How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems

Vañó-García, Fernando; Marco-Gisbert, Héctor

doi:10.1109/nca.2018.8548338

Cited by 5 publications

(4 citation statements)

References 5 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One resource dimension is memory density: the host can transparently share pages between VMs using contentbased page merging [8, 39]. 6 However, fine-grained randomization has been shown to nullify page-sharing benefits [66] as fine-grained variations of page contents prevent merging. With in-monitor randomization, the host could manage this tradeoff.…”

Section: Discussionmentioning

confidence: 99%

KASLR in the age of MicroVMs

Holmes

Waterman

Williams

2022

Proceedings of the Seventeenth European Conference on Computer Systems

View full text Add to dashboard Cite

Address space layout randomization (ASLR) is a widely used component of computer security aimed at preventing code reuse and/or data-only attacks. Modern kernels utilize kernel ASLR (KASLR) and finer-grained forms, such as functional granular KASLR (FGKASLR), but do so as part of an inefficient bootstrapping process we call bootstrap selfrandomization. Meanwhile, under increasing pressure to optimize their boot times, microVM architectures such as AWS Firecracker have resorted to eliminating bootstrapping steps, particularly decompression and relocation from the guest kernel boot process, leaving them without KASLR. In this paper, we present in-monitor KASLR, in which the virtual machine monitor efficiently implements KASLR for the guest kernel by skipping the expensive kernel self-relocation steps. We prototype in-monitor KASLR and FGKASLR in the opensource Firecracker virtual machine monitor demonstrating, on a microVM configured kernel, boot times 22% and 16% faster than bootstrapped KASLR and FGKASLR methods, respectively. We also show the low overhead of in-monitor KASLR, with only 4% (2 ms) increase in boot times on average compared to a kernel without KASLR. We also discuss the implications and future opportunities for in-monitor approaches.CCS Concepts: • Security and privacy → Virtualization and security.

show abstract

Section: Discussionmentioning

confidence: 99%

KASLR in the age of MicroVMs

Holmes

Waterman

Williams

2022

Proceedings of the Seventeenth European Conference on Computer Systems

View full text Add to dashboard Cite

show abstract

“…They investigated memory page behaviour using page flags provided through the Linux kernel's proc file system and used the framework to anticipate memory pages that are expected to be generally stable, as well as memory deduplication and virtual machine live migration. Garoa et al [19], studied the impact of ASLR (Address Space Layout Randomization) over memory deduplication. They looked at how memory deduplication affects kernel randomization.…”

Section: Literature Reviewmentioning

confidence: 99%

Homogeneous Batch Memory Deduplication Using Clustering of Virtual Machines

Jagadeeswari¹,

Raj²

2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Virtualization is the backbone of cloud computing, which is a developing and widely used paradigm. By finding and merging identical memory pages, memory deduplication improves memory efficiency in virtualized systems. Kernel Same Page Merging (KSM) is a Linux service for memory pages sharing in virtualized environments. Memory deduplication is vulnerable to a memory disclosure attack, which uses covert channel establishment to reveal the contents of other colocated virtual machines. To avoid a memory disclosure attack, sharing of identical pages within a single user's virtual machine is permitted, but sharing of contents between different users is forbidden. In our proposed approach, virtual machines with similar operating systems of active domains in a node are recognised and organised into a homogenous batch, with memory deduplication performed inside that batch, to improve the memory pages sharing efficiency. When compared to memory deduplication applied to the entire host, implementation details demonstrate a significant increase in the number of pages shared when memory deduplication applied batch-wise and CPU (Central processing unit) consumption also increased.

show abstract

“…Kernel Address Space Layout Randomization Multi-Tenant (KASLR-MT) [35] is a kernel randomization solution for multi-tenant cloud systems that remedies the problem of memory deduplication cancellation caused by the randomization effects on guest memory contents. KSM and KASLR techniques conflict when both are enabled in virtualized systems such as cloud environments [35], [38]. The reason is that the randomization of kernel memory regions causes undesired effects on the memory sharing effectiveness of KSM because the latter tries to merge host memory pages with identical content while guest kernel randomization introduces differences in the memory contents of the guest virtual machine.…”

Section: Kaslr-mtmentioning

confidence: 99%

“…Section II-C briefly outlines the problem that affects memory sharing and the efficient utilization of memory resources when deduplication mechanisms such as KSM are combined with address randomization security mechanisms such as KASLR, especially in environments that rely on virtualization technologies. This issue was explored in previous research [35], [38], providing solutions for the standard coarsegrained kernel randomization approach. However, motivated by info-leak attacks, newer and more secure kernel ran-This work is licensed under a Creative Commons Attribution 4.0 License.…”

Section: The Problem: Relative Offsetsmentioning

confidence: 99%

An Info-Leak Resistant Kernel Randomization for Virtualized Systems

Vañó-García

Marco-Gisbert

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

Given the significance that the cloud paradigm has in modern society, it is extremely important to provide security to users at all levels, especially at the most fundamental ones since these are the most sensitive and potentially harmful in the event of an attack. However, the cloud computing paradigm brings new challenges in which security mechanisms are weakened or deactivated to improve profitability and exploitation of the available resources. Kernel randomization is an important security mechanism that is currently present in all main operating systems. Function-Granular Kernel Randomization is a new step that aims to be the future of the kernel randomization, because it provides much more security than current kernel randomization approaches. Unfortunately, function-granular kernel randomization also impacts significantly on the performance and potential benefits of memory deduplication. Both functiongranular kernel randomization and memory deduplication are desired and beneficial; the first for the strong protection it gives, and the second for the reduction of costs in terms of memory consumption. In this paper, we analyse the impact of function-granular kernel randomization on memory deduplication revealing why it cannot offer maximum security and shareability of memory simultaneously. We also discuss the reasons why having a full position independent kernel code counter-intuitively does not solve the problem introducing a challenge to kernel randomization designers. To solve these problems, we propose a functiongranular kernel randomization modification for cloud systems that enables full function-granular kernel randomization while reduces memory deduplication cancellations to almost zero. The proposed approach forces guest kernels of the same tenant to have the same random memory layout of memory regions with high impact on deduplication, ensuring a high rate of deduplicated pages while the kernel randomization is fully enabled. Our approach enables cloud providers to have both, high levels of security and an efficient use of resources.

show abstract

How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems

Cited by 5 publications

References 5 publications

KASLR in the age of MicroVMs

KASLR in the age of MicroVMs

Homogeneous Batch Memory Deduplication Using Clustering of Virtual Machines

An Info-Leak Resistant Kernel Randomization for Virtualized Systems

Contact Info

Product

Resources

About