Restoring Uniqueness in MicroVM Snapshots
This paper tackles the problem of secure and unique microVM restoration for serverless cold-start, which is an incremental improvement for cloud providers and serverless users.
This paper addresses the challenges of cryptographic secrets and uniqueness in microVM snapshots used to reduce serverless cold-start times. It proposes two new interfaces, MADV_WIPEONSUSPEND and SysGenId, to manage high-value memory contents and restore VM uniqueness, comparing them to existing solutions.
Code initialization -- the step of loading code, executing static code, filling caches, and forming re-used connections -- tends to dominate cold-start time in serverless compute systems such as AWS Lambda. Post-initialization memory snapshots, cloned and restored on start, have emerged as a viable solution to this problem, with incremental snapshot and fast restore support in VMMs like Firecracker. Saving memory introduces the challenge of managing high-value memory contents, such as cryptographic secrets. Cloning introduces the challenge of restoring the uniqueness of the VMs, to allow them to do unique things like generate UUIDs, secrets, and nonces. This paper examines solutions to these problems in the every microsecond counts context of serverless cold-start, and discusses the state-of-the-art of available solutions. We present two new interfaces aimed at solving this problem -- MADV\_WIPEONSUSPEND and SysGenId -- and compare them to alternative solutions.