Fingerprinting large data sets through memory de-duplication technique in virtual machines

Because of intellectual property, user privacy, and several other reasons, many scientific and military projects choose to hide the information about the data sets that they are using for analysis and computation. Attackers have designed various mechanisms to compromise the operating system or database management system to steal such information. In this paper, we propose a non-interactive mechanism to identify the data sets in use in a cloud computing environment when the virtual machine (VM) hypervisors adopt the memory de-duplication technique. Specifically, when multiple memory pages with the same contents occupy only one physical page, their reading and writing access delay will demonstrate some special properties. We use the access delay of the memory pages that are unique to some specific data sets to derive out whether or not our VM instance is accessing the same data sets as the target of the attack. The experiment results on a widely used scientific analysis software package ParaView demonstrate the practicability of the attack. We also discuss the mechanisms to defend against such attacks.