Sharing is *Not* Caring: Serverless Co-Location Attacks and How to Stop Them

by

Author: Denis Avetisyan

New research reveals how attackers can manipulate serverless cloud schedulers to run their code alongside targeted victims, potentially exposing sensitive data.

The study demonstrates that vulnerabilities in cloud infrastructure, specifically within Azure, permit co-location attacks-a compromise which suggests that even robust systems are subject to the inevitable erosion of security boundaries over time.
The study demonstrates that vulnerabilities in cloud infrastructure, specifically within Azure, permit co-location attacks-a compromise which suggests that even robust systems are subject to the inevitable erosion of security boundaries over time.

This paper demonstrates vulnerabilities in serverless schedulers and proposes a ‘Double-Dip’ algorithm to enhance resource isolation and mitigate co-location attacks.

While serverless computing promises efficient and cost-effective cloud applications, inherent vulnerabilities in underlying scheduling algorithms present a significant security risk. This paper, ‘Bit of a Close Talker: A Practical Guide to Serverless Cloud Co-Location Attacks’, details a methodology for exploiting these weaknesses to achieve instance co-location – positioning an attacker’s code alongside a victim’s. We demonstrate successful co-location attacks on prevalent open-source infrastructures and Microsoft Azure Functions, revealing exploitable features in serverless schedulers and proposing a ‘Double-Dip’ scheduling algorithm for mitigation. Can improved resource isolation and scheduler design effectively fortify serverless environments against these increasingly viable side-channel threats?

The Evolving Landscape of Serverless Architecture

The increasing popularity of serverless functions stems from their capacity to deliver remarkable scalability and cost efficiency, fundamentally altering application deployment strategies. By abstracting away server management, developers can focus solely on code, enabling applications to automatically scale in response to fluctuating demand – a feat traditionally requiring significant operational overhead. This pay-per-use model ensures resources are only consumed during actual execution, drastically reducing costs associated with idle server capacity. Consequently, organizations are increasingly adopting serverless architectures for a diverse range of applications, from simple event-driven tasks to complex data processing pipelines, driven by the promise of reduced operational burdens and optimized resource allocation. This shift represents a significant move towards more agile and cost-effective cloud computing paradigms.

Realizing the full potential of serverless computing hinges on effective cloud scheduling, yet this presents unique difficulties stemming from the inherent dynamism of serverless workloads. Unlike traditional applications with predictable resource needs, serverless functions experience fluctuating demands, triggered by diverse and often unpredictable events. This necessitates scheduling algorithms capable of rapidly adapting to changing conditions, efficiently allocating resources, and minimizing latency – a task complicated by the ephemeral nature of function instances. Successfully managing this variability requires moving beyond static scheduling approaches to embrace intelligent systems that can forecast demand, prioritize functions, and optimize resource allocation in real-time, ensuring both cost efficiency and a consistently responsive user experience.

Conventional scheduling algorithms, designed for persistent virtual machines or physical servers, falter when applied to the ephemeral nature of serverless functions. These algorithms typically prioritize maintaining a consistent level of resource allocation, which leads to significant overhead in the highly variable serverless landscape. The frequent scaling up and down of functions, driven by fluctuating demand, creates a mismatch between pre-allocated resources and actual needs, resulting in both wasted capacity and performance bottlenecks. Traditional methods struggle to predict the duration of function invocations or anticipate bursts of traffic, hindering their ability to efficiently multiplex requests across available resources. Consequently, optimizing for both high resource utilization and consistently low latency proves exceedingly difficult, necessitating the development of novel scheduling strategies specifically tailored to the unique characteristics of serverless computing.

Our serverless system simulator utilizes a modular architecture to efficiently model and analyze serverless application behavior.
Our serverless system simulator utilizes a modular architecture to efficiently model and analyze serverless application behavior.

The Shadow of Co-Location: Security Considerations

Co-location attacks in serverless computing represent a substantial security risk stemming from the multi-tenant nature of the infrastructure. Serverless platforms utilize virtualization to share underlying physical hardware amongst numerous customers, creating an environment where an attacker can intentionally provision functions on the same physical host as a target victim. This proximity enables the attacker to potentially interfere with the victim’s processes or extract data through various side-channel techniques. The feasibility of successfully executing co-location attacks is directly related to the serverless platform’s scheduling policies and the degree of isolation provided between functions sharing the same physical resources. Without robust preventative measures, attackers can leverage resource contention and shared hardware components to compromise the confidentiality and integrity of victim functions.

