such environments.
sources. The provider then sends back credentials
for invocation. Other tracking and commercial as- 5.10.1 Authentication and Authorization Schemes
pects are handled by the provider during this step. The foremost security challenge in any serverless scheme
• Invocation: A provider receives invocation requests is how to authenticate applications so that only legit-
from applications or other functions, checks user imate ones can use the available functions. Without
credentials and then finds a feasible computing authentication a freeloader can use the available re-
node and assigns the function to the node for execu- sources of the victims. A common approach to counter
tion. To find a feasible node for functions, it classifies these attacks is the usage of authentication tokens in
functions based on their resources and data require- the header of requests. JWT is an example of such
ments and also provisions the available resources tokens [69]. Amazon’s Lambda currently implemented
of nodes in an online manner. The aforementioned such a scheme that uses a bearer token authentication
tasks of packing, scheduling and caching are also the strategy to determine the caller’s identity [70]. However,
responsibility of the provider’s management system if the request is sent through an unsecured channel,
which are done in collaboration with the computing the attacker could simply extract the token and reuse
nodes. it in another application. Using SSL/TLS protocols, this
• Execution: Although the execution takes place inside type of attacks could be encountered. However, there
the nodes, PMS closely monitors the execution of are cases in which these sophisticated public-key based
functions to detect errors and malfunctions. It gath- protocols are beyond the capabilities of the application’s
ers the execution log to analyze the footprints and hardware. Very low power IoT devices are an example
thus improve future invocations. of such hardware. Secure energy-efficient protocols for
There are two approaches to attain a management sys- authentication in such devices should be introduced.
tem for serverless providers; centralized or distributed. Serverless services are also susceptible to replay at-
While the centralized approach is more trivial and more tacks. In these types of attacks the attacker doesn’t know
efficient, it may experience extreme loads and it could about the content of the message being transmitted, how-
become the single point of failure. Distributed monitor- ever, they are interested in the effect of transmitting the
ing on the other hand is complex. message. So, the attacker captures the secured function
In order for the PMS to be able to handle its respon- execution request and replays it to sabotage the normal
sibilities, manage resources and optimize the services, it operation of the system. An example of such attack is to
should have an online view of the entire system. There replay a logout request indefinitely to prevent users from
 11

accessing their desired service. To remedy these types of the attacker may inject fake dependencies to other data
attacks, a challenge-response protocol must be adopted sources to prevent the function from being shipped near
for serverless services. the data source which imposes a heavy traffic inside the
There is also the issue of authorization for functions. network of the provider.
That is, which functions can invoke which functions.
This is basically different from application-level authen- 5.10.4 Privacy Issues
tication that we mentioned earlier. Here we authorize a
function to call another function i.e., function-level au- There are many privacy-intensive applications for
thorization. Lacking a proper authorization scheme can serverless services specially in the area of IoTs. For
actually pose severe threats to the applications security. example, in a health-care application that gathers pa-
Recall that one of the advantages of serverless services, tients’ data and then processes the data to infer certain
that we mentioned, is the ability to purchase off-the-shelf conclusions, the privacy of the users is essential. The
functions. Without authorization schemes, functions can intent of the attacker here is not to alter the normal
be used without the consent of the application owner. operation of the system as opposed to security attacks.
A proper mechanism should be introduced to handle Rather, they attempt to deduce knowledge about a user
function-level authorization. or a group of users, using a minimal set of gathered
information. For example, an attacker may be interested
5.10.2 Common Execution Environments in answering the question whether a user has a heart
In the wake of Meltdown [71] and Spectre [72] attacks, condition or not.
the vulnerability of applications against common execu- There are many contextual data that an attacker
tion environments has become one of the main security could gather to infer knowledge about the victim. These
concerns. This issue is particularly severe in serverless are especially attainable when the network only uses
environments since many functions from various owners application-layer security protocols. Here, we list some
are being executed in a shared execution environment. of these contextual data that can reveal sensitive in-
On one hand, research studies should focus on provid- formation about the victim, along with their respective
ing isolation strategies to overcome vulnerabilities, and examples:
on the other hand, methods for detection of malicious • Which function is revoked. For example in a server-
activities of functions must be investigated. less surveillance system, if the function gate-opened
To counter these type of attacks, a lightweight and is called. The attacker, can deduce that someone has
high performance JavaScript engine is presented in [73] entered.
