Memory deduplication as a threat to the guest OS

Suzaki, Kuniyasu; Kengo, Iijima; Yagi, Toshiki; Artho, Cyrille

doi:10.1145/1972551.1972552

Cited by 100 publications

(55 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…VM-hosted operating system: Both host and guest OS may be targeted [48], and to alleviate the impact of such an attack, adequate isolation must be enforced between guest virtual machines (VMs), as well as between the host and guest VMs. The adversary could attempt to break the isolation by exploiting, e.g., some aws of the virtualisation platform in use [49].…”

Section: Targetmentioning

confidence: 99%

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Panaousis

Mouratidis

2016

Information Security Theory and Practice

View full text Add to dashboard Cite

Abstract. Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the rst to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the rst paper that proposes a set of criteria to facilitate a clear and e ective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial e ect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users.

show abstract

Section: Targetmentioning

confidence: 99%

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Panaousis

Mouratidis

2016

Information Security Theory and Practice

View full text Add to dashboard Cite

show abstract

“…By default KSM in KVM scans 100 pages in every 200 milliseconds. This is why any memory disclosure attack, including ours, has to wait for a certain time before the deduplication takes effect upon which the attack can be performed [40][41][42].…”

Section: Ksm (Kernel Same-page Merging)mentioning

confidence: 99%

Know Thy Neighbor: Crypto Library Detection in Cloud

Irazoqui

İnci

Eisenbarth

et al. 2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Software updates and security patches have become a standard method to fix known and recently discovered security vulnerabilities in deployed software. In server applications, outdated cryptographic libraries allow adversaries to exploit weaknesses and launch attacks with significant security results. The proposed technique exploits leakages at the hardware level to first, determine if a specific cryptographic library is running inside (or not) a co-located virtual machine (VM) and second to discover the IP of the co-located target. Nevertheless, one of the main concerns that is slowing the widespread usage of such Infrastructure as a Service (IaaS) technologies are potential security vulnerabilities and privacy risks of cloud computing. Usually, CSPs employ virtual machines (VMs), allowing multiple tenants to share the same computing hardware. While this resource sharing maximizes utilization and hence drastically reduces cost, ensuring isolation of potentially sensitive data between VMs instantiated by different and untrusted tenants can be a challenge. Indeed, the main security principle in the design and implementation of virtual machine managers (VMMs) has been that of process and data isolation achieved through sandboxing. Although logical isolation ensures security at the software level, a malicious tenant might still extract private information due to leakage coming from side channels such as shared hardware resources. In short, hardware sharing create an opening for various side channel attacks developed for non-virtualized environments. These powerful attacks are capable of extracting sensitive information, e.g. passwords and private keys, by profiling the victim process. ignoring leakages of information through subtle side-channels shared by the processes running on the same physical hardware. In non-virtualized environments, a number of effective side-channel attacks were proposed that succeeded in extracting sensitive data by targeting the software layer only.

show abstract

“…This is a real threat, as many providers allow multitenancy where the VMs of disjoint customers can reside at the same physical hardware. The risk of memory deduplication attacks in virtualized environments is highlighted in Suzaki et al [2011]. Memory deduplication is a well-known optimization technique applied by, for example, VMware ESX [Waldspurger 2002], Xen [Gupta et al 2010], and KSM (Kernel Samepage Merging) for the Linux kernel [Arcangeli et al 2009], where the VMM shares same-, or similar-content memory pages of various guests.…”

Section: Guest To Guest (G2g)mentioning

confidence: 99%

A survey of security issues in hardware virtualization

2013

View full text Add to dashboard Cite

Virtualization is a powerful technology for increasing the efficiency of computing services; however, besides its advantages, it also raises a number of security issues. In this article, we provide a thorough survey of those security issues in hardware virtualization. We focus on potential vulnerabilities and existing attacks on various virtualization platforms, but we also briefly sketch some possible countermeasures. To the best of our knowledge, this is the first survey of security issues in hardware virtualization with this level of details. Moreover, the adversary model and the structuring of the attack vectors are original contributions, never published before.

show abstract

Memory deduplication as a threat to the guest OS

Cited by 100 publications

References 7 publications

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Security Challenges of Small Cell as a Service in Virtualized Mobile Edge Computing Environments

Know Thy Neighbor: Crypto Library Detection in Cloud

A survey of security issues in hardware virtualization

Contact Info

Product

Resources

About