Related papers: Bit of a Close Talker: A Practical Guide to Serverless Cloud Co-Location Attacks

Bit of a Close Talker: A Practical Guide to Serverless Cloud Co-Location Attacks

URL: http://arxiv.org/abs/2512.10361v2
Date: Thu, 18 Dec 2025 17:56:32 GMT
Title: Bit of a Close Talker: A Practical Guide to Serverless Cloud Co-Location Attacks
Authors: Wei Shao, Najmeh Nazari, Behnam Omidi, Setareh Rafatirad, Houman Homayoun, Khaled N. Khasawneh, Chongzhou Fang,
Abstract summary: Serverless computing has revolutionized cloud computing by offering users an efficient, cost-effective way to develop and deploy applications without managing infrastructure details.<n>Serverless cloud users remain vulnerable to various types of attacks, including micro-architectural side-channel attacks.<n>This study addresses the gap in understanding and constructing co-location attacks in serverless clouds.
Score: 9.93372713645485
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Serverless computing has revolutionized cloud computing by offering users an efficient, cost-effective way to develop and deploy applications without managing infrastructure details. However, serverless cloud users remain vulnerable to various types of attacks, including micro-architectural side-channel attacks. These attacks typically rely on the physical co-location of victim and attacker instances, and attackers need to exploit cloud schedulers to achieve co-location with victims. Therefore, it is crucial to study vulnerabilities in serverless cloud schedulers and assess the security of different serverless scheduling algorithms. This study addresses the gap in understanding and constructing co-location attacks in serverless clouds. We present a comprehensive methodology to uncover exploitable features in serverless scheduling algorithms and to devise strategies for constructing co-location attacks via normal user interfaces. In our experiments, we successfully reveal exploitable vulnerabilities and achieve instance co-location on prevalent open-source infrastructures and Microsoft Azure Functions. We also present a mitigation strategy, the Double-Dip scheduler, to defend against co-location attacks in serverless clouds. Our work highlights critical areas for security enhancements in current cloud schedulers, offering insights to fortify serverless computing environments against potential co-location attacks.

Related papers

Serverless AI Security: Attack Surface Analysis and Runtime Protection Mechanisms for FaaS-Based Machine Learning [0.0]
This paper presents the first comprehensive security analysis of machine learning workloads in serverless environments.<n>We characterize the attack surface across five categories: function-level vulnerabilities, model-specific threats, infrastructure attacks, supply chain risks, and IAM complexity.<n>We propose Serverless AI Shield (SAS), a multi-layered defense framework providing pre-deployment validation, runtime monitoring, and post-execution forensics.
arXiv Detail & Related papers (2026-01-15T23:32:37Z)
Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
arXiv Detail & Related papers (2025-09-19T04:10:52Z)
FaaSGuard: Secure CI/CD for Serverless Applications -- An OpenFaaS Case Study [6.537757894952025]
Serverless computing significantly alters software development by abstracting infrastructure management and enabling rapid, modular, event-driven deployments.<n>Despite its benefits, serverless functions pose unique security challenges, particularly in open-source platforms like OpenF.<n>Existing approaches typically address isolated phases of the DevSecOps lifecycle, lacking an integrated and comprehensive security strategy.<n>We propose FGuard, a unified DevSecOps pipeline explicitly designed for open-source serverless environments.
arXiv Detail & Related papers (2025-09-04T15:48:13Z)
Secure IAM on AWS with Multi-Account Strategy [0.0]
Small organizations often don't have enough human resources to design a secure architecture.<n>We suggest the multi-account strategy for securing the cloud architecture.
arXiv Detail & Related papers (2025-01-04T05:42:27Z)
Edge-Only Universal Adversarial Attacks in Distributed Learning [49.546479320670464]
In this work, we explore the feasibility of generating universal adversarial attacks when an attacker has access to the edge part of the model only. Our approach shows that adversaries can induce effective mispredictions in the unknown cloud part by leveraging key features on the edge side. Our results on ImageNet demonstrate strong attack transferability to the unknown cloud part.
arXiv Detail & Related papers (2024-11-15T11:06:24Z)
Detection of Compromised Functions in a Serverless Cloud Environment [24.312198733476063]
Serverless computing is an emerging cloud paradigm with serverless functions at its core. Existing security solutions do not apply to all serverless architectures. We present an extendable serverless security threat detection model.
arXiv Detail & Related papers (2024-08-05T17:14:35Z)
CloudLens: Modeling and Detecting Cloud Security Vulnerabilities [15.503757553097387]
Cloud computing services provide scalable and cost-effective solutions for data storage, processing, and collaboration.<n>Access control misconfigurations are often the primary driver for cloud attacks.<n>A planner generates attacks to identify such vulnerabilities in the cloud.
arXiv Detail & Related papers (2024-02-16T03:28:02Z)
Exploring Security Practices in Infrastructure as Code: An Empirical Study [54.669404064111795]
Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools. scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks. Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
arXiv Detail & Related papers (2023-08-07T23:43:32Z)
FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
arXiv Detail & Related papers (2023-07-18T08:00:41Z)
Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z)
A Privacy-Preserving Distributed Architecture for Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service. It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.