Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication

Memory deduplication merges same-content memory pages and reduces the consumption of physical memory. It is a desirable feature for virtual machines on IaaS (Infrastructure as a Service) type cloud computing, because IaaS hosts many guest OSes which are expected to include many identical memory pages. However, some security capabilities of the guest OS modify memory contents for each execution (e.g., ASLR: Address Space Layout Randomization) or uniformly set inactive memory contents to zero (Memory Sanitization). These capabilities have positive or negative impacts on memory deduplication. The severity of the impact depends on the size of the memory (i.e., the number of virtual machines) and update frequency, because most memory deduplications scan and merge the memory at runtime at regular intervals. We evaluated the effects of ASLR, Memory Sanitization, and their related security capabilities (Position Independent Executables, page cache flushing, and dirty page flushing) of the Linux guest operating system on the KVM virtual machine with KSM (Kernel Samepage Merging) memory deduplication. The results indicate ASLR increases physical memory consumption by more than 18% on 4 virtual machines with memory deduplication. The combination of memory sanitization and page cache flushing reduce physical memory consumption about 20 35% at a stable state.