Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms

Zane Weissman; Thore Tiemann; Thomas Eisenbarth; Berk Sunar

doi:10.1007/978-3-031-80020-7_1

Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms

Zane Weissman, Thore Tiemann, Thomas Eisenbarth, Berk Sunar

Abstract

Firecracker is a virtual machine manager (VMM) purpose-built by AWS for serverless cloud platforms—services that run code for thousands of end users on a per-task basis, automatically managing server infrastructure. In addition to architectural attacks, AWS states that microarchitectural attacks are included in their threat model. But this class of attacks relies on shared hardware, just as the scalability of serverless computing does, which opens a conflict of interest. In this work, we investigate just how secure Firecracker is against microarchitectural attacks. We review Firecracker’s stated isolation model and recommended best practices for deployment, identify potential threat models for serverless platforms, and analyze potential weak points. Then, we use microarchitectural attack PoCs to test the isolation provided by Firecracker and find that it offers little protection against Spectre or MDS attacks. We discover two particularly concerning cases: (1) a Medusa variant that threatens Firecracker VMs but not processes running outside of them, and is not mitigated by defenses recommended by AWS, and (2) a Spectre-PHT variant that remains exploitable even if recommended countermeasures–including disabled SMT–are in place.

Original language	English
Title of host publication	Information Systems Security
Editors	Vishwas T. Patil, Ram Krishnan, Rudrapatna K. Shyamasundar
Number of pages	22
Publisher	Springer Nature Switzerland
Publication date	2025
Pages	3-24
ISBN (Print)	978-3-031-80020-7
DOIs	https://doi.org/10.1007/978-3-031-80020-7_1
Publication status	Published - 2025

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Access to Document

10.1007/978-3-031-80020-7_1

Cite this

Weissman, Z., Tiemann, T., Eisenbarth, T., & Sunar, B. (2025). Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms. In V. T. Patil, R. Krishnan, & R. K. Shyamasundar (Eds.), Information Systems Security (pp. 3-24). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ; Vol. 15416 LNCS). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-80020-7_1

Weissman, Zane ; Tiemann, Thore ; Eisenbarth, Thomas et al. / Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms. Information Systems Security. editor / Vishwas T. Patil ; Ram Krishnan ; Rudrapatna K. Shyamasundar. Springer Nature Switzerland, 2025. pp. 3-24 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ).

@inproceedings{9950db9fc8ca4468a599e220ddb6a6b8,

title = "Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms",

abstract = "Firecracker is a virtual machine manager (VMM) purpose-built by AWS for serverless cloud platforms—services that run code for thousands of end users on a per-task basis, automatically managing server infrastructure. In addition to architectural attacks, AWS states that microarchitectural attacks are included in their threat model. But this class of attacks relies on shared hardware, just as the scalability of serverless computing does, which opens a conflict of interest. In this work, we investigate just how secure Firecracker is against microarchitectural attacks. We review Firecracker{\textquoteright}s stated isolation model and recommended best practices for deployment, identify potential threat models for serverless platforms, and analyze potential weak points. Then, we use microarchitectural attack PoCs to test the isolation provided by Firecracker and find that it offers little protection against Spectre or MDS attacks. We discover two particularly concerning cases: (1) a Medusa variant that threatens Firecracker VMs but not processes running outside of them, and is not mitigated by defenses recommended by AWS, and (2) a Spectre-PHT variant that remains exploitable even if recommended countermeasures–including disabled SMT–are in place.",

author = "Zane Weissman and Thore Tiemann and Thomas Eisenbarth and Berk Sunar",

note = "DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2025",

doi = "10.1007/978-3-031-80020-7\_1",

language = "English",

isbn = "978-3-031-80020-7",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ",

publisher = "Springer Nature Switzerland",

pages = "3--24",

editor = "Patil, \{Vishwas T.\} and Ram Krishnan and Shyamasundar, \{Rudrapatna K.\}",

booktitle = "Information Systems Security",

}

Weissman, Z, Tiemann, T , Eisenbarth, T & Sunar, B 2025, Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms. in VT Patil, R Krishnan & RK Shyamasundar (eds), Information Systems Security. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , vol. 15416 LNCS, Springer Nature Switzerland, pp. 3-24. https://doi.org/10.1007/978-3-031-80020-7_1

Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms. / Weissman, Zane; Tiemann, Thore ; Eisenbarth, Thomas et al.
Information Systems Security. ed. / Vishwas T. Patil; Ram Krishnan; Rudrapatna K. Shyamasundar. Springer Nature Switzerland, 2025. p. 3-24 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ; Vol. 15416 LNCS).

Research output: Chapters in Books/Reports/Conference Proceedings › Conference contribution › peer-review

TY - GEN

T1 - Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms

AU - Weissman, Zane

AU - Tiemann, Thore

AU - Eisenbarth, Thomas

AU - Sunar, Berk

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2025

Y1 - 2025

N2 - Firecracker is a virtual machine manager (VMM) purpose-built by AWS for serverless cloud platforms—services that run code for thousands of end users on a per-task basis, automatically managing server infrastructure. In addition to architectural attacks, AWS states that microarchitectural attacks are included in their threat model. But this class of attacks relies on shared hardware, just as the scalability of serverless computing does, which opens a conflict of interest. In this work, we investigate just how secure Firecracker is against microarchitectural attacks. We review Firecracker’s stated isolation model and recommended best practices for deployment, identify potential threat models for serverless platforms, and analyze potential weak points. Then, we use microarchitectural attack PoCs to test the isolation provided by Firecracker and find that it offers little protection against Spectre or MDS attacks. We discover two particularly concerning cases: (1) a Medusa variant that threatens Firecracker VMs but not processes running outside of them, and is not mitigated by defenses recommended by AWS, and (2) a Spectre-PHT variant that remains exploitable even if recommended countermeasures–including disabled SMT–are in place.

AB - Firecracker is a virtual machine manager (VMM) purpose-built by AWS for serverless cloud platforms—services that run code for thousands of end users on a per-task basis, automatically managing server infrastructure. In addition to architectural attacks, AWS states that microarchitectural attacks are included in their threat model. But this class of attacks relies on shared hardware, just as the scalability of serverless computing does, which opens a conflict of interest. In this work, we investigate just how secure Firecracker is against microarchitectural attacks. We review Firecracker’s stated isolation model and recommended best practices for deployment, identify potential threat models for serverless platforms, and analyze potential weak points. Then, we use microarchitectural attack PoCs to test the isolation provided by Firecracker and find that it offers little protection against Spectre or MDS attacks. We discover two particularly concerning cases: (1) a Medusa variant that threatens Firecracker VMs but not processes running outside of them, and is not mitigated by defenses recommended by AWS, and (2) a Spectre-PHT variant that remains exploitable even if recommended countermeasures–including disabled SMT–are in place.

UR - https://arxiv.org/abs/2311.15999

UR - https://www.mendeley.com/catalogue/e2064786-b879-36f9-842f-f3d684999941/

U2 - 10.1007/978-3-031-80020-7_1

DO - 10.1007/978-3-031-80020-7_1

M3 - Conference contribution

SN - 978-3-031-80020-7

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 24

BT - Information Systems Security

A2 - Patil, Vishwas T.

A2 - Krishnan, Ram

A2 - Shyamasundar, Rudrapatna K.

PB - Springer Nature Switzerland

ER -

Weissman Z, Tiemann T , Eisenbarth T, Sunar B. Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms. In Patil VT, Krishnan R, Shyamasundar RK, editors, Information Systems Security. Springer Nature Switzerland. 2025. p. 3-24. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) ). doi: 10.1007/978-3-031-80020-7_1

Microarchitectural Security of Firecracker VMM for Serverless Cloud Platforms

Abstract

UN SDGs

Access to Document

Other files and links

Cite this