Breaking KASLR Using Memory Deduplication in Virtualized Environments
نویسندگان
چکیده
Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the from all attacks that break address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate KASLR can still be broken, even with latest OSs where KPTI is applied. particular, present novel memory-sharing-based attack breaks on KPTI-enabled Linux virtual machines. The proposed leverages memory deduplication feature hypervisor, which provides timing channel inferring secret information regarding victim. By conducting experiments KVM and VMware ESXi, show obtain within short amount of time. We also several countermeasures prevent such an attack.
منابع مشابه
Group-Based Memory Deduplication for Virtualized Clouds
In virtualized clouds, machine memory is known as a resource that primarily limits consolidation level due to the expensive cost of hardware extension and power consumption. To address this limitation, various memory deduplication techniques have been proposed to increase available machine memory by eliminating memory redundancy. Existing memory deduplication techniques, however, lack isolation...
متن کاملCoordinated memory management in virtualized environments
Dedicated to my parents Dibakar, Sabita, and my lovely wife Ellina, for they were as much a part of this journey, as me. iii ACKNOWLEDGEMENTS Completing a dissertation is a long and difficult road that I never could have navigated alone. There are too many people I must thank, but a few deserve special note. First and foremost among them is my advisor, Prof. Kishore Ramachandran, without whose ...
متن کاملA Deduplication Study for Host-side Caches with Dynamic Workloads in Virtualized Data Center Environments
Deduplication is a well-known method that improves storage efficiency and reduces the cost of storage in corporate data centers [3, 4]. For virtualized data centers, and in particular for virtual desktop infrastructure (VDI), centrally-managed networked storage can greatly reduce the overall data footprint because virtual machine (VM) disk images have largely the same content. Recent work by By...
متن کاملTrends in Virtualized User Environments
Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the ...
متن کاملKASLR is Dead: Long Live KASLR
Modern operating system kernels employ address space layout randomization (ASLR) to prevent control-flow hijacking attacks and code-injection attacks. While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information. Strictly splitting kernel space and user space has recently been proposed as a th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Electronics
سال: 2021
ISSN: ['2079-9292']
DOI: https://doi.org/10.3390/electronics10172174