Security implications of memory deduplication in a virtualized environment

Author

Jidong Xiao ; Zhang Xu ; Hai Huang ; Haining Wang

Author_Institution

Coll. of William & Mary, Williamsburg, VA, USA

fYear

2013

fDate

24-27 June 2013

Firstpage

1

Lastpage

12

Abstract

Memory deduplication has been widely used in various commodity hypervisors. By merging identical memory contents, it allows more virtual machines to run concurrently on top of a hypervisor. However, while this technique improves memory efficiency, it has a large impact on system security. In particular, memory deduplication is usually implemented using a variant of copy-on-write techniques, for which, writing to a shared page would incur a longer access time than those non-shared. In this paper, we investigate the security implication of memory deduplication from the perspectives of both attackers and defenders. On one hand, using the artifact above, we demonstrate two new attacks to create a covert channel and detect virtualization, respectively. On the other hand, we also show that memory deduplication can be leveraged to safeguard Linux kernel integrity.

Keywords

Linux; concurrency control; merging; paged storage; security of data; storage management; supervisory programs; virtual machines; virtualisation; Linux kernel integrity; access time; commodity hypervisors; concurrent virtual machines; copy-on-write techniques; identical memory content merging; memory deduplication; memory efficiency improvement; security implications; shared page writing; system security; virtualization detection; virtualized environment; Linux; Virtual machine monitors;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on

Conference_Location

Budapest

ISSN

1530-0889

Print_ISBN

978-1-4673-6471-3

Type

conf

DOI

10.1109/DSN.2013.6575349

Filename

6575349