Abstract: Security for Serverless Systems is looked at from two perspectives, the server-level security managed by the infras-tructure company and the Application level Security managed by the tenants.The Trusted computing base for cloud systems is enormous as it encompasses all the functions running on a system. Authentication for systems is mostly done using ACL. Most Serverless Systems share data and thus, ACL isn’t sufficient. IFC using appropriate label design can enforce continuously through-out the application. IFC can be used to increase confidence between functions with other functions and cloud provider and also mitigate security vulnerabilities making the system safer. A survey of the present IFC implementations for Serverless Systems is presented and system designs which are relevant to Serverless Systems and could be added to Serverless Systems Architecture and, an idea of an IFC model that could be effectively applied in a decentralised model like serverless systems.
Keywords: Information flow control; serverless systems; lan-guage based security; cloud computing