Bit of a Close Talker: A Practical Guide to Serverless Cloud Co-Location Attacks

TL;DR

This work analyzes serverless cloud schedulers as a security surface for co location and microarchitectural attacks. It introduces a universal scheduler fingerprinting approach to reveal exploitable locality and auto scaling features, and then constructs targeted co location attacks across Open source platforms and Azure Functions. The authors demonstrate feasibility through simulations, a 50 node CloudLab deployment, and a Microsoft Azure case study, and propose Double Dip as a practical mitigation that preserves performance while reducing cross tenant overlap. The study highlights fundamental security tradeoffs in scheduler design and motivates hybrid approaches that blend locality with randomness and user isolation to fortify serverless environments.

Abstract

Serverless computing has revolutionized cloud computing by offering users an efficient, cost-effective way to develop and deploy applications without managing infrastructure details. However, serverless cloud users remain vulnerable to various types of attacks, including micro-architectural side-channel attacks. These attacks typically rely on the physical co-location of victim and attacker instances, and attackers need to exploit cloud schedulers to achieve co-location with victims. Therefore, it is crucial to study vulnerabilities in serverless cloud schedulers and assess the security of different serverless scheduling algorithms. This study addresses the gap in understanding and constructing co-location attacks in serverless clouds. We present a comprehensive methodology to uncover exploitable features in serverless scheduling algorithms and to devise strategies for constructing co-location attacks via normal user interfaces. In our experiments, we successfully reveal exploitable vulnerabilities and achieve instance co-location on prevalent open-source infrastructures and Microsoft Azure Functions. We also present a mitigation strategy, the Double-Dip scheduler, to defend against co-location attacks in serverless clouds. Our work highlights critical areas for security enhancements in current cloud schedulers, offering insights to fortify serverless computing environments against potential co-location attacks.

Figures (13)

• Figure 1: Diagram of the overall attack flow.
• Figure 2: The scheduler fingerprinting process.
• Figure 3: Architecture of our serverless system simulator.
• Figure 4: Collected traces.
• Figure 5: Diagrams of the AE and PA calculation process. Each sub-diagram is a state machine, and we show the involved states and state transition conditions. To calculate AE and PA, we scan the collected log files and count the number of state transitions marked in red, orange, and pink. These counts represent the number of attack instance placements, the number of times co-location happens, and the number of victim instance placements, respectively.