Side-channel attacks leverage information unintentionally leaked during the execution of a function to infer sensitive data. These attacks do not target vulnerabilities in the code itself, but rather characteristics of the underlying hardware and execution environment. Common side channels in serverless contexts include timing variations, cache contention, and electromagnetic emissions. Attackers can monitor these signals from co-located functions-those sharing the same physical hardware-to deduce cryptographic keys, data structures, or other confidential information. The success of these attacks relies on statistical analysis of the observed signals, correlating them with the operations performed by the target function. Mitigation strategies often involve introducing noise or randomization to obscure the side-channel signals, or employing techniques like constant-time programming to minimize information leakage.

Mitigation of co-location attacks in serverless environments requires proactive scheduling algorithms that minimize the probability of functions from different users or trust levels executing on the same physical hardware. Our experimental results demonstrate the feasibility of extracting sensitive data via side-channel attacks when co-location occurs, validating the need for such preventative measures. Effective scheduling must consider factors beyond simple resource allocation, including isolation guarantees and the potential for cross-function interference. Specifically, algorithms should prioritize diversifying function placement across physical machines, even at the cost of increased resource utilization, to reduce the attack surface and maintain data confidentiality. This necessitates cloud providers implementing and exposing controls for function placement, allowing users to enforce isolation where necessary.

The co-location attack demonstrates vulnerabilities in both Double-Dip and Helper systems.
The co-location attack demonstrates vulnerabilities in both Double-Dip and Helper systems.

Double-Dip Scheduling: A Harmonious Allocation

The Double-Dip Scheduler is a scheduling algorithm specifically designed for serverless cloud environments. It addresses resource allocation by simultaneously considering two primary constraints: user separation and resource limitations. Traditional serverless scheduling often prioritizes resource optimization without explicitly accounting for the security implications of co-locating functions from different users. This algorithm differs by incorporating user isolation as a core component of the scheduling process, alongside typical resource demands such as CPU, memory, and network bandwidth. By actively managing these dual constraints, the Double-Dip Scheduler aims to provide a more secure and efficient allocation of serverless resources, preventing potential malicious interactions while maintaining optimal resource utilization.

The Double-Dip Scheduler reduces the probability of malicious co-location by analyzing function dependencies and available resource constraints during the allocation process. This analysis identifies potential vulnerabilities where a malicious function could exploit shared resources or interfere with legitimate functions. By factoring in these dependencies, the scheduler avoids placing functions with conflicting security profiles or resource needs on the same compute instance. Testing demonstrates a measurable decrease in co-location success rates for attacks attempting to exploit shared resources, compared to scheduling methods that do not account for these factors.

Traditional serverless cloud scheduling prioritizes resource optimization and latency, often neglecting security implications. The Double-Dip Scheduler diverges by integrating security considerations – specifically, minimizing the probability of malicious function co-location – directly into the resource allocation process. Benchmarks demonstrate a substantial reduction in successful co-location attacks compared to both purely random scheduling and algorithms that exploit locality features for performance gains. This is achieved by analyzing function dependencies and resource constraints to proactively prevent the assignment of potentially adversarial functions to the same execution environment, resulting in a demonstrable improvement in platform security.

The scheduler fingerprinting process characterizes a scheduler's behavior to identify potential performance issues or biases.
The scheduler fingerprinting process characterizes a scheduler’s behavior to identify potential performance issues or biases.

Optimizing the System: Locality and Consistency

Invocation locality represents a crucial optimization for serverless computing, directly addressing the notorious “cold start” latency. When a function is invoked after a period of inactivity, the system must provision resources – a process that introduces delay. This technique intelligently routes subsequent invocations of the same function to the host where it previously ran, leveraging any lingering warm resources. By strategically maintaining function state on a specific host, the system bypasses the need for repeated provisioning, drastically reducing latency and improving overall performance. This is particularly impactful for frequently accessed functions, turning potential delays into near-instantaneous responses and enhancing the user experience.

Package locality significantly enhances serverless application efficiency by intelligently grouping functions that share common dependencies during scheduling. This approach minimizes the overhead associated with repeatedly loading the same packages across different function invocations. Instead of each function independently acquiring its required packages, a system leveraging package locality strategically places functions with overlapping dependencies on the same execution environment. This shared environment reduces cold start times, lowers resource consumption, and improves overall throughput. By minimizing redundant package loading, package locality not only accelerates function execution but also contributes to a more sustainable and cost-effective serverless architecture, particularly in scenarios involving numerous interdependent functions.

Consistent hashing emerges as a critical technique for managing the dynamic nature of serverless cloud scheduling. Unlike traditional hashing methods that require complete remapping when servers are added or removed, consistent hashing minimizes disruption by intelligently distributing function executions across a cluster. This is achieved by mapping both functions and servers to points on a circular hash ring; a function is then assigned to the next available server in a clockwise direction. Consequently, only a minimal number of functions need to be remapped when the cluster scales, dramatically reducing latency and maintaining high availability. The system’s inherent fault tolerance ensures that if a server fails, only the functions assigned to that specific server are redistributed, preserving overall system performance and preventing widespread disruption – a key advantage in the rapidly fluctuating environment of serverless computing.