that utilizes Intel’s SGX enclaves to secure the execution • The sequence of function revocation, e.g., in a
environments. health-care monitoring system, a sequence of func-
tions that are being revoked could reveal some kind
5.10.3 Resource Exhaustion Attacks of health condition in the patient.
The main focus of the attacker in these types of attacks • At which time/location a function is revoked. For
is to over-utilize the resources of the victim to either example, in an online retail store, it could reveal
disrupt the service or impose excessive financial loads. the vicinity in which a product is popular, which is
The victim in this type of attack can be both the ser- interesting for the store’s competitors.
vice provider or the customer. An attacker may tamper • The rate of function revocation. In our previous
with the application to send fraudulent requests to the example i.e., surveillance system, this could reveal
provider. Although, the auto-scaling nature of serverless sensitive data about the traffic at the gates.
services can handle these situations, however, the load Comprehensive anonymity and disguise methods must
may go beyond the SLA with the provider and thus the be introduced for serverless services to prevent the
provider may deny further requests or at least it can breach of users’ privacy.
impose heavy financial load to the application owner
which is in the interest of its competitors. Monitoring
approaches must be introduced for serverless providers 6 C ONCLUSION
to detect and mitigate these types of attacks
Resource exhaustion attack can also be established In this paper various new opportunities and potentials
against the provider itself. These types of attacks would that serverless computing offers were discussed. We
be particularly destructive for small to medium sized surveyed some of the new opportunities that the vast
providers. In this scenario, the attacker is familiar with adoption of this computing model will present. Then, we
the internal mechanisms of the provider or they can surveyed the challenges that prevent utilizing the great
exploit it by studying the system’s behavior. Using the potentials of serverless services. We discussed possible
knowledge, the attacker could launch a series of attacks solutions to remedy those challenges. We also believe
that disrupt normal operation of the system by inten- that by elaborating on the challenges, in a near future,
tionally preventing any optimization effort. For example, serverless computing will indeed become the face of
by knowing the packing strategy used by the provider, cloud computing as predicted in [6].
 12

R EFERENCES [25] R. Chard, T. J. Skluzacek, Z. Li, Y. Babuji, A. Woodard, B. Blaiszik,

S. Tuecke, I. Foster, and K. Chard, “Serverless supercomputing:
[1] “Amazon lambda,” https://aws.amazon.com/lambda/, High performance function as a service for science,” arXiv preprint
accessed: 2019-10-7. arXiv:1908.04907, 2019.
[2] “Cloud functions,” https://cloud.google.com/functions/, ac- [26] V. Shankar, K. Krauth, Q. Pu, E. Jonas, S. Venkataraman, I. Stoica,
cessed: 2019-10-7. B. Recht, and J. Ragan-Kelley, “numpywren: serverless linear
[3] “Azure functions,” https://azure.microsoft.com/en- algebra,” arXiv preprint arXiv:1810.09679, 2018.
us/services/functions/, accessed: 2019-10-7. [27] S. Werner, J. Kuhlenkamp, M. Klems, J. Müller, and S. Tai,
[4] “Openwhisk,” https://openwhisk.apache.org/, accessed: 2019- “Serverless big data processing using matrix multiplication as
10-7. example,” in 2018 IEEE International Conference on Big Data (Big
[5] J. M. Hellerstein, J. Faleiro, J. E. Gonzalez, J. Schleier-Smith, Data). IEEE, 2018, pp. 358–365.
V. Sreekanti, A. Tumanov, and C. Wu, “Serverless computing: One
[28] A. Aytekin and M. Johansson, “Harnessing the power of
step forward, two steps back,” arXiv preprint arXiv:1812.03651,
serverless runtimes for large-scale optimization,” arXiv preprint
2018.
arXiv:1901.03161, 2019.
[6] E. Jonas, J. Schleier-Smith, V. Sreekanti, C.-C. Tsai, A. Khandelwal,
Q. Pu, V. Shankar, J. Carreira, K. Krauth, N. Yadwadkar et al., [29] M. Malawski, “Towards serverless execution of scientific
“Cloud programming simplified: a berkeley view on serverless workflows-hyperflow case study.” in Works@ Sc, 2016, pp. 25–33.
computing,” arXiv preprint arXiv:1902.03383, 2019. [30] B. D. Lee, M. A. Timony, and P. Ruiz, “A serverless web tool for
[7] G. Adzic and R. Chatley, “Serverless computing: economic and dna sequence visualization,” Nucleic acids research, 2019.
architectural impact,” in Proceedings of the 2017 11th Joint Meeting [31] L.-H. Hung, D. Kumanov, X. Niu, W. Lloyd, and K. Y. Yeung,
on Foundations of Software Engineering. ACM, 2017, pp. 884–889. “Rapid rna sequencing data analysis using serverless computing,”
[8] A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, bioRxiv, p. 576199, 2019.
