Implementation of a Memory Disclosure Attack on Memory Deduplication of Virtual Machines

@article{Suzaki2013ImplementationOA,
  title={Implementation of a Memory Disclosure Attack on Memory Deduplication of Virtual Machines},
  author={Kuniyasu Suzaki and Kengo Iijima and Toshiki Yagi and Cyrille Artho},
  journal={IEICE Trans. Fundam. Electron. Commun. Comput. Sci.},
  year={2013},
  volume={96-A},
  pages={215-224}
}
SUMMARY Memory deduplication improves the utilization of physical memory by sharing identical blocks of data. Although memory deduplication is most effective when many virtual machines with same operating systems run on a CPU, cross-user memory deduplication is a covert channel and causes serious memory disclosure attack. It reveals the existence of an application or file on another virtual machine. The covert channel is a difference in write access time on deduplicated memory pages that are re… 

Figures and Tables from this paper

Group-Based Memory Deduplication against Covert Channel Attacks in Virtualized Environments

Memory deduplication improves memory density by merging identical memory pages in multi-tenanted cloud. However, memory deduplication is vulnerable to memory disclosure attacks and covert channel

Breaking KASLR Using Memory Deduplication in Virtualized Environments

This paper presents a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines, and shows that the proposed attack can obtain the kernel address within a short amount of time.

On the effectiveness of same-domain memory deduplication

It is concluded that same-domain memory deduplication as a defense is difficult to implement correctly, and hence, is insufficient.

Slicedup: a tenant-aware memory deduplication for cloud computing

Slicedup is presented, a tenant-aware memory deduplication mechanism that prevents side-channel attacks among tenants and can be implemented in any operating system, regardless of its version, architecture or any other system dependence.

CovertInspector: Identification of Shared Memory Covert Timing Channel in Multi-tenanted Cloud

Evaluation shows that CovertInspector is able to fully identify and eliminate such kind of covert channel with tolerable impact to the performance of guest VMs.

WindTalker: An Efficient and Robust Protocol of Cloud Covert Channel Based on Memory Deduplication

This paper first analyzes the CCCMD working scheme in a virtualized environment, and uncover its major defects and implementation difficulties, and builds a prototype named WindTalker which overcomes these obstacles.

Wait a Minute! A fast, Cross-VM Attack on AES

The results of this study show that there is a great security risk to OpenSSL AES implementation running on VMware cloud services when the deduplication is not disabled.

PCA: Page Correlation Aggregation for Memory Deduplication in Virtualized Environments

This paper proposes a novel memory deduplication approach called page correlation aggregation (PCA), which can efficiently reduce otiose operations and effectively resist covert channels in content-based page sharing.

Micro-architectural Threats to Modern Computing Systems

This dissertation introduces side-channel attacks on cloud systems to recover sensitive information such as code execution, software identity as well as cryptographic secrets, and proposes the DeepCloak framework as a countermeasure against sidechannel attacks.

Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud

This work shows that co-location can be achieved and detected by monitoring the last level cache in public clouds, and presents a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a colocated instance.

References

SHOWING 1-10 OF 19 REFERENCES

Memory deduplication as a threat to the guest OS

A memory disclosure attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write to reveal the existence of an application or file on another virtual machine.

Moving from Logical Sharing of Guest OS to Physical Sharing of Deduplication on Virtual Machine

This paper proposes that self-contained binaries eliminate the problems caused by logical sharing, and the memory and storage overheads caused by self- contained binaries are mitigated by physical sharing.

Lest we remember: cold-boot attacks on encryption keys

It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.

Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation

It is demonstrated that secure deallocation generally clears data immediately after its last use, and that without such measures, data can remain in memory for days or weeks, even persisting across reboots.

Difference engine

Difference Engine is built, an extension to the Xen VMM, to support both subpage level sharing and full-page sharing and demonstrate substantial savings across VMs running disparate workloads (up to 65%).

Using hypervisor to provide data secrecy for user applications on a per-page basis

A novel way of using hypervisors to protect application data privacy even when the underlying operating system is not trustable is presented, showing that it increases the application execution time only by 3% for CPU and memory-intensive workloads.

Satori: Enlightened Page Sharing

Satori is introduced, an efficient and effective system for sharing memory in virtualised systems that is better able to detect short-lived sharing opportunities, efficient and incurs negligible overhead, and it maintains performance isolation between virtual machines.

Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems

A virtual-machine-based system called Overshadow is introduced that protects the privacy and integrity of application data, even in the event of a total OS compromise, and is used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system.

Memory resource management in VMware ESX server

Several novel ESX Server mechanisms and policies for managing memory are introduced, including a ballooning technique that reclaims the pages considered least valuable by the operating system running in a virtual machine, and an idle memory tax that achieves efficient memory utilization.

The Impact of Multilevel Security on Database Buffer Management

A client/buffer manager interface with a set of synchronization guarantees that does not delay low writers in the presence of concurrent high readers, an allocation scheme that partitions slots by security level but allows buffers, underutilized at the low level, to be used by subjects at high levels using a technique the authors call “slot stealing,” and a general page replacement algorithm.