This work addresses the challenge of observing co-location attacks and denial-of-service risks in serverless computing, which stem from scheduling and resource-sharing mechanisms and are difficult to detect in production environments. The paper presents the first security-oriented discrete-event simulator that explicitly models attackers and victims as first-class entities. By accurately capturing function invocation arrivals, scheduling policies, container reuse, and resource contention dynamics, the framework enables controlled and reproducible experimental analysis of security risks. It supports quantitative evaluation of key security metrics, including co-location probability, tail latency, and invocation drop rate. Experimental results demonstrate that scheduler choice significantly influences co-location risk—varying by multiple orders of magnitude under identical load—while denial-of-service behavior is primarily governed by service time, queuing policies, and cluster capacity.

Serverless computing abstracts infrastructure management but also obscures system-level behaviors that can introduce security risks. Prior work has shown that serverless platforms are vulnerable to attacks exploiting shared execution environments, including attacker--victim co-location and denial-of-service through resource contention, yet analyzing these risks on production platforms is difficult due to limited observability, high cost, and lack of experimental control, while existing simulators primarily focus on performance and cost rather than security. We present Kumo, a security-focused simulator for serverless platforms that enables controlled, reproducible analysis of security risks arising from scheduling and resource sharing decisions. Kumo models invocation arrivals, scheduler placement, container reuse, resource contention, and queuing within a discrete-event framework, explicitly representing attackers and victims as first-class entities and providing metrics such as co-location probability, time to first co-location, invocation drop rate, and tail latency. Through two case studies, we show that scheduler choice is a first-order factor for co-location attacks, inducing orders-of-magnitude differences under identical workloads, while Denial-of-Service behavior is largely governed by system-level factors such as service time, queuing policy, and cluster capacity once contention dominates. These results highlight the need to distinguish scheduler-driven isolation risks from broader resource exhaustion vulnerabilities and position Kumo as a flexible foundation for systematic, security-aware exploration of serverless platforms.