D. Patterson, A. Rabkin, and I. Stoica, “Above the clouds: A [32] D. Kumanov, L.-H. Hung, W. Lloyd, and K. Y. Yeung, “Serverless
berkeley view of cloud computing,” Dept. Electrical Eng. and computing provides on-demand high performance computing for
Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, biomedical research,” arXiv preprint arXiv:1807.11659, 2018.
vol. 28, no. 13, p. 2009, 2009. [33] J. Carreira, P. Fonseca, A. Tumanov, A. Zhang, and R. Katz, “A
[9] “Heroku,” https://heroku.com/, accessed: 2019-10-7. case for serverless machine learning,” in Workshop on Systems for
[10] “Google play store,” https://play.google.com, accessed: 2019-11- ML and Open Source Software at NeurIPS, vol. 2018, 2018.
7. [34] V. Ishakian, V. Muthusamy, and A. Slominski, “Serving deep
[11] “Apple app store,” https://www.apple.com/ios/app-store/, ac- learning models in a serverless platform,” in 2018 IEEE Interna-
cessed: 2019-11-7. tional Conference on Cloud Engineering (IC2E). IEEE, 2018, pp.
[12] M. Coblenz, J. Sunshine, J. Aldrich, B. Myers, S. Weber, and 257–262.
F. Shull, “Exploring language support for immutability,” in Pro- [35] L. Feng, P. Kudva, D. Da Silva, and J. Hu, “Exploring serverless
ceedings of the 38th International Conference on Software Engineering. computing for neural network training,” in 2018 IEEE 11th Inter-
ACM, 2016, pp. 736–747. national Conference on Cloud Computing (CLOUD). IEEE, 2018, pp.
[13] I. Perez, M. Bärenz, and H. Nilsson, “Functional reactive pro- 334–341.
gramming, refactored,” ACM SIGPLAN Notices, vol. 51, no. 12, [36] Z. Tu, M. Li, and J. Lin, “Pay-per-request deployment of neural
pp. 33–44, 2018. network models using serverless architectures,” in Proceedings of
[14] M. Yan, P. Castro, P. Cheng, and V. Ishakian, “Building a chatbot the 2018 Conference of the North American Chapter of the Association
with serverless computing,” in Proceedings of the 1st International for Computational Linguistics: Demonstrations, 2018, pp. 6–10.
Workshop on Mashups of Things and APIs. ACM, 2016, p. 5. [37] L. Ao, L. Izhikevich, G. M. Voelker, and G. Porter, “Sprocket: A
[15] P. Saint-Andre, “Serverless messaging,” 2018. serverless video processing framework,” in Proceedings of the ACM
[16] S. Anand, A. Johnson, P. Mathikshara, and R. Karthik, “Real-time Symposium on Cloud Computing. ACM, 2018, pp. 263–274.
gps tracking using serverless architecture and arm processor,” [38] M. Zhang, Y. Zhu, C. Zhang, and J. Liu, “Video processing with
in 2019 11th International Conference on Communication Systems & serverless computing: a measurement study,” in Proceedings of the
Networks (COMSNETS). IEEE, 2019, pp. 541–543. 29th ACM Workshop on Network and Operating Systems Support for
[17] ——, “Low power real time gps tracking enabled with rtos and Digital Audio and Video. ACM, 2019, pp. 61–66.
serverless architecture,” in 2019 IEEE 4th International Conference [39] N. Bila, P. Dettori, A. Kanso, Y. Watanabe, and A. Youssef, “Lever-
on Computer and Communication Systems (ICCCS). IEEE, 2019, pp. aging the serverless architecture for securing linux containers,” in
618–623. 2017 IEEE 37th International Conference on Distributed Computing
[18] S. Nastic, T. Rausch, O. Scekic, S. Dustdar, M. Gusev, B. Koteska, Systems Workshops (ICDCSW). IEEE, 2017, pp. 401–404.
M. Kostoska, B. Jakimovski, S. Ristov, and R. Prodan, “A server-
[40] J. Naglieri, “Streamalert: A serverless, real-time intrusion detec-
less real-time data analytics platform for edge computing,” IEEE
tion engine,” 2017.
Internet Computing, vol. 21, no. 4, pp. 64–71, 2017.
[19] E. Al-Masri, I. Diabate, R. Jain, M. H. L. Lam, and S. R. Nathala, [41] N. L. Fonseka and A. Pansari, “System and method for automat-
“A serverless iot architecture for smart waste management sys- ically securing sensitive data in public cloud using a serverless
tems,” in 2018 IEEE International Conference on Industrial Internet architecture,” Mar. 26 2019, uS Patent 10,242,221.
