Abstract | ||
---|---|---|
Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1145/1972551.1972552 | EUROSEC |
Keywords | Field | DocType |
physical memory,firefox browser,attack mechanism,memory deduplication,guest os,memory disclosure attack,kvm virtual machine,deduplicated memory page,virtual machine,same-content memory page,memory deduplication share,operating system | Memory protection,Extended memory,Computer science,Virtual memory,Computer security,Memory management,Memory map,Flat memory model,Memory footprint,Operating system,Demand paging | Conference |
Citations | PageRank | References |
50 | 2.07 | 10 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Kuniyasu Suzaki | 1 | 127 | 13.85 |
Kengo Iijima | 2 | 70 | 5.81 |
Toshiki Yagi | 3 | 69 | 6.21 |
Cyrille Artho | 4 | 588 | 44.46 |