Public clouds are inherently multi-tenant: applications deployed by different parties (including malicious ones) may reside on the same physical machines and share various hardware resources. With the introduction of newer hypervisors, containerization frameworks like Docker, and managed/orchestrated clusters using systems like Kubernetes, cloud providers downplay the feasibility of co-tenant attacks by marketing a belief that applications share no part of the stack. In this paper, we demonstrate that attackers can confirm co-residency with a victim application from inside state-of-the-art containers running on virtual machines. We analyze the degree of vulnerability present in containers running on various systems including within a broad range of commercially utilized orchestrators. Our results show that on realistic cloud environments, we can obtain 90\% success rates for co-residency detection. Our investigation confirms that co-residency attacks are a significant concern on containers running on modern orchestration systems.
