Security implications of memory deduplication in a virtualized environment
作者: Jidong Xiao , Zhang Xu , Hai Huang , Haining Wang
关键词: Data diffusion machine 、 Computer science 、 Operating system 、 Memory map 、 Memory management 、 Hypervisor 、 Virtual memory 、 Virtual machine 、 Covert channel 、 Overlay
摘要: Memory deduplication has been widely used in various commodity hypervisors. By merging identical memory contents, it allows more virtual machines to run concurrently on top of a hypervisor. However, while this technique improves efficiency, large impact system security. In particular, is usually implemented using variant copy-on-write techniques, for which, writing shared page would incur longer access time than those non-shared. paper, we investigate the security implication from perspectives both attackers and defenders. On one hand, artifact above, demonstrate two new attacks create covert channel detect virtualization, respectively. other also show that can be leveraged safeguard Linux kernel integrity.
computer.org
ieeecomputersociety.org
udel.edu 
acm.org 参考文章(26)
Tal Garfinkel, Keith Adams, Jason Franklin, Andrew Warfield, Compatibility is not transparency: VMM detection myths and realities HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 6- ,(2007)
Jerzy Szczepkowski, Michal Welnicki, Lukasz Heldt, Wojciech Kilian, Cristian Ungureanu, Michal Kaczmarczyk, Przemyslaw Strzelczak, Cezary Dubnicki, Leszek Gryz, HYDRAstor: a Scalable Secondary Storage file and storage technologies. pp. 197- 210 ,(2009)
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, Edgar Weippl, None, Dark clouds on the horizon: using cloud storage as attack vector and online slack space usenix security symposium. pp. 5- 5 ,(2011)
Markus Jakobsson, Zulfikar Ramzan, Crimeware: Understanding New Attacks and Defenses ,(2008)
Kuniyasu Suzaki, Cyrille Artho, Kengo Iijima, Toshiki Yagi, Nguyen Anh Quynh, Yoshihito Watanebe, Moving from logical sharing of guest OS to physical sharing of deduplication on virtual machine usenix conference on hot topics in security. pp. 1- 7 ,(2010)
Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, Leendert van Doorn, Towards Sound Detection of Virtual Machines Botnet Detection. pp. 89- 116 ,(2008) , 10.1007/978-0-387-68768-1_5
Haining Wang, Zhang Xu, Zhenyu Wu, Whispers in the hyper-space: high-speed covert channel attacks in the cloud usenix security symposium. pp. 9- 9 ,(2012)
Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, Countering Persistent Kernel Rootkits through Systematic Hook Discovery recent advances in intrusion detection. pp. 21- 38 ,(2008) , 10.1007/978-3-540-87403-4_2