An Info-Leak Resistant Kernel Randomization for Virtualized Systems

Given the significance that the cloud paradigm has in modern society, it is extremely important to provide security to users at all levels, especially at the most fundamental ones since these are the most sensitive and potentially harmful in the event of an attack. However, the cloud computing paradigm brings new challenges in which security mechanisms are weakened or deactivated to improve profitability and exploitation of the available resources. Kernel randomization is an important security mechanism that is currently present in all main operating systems. Function-Granular Kernel Randomization is a new step that aims to be the future of the kernel randomization, because it provides much more security than current kernel randomization approaches. Unfortunately, function-granular kernel randomization also impacts significantly on the performance and potential benefits of memory deduplication. Both function-granular kernel randomization and memory deduplication are desired and beneficial; the first for the strong protection it gives, and the second for the reduction of costs in terms of memory consumption. In this paper, we analyse the impact of function-granular kernel randomization on memory deduplication revealing why it cannot offer maximum security and shareability of memory simultaneously. We also discuss the reasons why having a full position independent kernel code counter-intuitively does not solve the problem introducing a challenge to kernel randomization designers. To solve these problems, we propose a function-granular kernel randomization modification for cloud systems that enables full function-granular kernel randomization while reduces memory deduplication cancellations to almost zero. The proposed approach forces guest kernels of the same tenant to have the same random memory layout of memory regions with high impact on deduplication, ensuring a high rate of deduplicated pages while the kernel randomization is fully enabled. Our approach enables cloud providers to have both, high levels of security and an efficient use of resources.

[1]  Hwanju Kim,et al.  Group-based memory oversubscription for virtualized clouds , 2014, J. Parallel Distributed Comput..

[2]  Achim Streit,et al.  Reducing the Memory Footprint of Parallel Applications with KSM , 2012, Facing the Multicore-Challenge.

[3]  Erol Gelenbe,et al.  Energy-Efficient Cloud Computing , 2010, Comput. J..

[4]  G. Santhosh Kumar,et al.  Virtualization Techniques: A Methodical Review of XEN and KVM , 2011, ACC.

[5]  Hector Marco-Gisbert,et al.  Slicedup: a tenant-aware memory deduplication for cloud computing , 2018 .

[6]  Javad Akbari Torkestani,et al.  A learning automata-based algorithm for energy and SLA efficient consolidation of virtual machines in cloud data centers , 2018, J. Parallel Distributed Comput..

[7]  Ahmad-Reza Sadeghi,et al.  LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization , 2017, RAID.

[8]  Minglu Li,et al.  Ada-Things: An adaptive virtual machine monitoring and migration strategy for internet of things applications , 2019, J. Parallel Distributed Comput..

[9]  Taesoo Kim,et al.  Breaking Kernel Address Space Layout Randomization with Intel TSX , 2016, CCS.

[10]  Jack B. Dennis,et al.  Virtual memory, processes, and sharing in Multics , 1967, CACM.

[11]  Hector Marco-Gisbert,et al.  KASLR-MT: Kernel Address Space Layout Randomization for Multi-Tenant cloud systems , 2020, J. Parallel Distributed Comput..

[12]  Yeping He,et al.  Prevent Kernel Return-Oriented Programming Attacks Using Hardware Virtualization , 2012, ISPEC.

[13]  Pangfeng Liu,et al.  An Empirical Study on Memory Sharing of Virtual Machines for Server Consolidation , 2011, 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Sparsh Mittal,et al.  A survey of techniques for architecting TLBs , 2017, Concurr. Comput. Pract. Exp..

[16]  Benny Pinkas,et al.  Side Channels in Cloud Services: Deduplication in Cloud Storage , 2010, IEEE Security & Privacy.

[17]  Ismael Ripoll,et al.  Address Space Layout Randomization Next Generation , 2019, Applied Sciences.

[18]  João Moreira,et al.  DROP THE ROP Fine-grained Control-flow Integrity for the Linux Kernel , 2017 .

[19]  信息学 Copy-on-write , 2010 .

[20]  Stefan Mangard,et al.  KASLR is Dead: Long Live KASLR , 2017, ESSoS.

[21]  Jian Shen,et al.  Key-policy attribute-based encryption against continual auxiliary input leakage , 2019, Inf. Sci..

[22]  William Herlands,et al.  Effective Entropy: Security-Centric Metric for Memory Randomization Techniques , 2014, CSET.

[23]  George Varghese,et al.  Difference engine , 2010, OSDI.

[24]  Stefan Mangard,et al.  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR , 2016, CCS.

[25]  Sean Peisert,et al.  ASLR: How Robust Is the Randomness? , 2017, 2017 IEEE Cybersecurity Development (SecDev).

[26]  Fan Guo,et al.  SmartMD: A High Performance Deduplication Engine with Mixed Pages , 2017, USENIX Annual Technical Conference.

[27]  Ismael Ripoll,et al.  On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[28]  Hang Zhou,et al.  DADTA: A novel adaptive strategy for energy and performance efficient virtual machine consolidation , 2018, J. Parallel Distributed Comput..

[29]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[30]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[31]  Yi Wang,et al.  A Survey of Code Reuse Attack and Defense , 2018 .

[32]  Jiguo Li,et al.  Hierarchical attribute based encryption with continuous leakage-resilience , 2019, Inf. Sci..

[33]  Hector Marco-Gisbert,et al.  How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems , 2018, 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[34]  Mathias Fischer,et al.  A memory-deduplication side-channel attack to detect applications in co-resident virtual machines , 2018, SAC.

[35]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[36]  P. Krugman Scale Economies, Product Differentiation, and the Pattern of Trade , 1980 .

[37]  Thanasis Loukopoulos,et al.  On minimizing the resource consumption of cloud applications using process migrations , 2013, J. Parallel Distributed Comput..

[38]  Hector Marco Gisbert,et al.  On the Effectiveness of Full-ASLR on 64-bit Linux , 2014 .

[39]  Michael Schwarz,et al.  KASLR: Break It, Fix It, Repeat , 2020, AsiaCCS.

[40]  Inderveer Chana,et al.  An intelligent regressive ensemble approach for predicting resource usage in cloud computing , 2019, J. Parallel Distributed Comput..