Everywhere All at Once: Co-Location Attacks on Public Cloud FaaS

Zirui Neil Zhao, Adam Morrison, Christopher W. Fletcher, Josep Torrellas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Microarchitectural side-channel attacks exploit shared hardware resources, posing significant threats to modern systems. A pivotal step in these attacks is achieving physical host co-location between attacker and victim. This step is especially challenging in public cloud environments due to the widespread adoption of the virtual private cloud (VPC) and the ever-growing size of the data centers. Furthermore, the shift towards Function-as-a-Service (FaaS) environments, characterized by dynamic function instance placements and limited control for attackers, compounds this challenge.In this paper, we present the first comprehensive study on risks of and techniques for co-location attacks in public cloud FaaS environments. We develop two physical host fingerprinting techniques and propose a new, inexpensive methodology for large-scale instance co-location verification. Using these techniques, we analyze how Google Cloud Run places function instances on physical hosts and identify exploitable placement behaviors. Leveraging our findings, we devise an effective strategy for instance launching that achieves 100% probability of co-locating the attacker with at least one victim instance. Moreover, the attacker co-locates with 61% - 100% of victim instances in three major Cloud Run data centers.

Original languageEnglish (US)
Title of host publicationSpring Cycle
PublisherAssociation for Computing Machinery
Pages133-149
Number of pages17
ISBN (Electronic)9798400703720
DOIs
StatePublished - Apr 27 2024
Event29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024 - San Diego, United States
Duration: Apr 27 2024May 1 2024

Publication series

NameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
Volume1

Conference

Conference29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024
Country/TerritoryUnited States
CitySan Diego
Period4/27/245/1/24

Keywords

  • cloud computing
  • co-location vulnerability
  • function-as-a-service (FaaS)
  • timestamp counter

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Everywhere All at Once: Co-Location Attacks on Public Cloud FaaS'. Together they form a unique fingerprint.

Cite this