This work uncovers a cross-tenant physical co-location vulnerability in serverless clouds, stemming from predictable scheduler behavior and enabling L1/L3 cache side-channel attacks. To exploit this, we propose the first production-ready black-box co-location attack framework targeting mainstream platforms such as Azure Functions. Our method combines reverse-engineering of scheduler policies, timing-based side-channel probing, and probabilistic co-location strategy optimization to achieve high-success-rate physical co-location across tenant boundaries. Furthermore, we extract platform-agnostic scheduler fingerprints and empirically validate their stability and reproducibility across both open-source serverless frameworks and Azure Functions. This study is the first to systematically establish scheduler predictability as a critical prerequisite for co-location attacks. We also design a lightweight scheduler obfuscation mechanism that significantly reduces co-location probability without compromising performance or latency—demonstrating practical mitigation with minimal overhead.

Serverless computing has revolutionized cloud computing by offering an efficient and cost-effective way for users to develop and deploy applications without managing infrastructure details. However, serverless cloud users remain vulnerable to various types of attacks, including micro-architectural side-channel attacks. These attacks typically rely on the physical co-location of victim and attacker instances, and attackers will need to exploit cloud schedulers to achieve co-location with victims. Therefore, it is crucial to study vulnerabilities in serverless cloud schedulers and assess the security of different serverless scheduling algorithms. This study addresses the gap in understanding and constructing co-location attacks in serverless clouds. We present a comprehensive methodology to uncover exploitable features in serverless scheduling algorithms and devise strategies for constructing co-location attacks through normal user interfaces. In our experiments, we successfully reveal exploitable vulnerabilities and achieve instance co-location on prevalent open-source infrastructures and Microsoft Azure Functions. We also present a mitigation strategy to defend against co-location attacks in serverless clouds. Our work highlights critical areas for security enhancements in current cloud schedulers, offering insights to fortify serverless computing environments against potential co-location attacks.