Warmonger Attack: A Novel Attack Vector In Serverless Computing

Author

Junjie Xiong, Missouri University of Science and TechnologyFollow
Mingkui Wei
Zhuo Lu
Yao Liu

Abstract

We debut the Warmonger attack, a novel attack vector that can cause denial-of-service between a serverless computing platform and an external content server. The Warmonger attack exploits the fact that a serverless computing platform shares the same set of egress IPs among all serverless functions, which belong to different users, to access an external content server. As a result, a malicious user on this platform can purposefully misbehave and cause these egress IPs to be blocked by the content server, resulting in a platform-wide denial of service. To validate the effectiveness of the Warmonger attack, we conducted extensive experiments over several months, collecting and analyzing the egress IP usage patterns of five prominent serverless service providers (SSPs): Amazon Web Service (AWS) Lambda, Google App Engine, Microsoft Azure Functions, Cloudflare Workers, and Alibaba Function Compute. Additionally, we conducted a thorough evaluation of the attacker's potential actions to compromise an external server and trigger IP blocking. Our findings revealed that certain SSPs employ surprisingly small sets of egress IPs, sometimes as few as four, which are shared among their user base. Furthermore, our research demonstrates that the serverless platform offers ample opportunities for malicious users to engage in well-known disruptive behaviors, ultimately resulting in IP blocking. Our study uncovers a significant security threat within the burgeoning serverless computing platform and sheds light on potential mitigation strategies, such as the detection of malicious serverless functions and the isolation of such entities.

Recommended Citation

J. Xiong et al., "Warmonger Attack: A Novel Attack Vector In Serverless Computing," IEEE ACM Transactions on Networking, vol. 32, no. 6, pp. 4826 - 4841, Institute of Electrical and Electronics Engineers, Jan 2024.

The definitive version is available at https://doi.org/10.1109/TNET.2024.3437432

Department(s)

Computer Science

Keywords and Phrases

Cloud computing; denial-of-service; edge computing; serverless functions

International Standard Serial Number (ISSN)

1558-2566; 1063-6692

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2025 Institute of Electrical and Electronics Engineers, All rights reserved.

Publication Date

01 Jan 2024