Covert Communication In The Cloud With Lambdas

UCSD Researchers pictured from the left: CSE Ph.D. Student Anil Yelam; CSE Alumni Shibani Subbareddy and Keerthana Ganesan; CSE Ph.D. Student Ariana Mirian; CSE Professor Stefan Savage.

Serverless services, such as AWS lambdas, are a fast-growing part of the cloud market. Their popularity reflects their lightweight nature and scheduling and cost flexibility.

However, serverless computing’s security issues are poorly understood. CNS co-Director Stefan Savage, CSE/CNS Ph.D. students Anil Yelam and Ariana Mirian and CSE Alumni Shibani Subbareddy and Keerthana Ganesan explored the feasibility of developing a practical covert channel from lambdas in their paper: CoResident Evil: Covert Communication In The Cloud With Lambdas.

The team established that fast co-residence detection for lambdas is key to enabling a covert channel. Leveraging this knowledge, they developed a reliable and scalable co-residence detector based on the memory bus hardware. This technique enables dynamic discovery for co-resident lambdas and is incredibly fast, executing in a matter of seconds. The researchers can establish hundreds of individual covert channels for every 1000 lambdas deployed, and each of these can send data at 200 bits per second, demonstrating covert communication via lambdas is entirely feasible. The team presented their findings for the 30th Web Conference on April 20.