(ICII). IEEE, 2018, pp. 179–180. [42] D. Wu, B. Fang, J. Yin, F. Zhang, and X. Cui, “Slbot: A serverless
[20] X. Geng, O. Ma, Y. Pei, Z. Xu, W. Zeng, and J. Zou, “Research botnet based on service flux,” in 2018 IEEE Third International
on early warning system of power network overloading under Conference on Data Science in Cyberspace (DSC). IEEE, 2018, pp.
serverless architecture,” in 2018 2nd IEEE Conference on Energy 181–188.
Internet and Energy System Integration (EI2). IEEE, 2018, pp. 1–6. [43] B. Cheng, J. Fuerst, G. Solmaz, and T. Sanada, “Fog function:
[21] R. F. Hussain, M. A. Salehi, and O. Semiari, “Serverless edge Serverless fog computing for data intensive iot services,” in 2019
computing for green oil and gas industry,” arXiv preprint IEEE International Conference on Services Computing (SCC). IEEE,
arXiv:1905.04460, 2019. 2019, pp. 28–35.
[22] J. Franz, T. Nagasuri, A. Wartman, A. V. Ventrella, and F. Esposito, [44] L. F. Herrera-Quintero, J. C. Vega-Alfonso, K. B. A. Banse, and
“Reunifying families after a disaster via serverless computing and E. C. Zambrano, “Smart its sensor for the transportation planning
raspberry pis,” in 2018 IEEE International Symposium on Local and based on iot approaches using serverless and microservices archi-
Metropolitan Area Networks (LANMAN). IEEE, 2018, pp. 131–132. tecture,” IEEE Intelligent Transportation Systems Magazine, vol. 10,
[23] K. Coleman, F. Esposito, and R. Charney, “Speeding up children no. 2, pp. 17–27, 2018.
reunification in disaster scenarios via serverless computing,” in [45] G. Regan, “A serverless architecture for wireless body area
Proceedings of the 2nd International Workshop on Serverless Comput- network applications,” in Model-Based Safety and Assessment: 6th
ing. ACM, 2017, pp. 5–5. International Symposium, IMBSA 2019, Thessaloniki, Greece, October
[24] J. Spillner, C. Mateos, and D. A. Monge, “Faaster, better, cheaper: 16–18, 2019, Proceedings. Springer Nature, 2019, p. 239.
The prospect of serverless scientific computing and hpc,” in Latin [46] P. Persson and O. Angelsmark, “Kappa: serverless iot deploy-
American High Performance Computing Conference. Springer, 2017, ment,” in Proceedings of the 2nd International Workshop on Serverless
pp. 154–168. Computing. ACM, 2017, pp. 16–21.
 13

[47] G. C. Fox, V. Ishakian, V. Muthusamy, and A. Slominski, “Status of [69] M. Jones, P. Tarjan, Y. Goland, N. Sakimura, J. Bradley, J. Panzer,
serverless computing and function-as-a-service (faas) in industry and D. Balfanz, “Json web token (jwt),” 2012.
and research,” arXiv preprint arXiv:1708.08028, 2017. [70] “Lambda authorizer,” https://docs.aws.amazon.com/apigateway,
[48] I. Baldini, P. Castro, K. Chang, P. Cheng, S. Fink, V. Ishakian, accessed: 2019-10-7.
N. Mitchell, V. Muthusamy, R. Rabbah, A. Slominski et al., [71] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard,
“Serverless computing: Current trends and open problems,” in P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, “Meltdown,”
Research Advances in Cloud Computing. Springer, 2017, pp. 1–20. arXiv preprint arXiv:1801.01207, 2018.
[49] G. McGrath and P. R. Brenner, “Serverless computing: Design, [72] P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp,
implementation, and performance,” in 2017 IEEE 37th International S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, “Spec-
Conference on Distributed Computing Systems Workshops (ICDCSW). tre attacks: Exploiting speculative execution,” arXiv preprint
IEEE, 2017, pp. 405–410. arXiv:1801.01203, 2018.
[50] W. Lloyd, S. Ramesh, S. Chinthalapati, L. Ly, and S. Pallickara, [73] S. Brenner and R. Kapitza, “Trust more, serverless,” in Proceedings
“Serverless computing: An investigation of factors influencing of the 12th ACM International Conference on Systems and Storage.
microservice performance,” in 2018 IEEE International Conference ACM, 2019, pp. 33–43.
on Cloud Engineering (IC2E). IEEE, 2018, pp. 159–169.
