在云计算系统中，内核随机化如何取消内存重复数据删除

2018 IEEE 17th International Symposium on Network Computing and Applications (NCA) Pub Date : 2018-11-01 DOI:10.1109/NCA.2018.8548338

Fernando Vano-Garcia, Héctor Marco-Gisbert

{"title":"在云计算系统中，内核随机化如何取消内存重复数据删除","authors":"Fernando Vano-Garcia, Héctor Marco-Gisbert","doi":"10.1109/NCA.2018.8548338","DOIUrl":null,"url":null,"abstract":"Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.","PeriodicalId":268662,"journal":{"name":"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems\",\"authors\":\"Fernando Vano-Garcia, Héctor Marco-Gisbert\",\"doi\":\"10.1109/NCA.2018.8548338\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.\",\"PeriodicalId\":268662,\"journal\":{\"name\":\"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NCA.2018.8548338\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCA.2018.8548338","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

云计算极大地影响了我们的娱乐、工作和生活方式。它在许多领域被广泛采用，主要是因为它以灵活、可扩展和可靠的方式降低了执行任务的成本。为了提供安全的云计算架构，必须应用尽可能高级别的保护。不幸的是，云计算范式引入了新的场景，在这些场景中，安全保护技术被削弱或禁用，以获得更好的性能和资源利用。一个重要的例子是被地址空间布局随机化(ASLR)保护技术取消的内存重复数据删除机制。在本文中，我们对启用内核随机化时对内存重复数据删除技术的影响进行了精确分析。我们的实验表明，当启用内核ASLR时，运行24个内核的内存开销增加了534%(从613 MiB增加到3.9 GiB)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems

Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)

自引率

0.00%

发文量