{"title":"内存重复数据删除对客户操作系统构成威胁","authors":"K. Suzaki, K. Iijima, T. Yagi, Cyrille Artho","doi":"10.1145/1972551.1972552","DOIUrl":null,"url":null,"abstract":"Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.","PeriodicalId":302603,"journal":{"name":"European Workshop on System Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"130","resultStr":"{\"title\":\"Memory deduplication as a threat to the guest OS\",\"authors\":\"K. Suzaki, K. Iijima, T. Yagi, Cyrille Artho\",\"doi\":\"10.1145/1972551.1972552\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.\",\"PeriodicalId\":302603,\"journal\":{\"name\":\"European Workshop on System Security\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"130\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Workshop on System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1972551.1972552\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Workshop on System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1972551.1972552","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 130
摘要
内存重复删除可以共享相同内容的内存页面,减少物理内存的消耗。它在运行许多具有相同操作系统的虚拟机的环境中是有效的。但是,内存重复数据删除很容易受到内存泄露攻击的攻击,这种攻击会暴露另一个虚拟机上存在的应用程序或文件。这种攻击利用了通过write - on - copy重新创建的重复数据删除内存页的写访问时间差异。根据我们对KVM虚拟机的KSM(内核同页合并)的经验,这种攻击可以检测到Linux上存在的sshd和apache2,以及WindowsXP上存在的IE6和Firefox。它还可以检测Firefox浏览器上的下载文件。本文描述了这种攻击的机制,并提出了相应的防范措施。
Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
