Warmonger Attack: A Novel Attack Vector in Serverless Computing

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE/ACM Transactions on Networking Pub Date : 2024-08-08 DOI:10.1109/TNET.2024.3437432

Junjie Xiong;Mingkui Wei;Zhuo Lu;Yao Liu

{"title":"Warmonger Attack: A Novel Attack Vector in Serverless Computing","authors":"Junjie Xiong;Mingkui Wei;Zhuo Lu;Yao Liu","doi":"10.1109/TNET.2024.3437432","DOIUrl":null,"url":null,"abstract":"We debut the Warmonger attack, a novel attack vector that can cause denial-of-service between a serverless computing platform and an external content server. The Warmonger attack exploits the fact that a serverless computing platform shares the same set of egress IPs among all serverless functions, which belong to different users, to access an external content server. As a result, a malicious user on this platform can purposefully misbehave and cause these egress IPs to be blocked by the content server, resulting in a platform-wide denial of service. To validate the effectiveness of the Warmonger attack, we conducted extensive experiments over several months, collecting and analyzing the egress IP usage patterns of five prominent serverless service providers (SSPs): Amazon Web Service (AWS) Lambda, Google App Engine, Microsoft Azure Functions, Cloudflare Workers, and Alibaba Function Compute. Additionally, we conducted a thorough evaluation of the attacker’s potential actions to compromise an external server and trigger IP blocking. Our findings revealed that certain SSPs employ surprisingly small sets of egress IPs, sometimes as few as four, which are shared among their user base. Furthermore, our research demonstrates that the serverless platform offers ample opportunities for malicious users to engage in well-known disruptive behaviors, ultimately resulting in IP blocking. Our study uncovers a significant security threat within the burgeoning serverless computing platform and sheds light on potential mitigation strategies, such as the detection of malicious serverless functions and the isolation of such entities.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"4826-4841"},"PeriodicalIF":3.0000,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM Transactions on Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10630835/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

We debut the Warmonger attack, a novel attack vector that can cause denial-of-service between a serverless computing platform and an external content server. The Warmonger attack exploits the fact that a serverless computing platform shares the same set of egress IPs among all serverless functions, which belong to different users, to access an external content server. As a result, a malicious user on this platform can purposefully misbehave and cause these egress IPs to be blocked by the content server, resulting in a platform-wide denial of service. To validate the effectiveness of the Warmonger attack, we conducted extensive experiments over several months, collecting and analyzing the egress IP usage patterns of five prominent serverless service providers (SSPs): Amazon Web Service (AWS) Lambda, Google App Engine, Microsoft Azure Functions, Cloudflare Workers, and Alibaba Function Compute. Additionally, we conducted a thorough evaluation of the attacker’s potential actions to compromise an external server and trigger IP blocking. Our findings revealed that certain SSPs employ surprisingly small sets of egress IPs, sometimes as few as four, which are shared among their user base. Furthermore, our research demonstrates that the serverless platform offers ample opportunities for malicious users to engage in well-known disruptive behaviors, ultimately resulting in IP blocking. Our study uncovers a significant security threat within the burgeoning serverless computing platform and sheds light on potential mitigation strategies, such as the detection of malicious serverless functions and the isolation of such entities.

查看原文本刊更多论文

暖男攻击：无服务器计算中的新型攻击向量

我们推出了Warmonger攻击，这是一种新颖的攻击向量，可以导致无服务器计算平台和外部内容服务器之间的拒绝服务。Warmonger攻击利用无服务器计算平台在属于不同用户的所有无服务器功能之间共享同一组出口ip的事实来访问外部内容服务器。因此，该平台上的恶意用户可以故意做出不当行为，并导致这些出口ip被内容服务器阻止，从而导致整个平台范围的拒绝服务。为了验证Warmonger攻击的有效性，我们在几个月的时间里进行了大量的实验，收集和分析了五个著名的无服务器服务提供商（ssp）的出口IP使用模式：亚马逊网络服务（AWS） Lambda、b谷歌应用引擎、微软Azure功能、Cloudflare Workers和阿里巴巴功能计算。此外，我们对攻击者破坏外部服务器并触发IP封锁的潜在行为进行了全面评估。我们的研究结果显示，某些ssp使用的出口ip数量少得惊人，有时只有4个，这些ip在用户群中共享。此外，我们的研究表明，无服务器平台为恶意用户从事众所周知的破坏性行为提供了充足的机会，最终导致IP封锁。我们的研究揭示了新兴的无服务器计算平台中存在的重大安全威胁，并揭示了潜在的缓解策略，例如检测恶意无服务器功能和隔离此类实体。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE/ACM Transactions on Networking 工程技术-电信学

CiteScore

8.20

自引率

5.40%

发文量

246

审稿时长

4-8 weeks

期刊介绍： The IEEE/ACM Transactions on Networking’s high-level objective is to publish high-quality, original research results derived from theoretical or experimental exploration of the area of communication/computer networking, covering all sorts of information transport networks over all sorts of physical layer technologies, both wireline (all kinds of guided media: e.g., copper, optical) and wireless (e.g., radio-frequency, acoustic (e.g., underwater), infra-red), or hybrids of these. The journal welcomes applied contributions reporting on novel experiences and experiments with actual systems.