Restoring Uniqueness in MicroVM Snapshots

TL;DR

This paper addresses the challenge of restoring uniqueness in microVM snapshots for serverless systems, proposing new interfaces to manage high-value memory contents and ensure VM individuality during fast startup.

Contribution

Introduces two novel interfaces, MADV_WIPEONSUSPEND and SysGenId, to improve VM snapshot restoration by maintaining uniqueness and security in serverless environments.

Findings

MADV_WIPEONSUSPEND effectively wipes sensitive memory on suspend.

SysGenId generates unique identifiers for each VM instance.

Proposed solutions outperform existing methods in restoring VM uniqueness.

Abstract

Code initialization -- the step of loading code, executing static code, filling caches, and forming re-used connections -- tends to dominate cold-start time in serverless compute systems such as AWS Lambda. Post-initialization memory snapshots, cloned and restored on start, have emerged as a viable solution to this problem, with incremental snapshot and fast restore support in VMMs like Firecracker. Saving memory introduces the challenge of managing high-value memory contents, such as cryptographic secrets. Cloning introduces the challenge of restoring the uniqueness of the VMs, to allow them to do unique things like generate UUIDs, secrets, and nonces. This paper examines solutions to these problems in the every microsecond counts context of serverless cold-start, and discusses the state-of-the-art of available solutions. We present two new interfaces aimed at solving this problem -- MADV\_WIPEONSUSPEND and SysGenId -- and compare them to alternative solutions.