Memory deduplication as a threat to the guest OS

Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.

[1]  Steven Hand,et al.  Satori: Enlightened Page Sharing , 2009, USENIX Annual Technical Conference.

[2]  Kang G. Shin,et al.  Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.

[3]  Cyrille Artho,et al.  Moving from Logical Sharing of Guest OS to Physical Sharing of Deduplication on Virtual Machine , 2010, HotSec.

[4]  Christian S. Collberg,et al.  SLINKY: Static Linking Reloaded , 2005, USENIX Annual Technical Conference, General Track.

[5]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[6]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[7]  George Varghese,et al.  Difference engine , 2010, OSDI.

[8]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[9]  Tal Garfinkel,et al.  Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.

[10]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[11]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, TOCS.

[12]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, SOSP.

[13]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[14]  Mendel Rosenblum,et al.  Understanding data lifetime , 2006 .

[15]  Qiang Li,et al.  The Impact of Multilevel Security on Database Buffer Management , 1996, ESORICS.