TY - GEN
T1 - Everywhere All at Once
T2 - 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2024
AU - Zhao, Zirui Neil
AU - Morrison, Adam
AU - Fletcher, Christopher W.
AU - Torrellas, Josep
N1 - Publisher Copyright:
© 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/4/27
Y1 - 2024/4/27
N2 - Microarchitectural side-channel attacks exploit shared hardware resources, posing significant threats to modern systems. A pivotal step in these attacks is achieving physical host co-location between attacker and victim. This step is especially challenging in public cloud environments due to the widespread adoption of the virtual private cloud (VPC) and the ever-growing size of the data centers. Furthermore, the shift towards Function-as-a-Service (FaaS) environments, characterized by dynamic function instance placements and limited control for attackers, compounds this challenge.In this paper, we present the first comprehensive study on risks of and techniques for co-location attacks in public cloud FaaS environments. We develop two physical host fingerprinting techniques and propose a new, inexpensive methodology for large-scale instance co-location verification. Using these techniques, we analyze how Google Cloud Run places function instances on physical hosts and identify exploitable placement behaviors. Leveraging our findings, we devise an effective strategy for instance launching that achieves 100% probability of co-locating the attacker with at least one victim instance. Moreover, the attacker co-locates with 61% - 100% of victim instances in three major Cloud Run data centers.
AB - Microarchitectural side-channel attacks exploit shared hardware resources, posing significant threats to modern systems. A pivotal step in these attacks is achieving physical host co-location between attacker and victim. This step is especially challenging in public cloud environments due to the widespread adoption of the virtual private cloud (VPC) and the ever-growing size of the data centers. Furthermore, the shift towards Function-as-a-Service (FaaS) environments, characterized by dynamic function instance placements and limited control for attackers, compounds this challenge.In this paper, we present the first comprehensive study on risks of and techniques for co-location attacks in public cloud FaaS environments. We develop two physical host fingerprinting techniques and propose a new, inexpensive methodology for large-scale instance co-location verification. Using these techniques, we analyze how Google Cloud Run places function instances on physical hosts and identify exploitable placement behaviors. Leveraging our findings, we devise an effective strategy for instance launching that achieves 100% probability of co-locating the attacker with at least one victim instance. Moreover, the attacker co-locates with 61% - 100% of victim instances in three major Cloud Run data centers.
KW - cloud computing
KW - co-location vulnerability
KW - function-as-a-service (FaaS)
KW - timestamp counter
UR - http://www.scopus.com/inward/record.url?scp=85191466253&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85191466253&partnerID=8YFLogxK
U2 - 10.1145/3617232.3624867
DO - 10.1145/3617232.3624867
M3 - Conference contribution
AN - SCOPUS:85191466253
T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
SP - 133
EP - 149
BT - Spring Cycle
PB - Association for Computing Machinery
Y2 - 27 April 2024 through 1 May 2024
ER -