Brussels / 3 & 4 February 2024


#snapsafety: de-duplicating state across Virtual Machine clones

Virtual Machine snapshots intentionally duplicate the state of a running Virtual Machine, so that we can go back in time or spawn new, identical, VMs from it. However, snapshots capture state that is meant to be unique and/or secret, such as entropy seeds, UUIDs, network configuration etc.

Recently, Linux added support for Virtual Machine Generation ID to de-duplicate the state of its internal PRNG upon Virtual Machine clone events. However, other parts of the kernel and user-space components lack proper mechanisms for adjusting. This can lead to functional issues, e.g. two VMs in the same network with the same network configuration, as well as security concerns, e.g. two user-space CSPRNGs returning identical "random" streams of bits.

In this talk we will describe the snapshot safety problem and speak about existing mechanisms for tackling it and our efforts to extend those. Moreover, we will discuss why we believe that a solution to this problem calls for collaboration among the hypervisor, guest kernel and guest user-space. Finally, we will present our latest efforts for building mechanisms that allow tackling the issue end-to-end.


Photo of Babis Chalios Babis Chalios