Kumo: A Security-Focused Serverless Cloud Simulator

A research team led by Wei Shao and Khaled Khasawneh has developed Kumo, a novel simulator designed specifically to analyze security vulnerabilities in serverless computing platforms. Unlike existing tools that focus on performance and cost, Kumo treats attackers and victims as first-class entities within a discrete-event framework, modeling critical components like invocation arrivals, scheduler placement decisions, container reuse policies, and resource contention. This allows for controlled, reproducible analysis of security risks that are difficult to study on production platforms due to limited observability and high costs.

Through detailed case studies, the researchers made two key discoveries. First, they found that the choice of scheduler is a "first-order factor" for co-location attacks, where an attacker's function is placed on the same physical hardware as a victim's. Identical workloads showed orders-of-magnitude differences in co-location probability based solely on scheduler algorithms. Second, they demonstrated that Denial-of-Service (DoS) behavior shifts to being governed by system-level factors like service time and cluster capacity once resource contention becomes dominant.

These findings fundamentally reframe how we understand serverless security. Kumo's analysis shows that isolation risks driven by scheduler decisions are distinct from broader resource exhaustion vulnerabilities. The tool provides concrete metrics—including co-location probability, time to first co-location, and invocation drop rates—that platform developers can use to evaluate and harden their systems. By making these previously obscured system-level behaviors visible and measurable, Kumo provides a flexible foundation for building more secure serverless architectures.