Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker

TL;DR

This paper presents the integration of a virtual TPM into the Firecracker hypervisor to enhance trust in cloud PaaS environments, analyzing performance and security impacts.

Contribution

It introduces a virtual TPM implementation in Firecracker, enabling trusted computing in managed cloud services for the first time.

Findings

Slight performance decrease observed

Attack surface slightly increased

Trust enhancement outweighs performance costs

Abstract

When software services use cloud providers to run their workloads, they place implicit trust in the cloud provider, without an explicit trust relationship. One way to achieve such explicit trust in a computer system is to use a hardware Trusted Platform Module (TPM), a coprocessor for trusted computing. However, in the case of managed platform-as-a-service (PaaS) offerings, there is currently no cloud provider that exposes TPM capabilities. In this paper, we improve trust by integrating a virtual TPM device into the Firecracker hypervisor, originally developed by Amazon Web Services. In addition to this, multiple performance tests along with an attack surface analysis are performed to evaluate the impact of the changes introduced. We discuss the results and conclude that the slight performance decrease and attack surface increase are acceptable trade-offs in order to enable trusted computing in PaaS offerings.