[51] M. Shahrad, J. Balkind, and D. Wentzlaff, “Architectural impli-
cations of function-as-a-service computing,” in Proceedings of the
52nd Annual IEEE/ACM International Symposium on Microarchitec-
ture. ACM, 2019, pp. 1063–1075.
[52] A. Pérez, G. Moltó, M. Caballer, and A. Calatrava, “A pro-
gramming model and middleware for high throughput serverless
computing applications,” in Proceedings of the 34th ACM/SIGAPP
Symposium on Applied Computing. ACM, 2019, pp. 106–113.
[53] M. Gabbrielli, S. Giallorenzo, I. Lanese, F. Montesi, M. Peressotti,
and S. P. Zingaro, “No more, no less-a formal model for serverless
computing,” arXiv preprint arXiv:1903.07962, 2019.
[54] S. Winzinger and G. Wirtz, “Model-based analysis of serverless
applications,” in Proceedings of the 11th International Workshop on
Modelling in Software Engineerings. IEEE Press, 2019, pp. 82–88.
[55] J. Manner, S. Kolb, and G. Wirtz, “Troubleshooting serverless
functions: a combined monitoring and debugging approach,”
SICS Software-Intensive Cyber-Physical Systems, vol. 34, no. 2-3, pp.
99–104, 2019.
[56] S. Winzinger and G. Wirtz, “Coverage criteria for integration
testing of serverless applications.”
[57] Y. Gan, Y. Zhang, D. Cheng, A. Shetty, P. Rathi, N. Katarki,
A. Bruno, J. Hu, B. Ritchken, B. Jackson, K. Hu, M. Pancholi,
B. Clancy, C. Colen, F. Wen, C. Leung, S. Wang, L. Zaruvin-
sky, M. Espinosa, Y. He, and C. Delimitrou, “An Open-Source
Benchmark Suite for Microservices and Their Hardware-Software
Implications for Cloud and Edge Systems,” in Proceedings of the
Twenty Fourth International Conference on Architectural Support for
Programming Languages and Operating Systems (ASPLOS), April
2019.
[58] M. Al-Roomi, S. Al-Ebrahim, S. Buqrais, and I. Ahmad, “Cloud
computing pricing models: a survey,” International Journal of Grid
and Distributed Computing, vol. 6, no. 5, pp. 93–106, 2013.
[59] P. Li, H. Wang, and B. Zhang, “A distributed online pricing
strategy for demand response programs,” IEEE Transactions on
Smart Grid, vol. 10, no. 1, pp. 350–360, 2017.
[60] A. Singhvi, K. Houck, A. Balasubramanian, M. D. Shaikh,
S. Venkataraman, and A. Akella, “Archipelago: A scalable low-
latency serverless platform,” arXiv preprint arXiv:1911.09849, 2019.
[61] K. Kaffes, N. J. Yadwadkar, and C. Kozyrakis, “Centralized core-
granular scheduling for serverless functions,” in Proceedings of the
ACM Symposium on Cloud Computing. ACM, 2019, pp. 158–164.
[62] D. Patel, F. Khasib, I. Sadooghi, and I. Raicu, “Towards in-
order and exactly-once delivery using hierarchical distributed
message queues,” in 2014 14th IEEE/ACM International Symposium
on Cluster, Cloud and Grid Computing. IEEE, 2014, pp. 883–892.
[63] N. Garg, Apache Kafka. Packt Publishing Ltd, 2013.
[64] “Amazon kinesis data streams,”
https://aws.amazon.com/kinesis/data-streams/, accessed:
2019-10-7.
[65] “Facebook,” https://facebook.com, accessed: 2019-10-7.
[66] S. Hendrickson, S. Sturdevant, T. Harter, V. Venkataramani, A. C.
Arpaci-Dusseau, and R. H. Arpaci-Dusseau, “Serverless computa-
tion with openlambda,” in 8th {USENIX} Workshop on Hot Topics
in Cloud Computing (HotCloud 16), 2016.
[67] D. Arteaga, J. Cabrera, J. Xu, S. Sundararaman, and M. Zhao,
“Cloudcache: On-demand flash cache management for cloud
computing,” in 14th {USENIX} Conference on File and Storage
Technologies ({FAST} 16), 2016, pp. 355–369.
[68] L. M. Vaquero, L. Rodero-Merino, and R. Buyya, “Dynamically
scaling applications in the cloud,” ACM SIGCOMM Computer
Communication Review, vol. 41, no. 1, pp. 45–52, 2011.