Analysis of Azure Functions reveals distinct fingerprinting traces, enabling identification and characterization of function executions.
Analysis of Azure Functions reveals distinct fingerprinting traces, enabling identification and characterization of function executions.

Serverless in Practice and Future Trajectories

Azure Functions capitalizes on Serverless Cloud Scheduling to deliver a computing platform distinguished by both scalability and cost-efficiency. This approach dynamically allocates resources only when functions are actively executing, eliminating the expenses associated with maintaining idle servers. The system intelligently distributes workloads across a vast, shared infrastructure, automatically scaling to accommodate fluctuating demand – from a few concurrent requests to thousands. By abstracting away server management, developers can concentrate solely on code, while the platform handles provisioning, scaling, and maintenance. This pay-per-execution model translates into significant cost savings, particularly for applications with intermittent or unpredictable traffic patterns, making Azure Functions a compelling option for modern application development and deployment.

Server fingerprinting, utilizing the Time-Stamp Counter (TSC), presents a novel approach to bolstering security within serverless environments. This technique moves beyond traditional virtual machine isolation by offering insights into the physical server actually executing a function. By analyzing subtle variations in the TSC, a unique identifier for each physical core can be established, revealing if multiple functions from the same tenant are unexpectedly co-located on the same hardware – a potential indicator of malicious activity or resource contention. This granular level of visibility allows for proactive mitigation of security risks and improved resource management, supplementing existing security measures by verifying the integrity of the underlying physical infrastructure and enhancing trust in the serverless platform.

Ongoing development in serverless computing necessitates scheduling algorithms capable of responding to fluctuating demands and evolving security landscapes. Researchers are increasingly focused on designs that move beyond static allocation, aiming for dynamic adjustments to workload distribution and resource provisioning. This adaptive approach seeks to optimize both performance and resilience, building upon the efficiency demonstrated by the Helper scheduler – a benchmark evidenced by strong Warm-Start Ratio results. Future work will likely investigate techniques that intelligently balance responsiveness to changing conditions with the need to maintain consistently low latency and high throughput, ultimately creating serverless platforms that are not only scalable and cost-effective but also proactively secure and robust against emerging threats.

Analysis of Azure Functions reveals distinct fingerprinting traces, enabling identification and characterization of function executions.
Analysis of Azure Functions reveals distinct fingerprinting traces, enabling identification and characterization of function executions.

The exploration of scheduler vulnerabilities, as detailed in this work, underscores a fundamental truth about all complex systems: entropy is inevitable. This research demonstrates how even seemingly isolated serverless functions are susceptible to co-location attacks, revealing the fragility inherent in resource allocation. It’s a reminder that time-the continuous operation of the scheduler-exposes weaknesses. As John McCarthy observed, “The best way to predict the future is to invent it.” This paper doesn’t simply identify a risk; it actively proposes a ‘Double-Dip’ algorithm – an invention designed to reshape the future of serverless security by proactively addressing the temporal vulnerabilities exposed through scheduler fingerprinting and resource contention.

What’s Next?

The demonstrated vulnerabilities in serverless scheduler design aren’t surprising; every abstraction introduces a new surface for entropy to act upon. This work highlights that resource isolation, even within ostensibly stateless compute environments, remains fundamentally a question of degree, not absolutes. The ‘Double-Dip’ algorithm offers a tactical improvement, a temporary reprieve, but it’s crucial to acknowledge that any simplification-any attempt to neatly categorize and allocate resources-inevitably accrues a future cost. Improved scheduling is not a final solution, merely a refinement of the boundaries.

The challenge now extends beyond algorithmic fixes. A deeper investigation into the very architecture of serverless platforms is required. Scheduler fingerprinting, as demonstrated, reveals inherent predictability. Future research should explore truly randomized scheduling, accepting the increased overhead as a necessary trade-off. However, randomness itself is a fragile defense; the system’s memory-its accumulated technical debt-will inevitably reveal patterns if observed long enough.

Ultimately, the pursuit of perfect isolation is a Sisyphean task. The relevant question isn’t whether these systems will fail, but how they will fail, and whether the degradation is graceful. The focus should shift from preventing all side-channel leakage to building systems resilient enough to tolerate a certain degree of information exposure, acknowledging that the medium of time will always erode the illusion of complete separation.

Original article: https://arxiv.org/pdf/2512.10361.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2025-12-13 10:19