effects of memory randomization sanitization and page
play

Effects of Memory Randomization, Sanitization and Page Cache on - PowerPoint PPT Presentation

Dec 15, 2022 •33 likes •283 views

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki Kengo Iijima Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern, April

  1. Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki Kengo Iijima Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern, April 10

  2. Background 1/2 • Infrastructure as a Service(IaaS) type cloud computing offers OS hosting service and runs many virtual machines. – Examples: Amazon EC2, Rackspace, ... – Physical resources are very important. Many techniques are developed to save resources developed to save resources. • We concentrate on memory. • Memory Deduplication is utilized to share same contents and reduces consumption of physical memory. • Venders want to use this function, but …

  3. Background 2/2 • Some attacks are appeared on IaaS, and users want to increase security of Guest OS. – For example, Cross VM Side channel attack [CSS2009] • Guest OSes have some choices of security function. – Some of them change the behavior of memory and will work to increase or decrease performance of memory deduplication. i d f f d d li i • Our paper measures the affects of security functions on real memory deduplication (KSM with KVM).

  4. Contents 1)Background 2)Memory deduplication 3)OS security functions – Address Space Layout randomization Memory Sanitization Address Space Layout randomization, Memory Sanitization, Page Cache flashing 4)Experimental results – On Linux’s KSM (Kernel Samepage Merging) with KVM virtual machine monitor 5)Discussion and Conclusion

  5. Memory Deduplication 1/2 • Memory deduplication is a technique to share same contents page. – Mainly used for virtual machines. – Very effective when same guest OS runs on many virtual machines. • • Many virtual machine monitors include deduplication Many virtual machine monitors include deduplication with different implementations. Guest Pseudo Memory VM1 VM2 VM(n) Real Physical Memory

  6. Memory Deduplication 2/2 • Content-aware deduplication – Check contents when data is loaded from disk to memory. • Transparent Page Sharing on Disco [OSDI97] • Satori on Xen[USENIX09] • Periodical memory-scan deduplication – Scan memory pages and merge when pages are same. It can treat dynamically created contents pages. • Content-Based Page Sharing on VMWare ESX [SOSP02] • Differential Engine on Xen[OSDI08] • KSM (Kernel Samepage Merging) [LinuxSymp09] – General-purpose memory deduplication for Linux. – Used mainly for KVM. • Our paper uses KSM with KVM virtual machine.

  7. KSM: Kernel Samepage Merging • KSM has 3 states for pages. – Volatile : contents change frequently (not to be candidate) – Unshared: candidate pages for deduplication (unique at present) – Shared: deduplicated pages with same contents. • Pages are scanned (default: 20msec) – All pages are not scanned at a trial. All t d t t i l – The maximum is 25% of the available memory. – The time to be deduplicated depends on the situation.

  8. Contents 1)Background 2)Memory deduplication 3)OS security functions – Address Space Layout randomization Memory Sanitization Address Space Layout randomization, Memory Sanitization, Page Cache flashing 4)Experimental results – On Linux’s KSM (Kernel Samepage Merging) with KVM virtual machine monitor 5)Discussion and Conclusion

  9. OS Security functions • Modern OSes have security functions that modify memory contents dynamically. 1. Address Space Layout Randomization (ASLR) with Position Independent Executable (PIE) 2. Memory Sanitization 3. Page Cache flashing

  10. Address Space Layout Randomization(ASLR) • Normal binary has fixed Memory layout, and has vulnerability for overflow attack. • ASLR gives randomized offset (aligned page) to code, library, and stack. • Early ASLR for Linux is implemented on PaX and Exec Shield Linux. • Linux 2.6.12 (June 2005), Windows VISTA. • Binaries have to be Position Independent Executable (PIE). – GCC has options to compile a code for PIE-ELF binary. (“-fPIE” for compiler p p y ( p and “–pie” for linker) • Disadvantage: PIE binaries become fat, because the all addressing are relocatable. • ASLR and PIE binaries will affect memory deduplication. Normal ELF PIE-ELF on ASLR Stack 0x???????? Stack 0xBFFFF000 Library 0x???????? Library 0x40000000 PIE code Position Independent 0x???????? The address is Code changed for each 0x08048000 process on ASLR

  11. Memory sanitization • Technique for zero-clearing pages after use. – Sensitive data remain for long periods after use, and Chow proposed Secure deallocation [USENIX Security 04, 05] . It prevents information leak. • Linux has unconditional page sanitization patch. – Increased zero-cleared pages will be deduplicated. As a result, it will reduces consumption of physical memory reduces consumption of physical memory. – Disadvantage: • Linux’s sanitization requires zero-clearing all physical pages at boot time. • Do not treat page cache, because cashed pages are not released from a kernel. Physical Memory 0xXXXX0000 000000 0000000 00000000 Zero-cleared 0x00000000

  12. Page Cache flushing • Page Cache flushing reduces possibility of information leak. • Page Cache reduces I/O overhead when pages are accessed repeatedly. However, the page cache may include sensitive data. • Linux kernel has DropCache for page cache flushing. – DropCache released all cached pages from the kernel. • “cron” is used to flush page cache at certain intervals (1 sec). – The flushed memory region is reused for other processes. As a result, it will Th fl h d i i d f th A lt it ill reduce consumption of physical memory. – DropCache does not zero-clear the released pages. We need to enable sanitization to zero-clear the pages. – Disadvantage: • Re-loaded data from disk when the same contents are accessed again.

  13. Contents 1)Background 2)Memory deduplication 3)OS security functions – Address Space Layout randomization Memory Sanitization Address Space Layout randomization, Memory Sanitization, Page Cache flashing 4)Experimental results – On Linux’s KSM (Kernel Samepage Merging) with KVM virtual machine monitor 5)Discussion and Conclusion

  14. Experiments • Measure the effects of 3 security functions (ALSR, memory sanitization, DropCache: page cache flushing) on memory deduplication (KSM with KVM). • Test environment – Intel Core2Quad (Q9650) 3.0GHz processor – Host OS: Ubuntu 9.10 (kernel: vanilla-2.6.32.1) with memory deduplication KSM and virtual machine monitor KVM – 2 type of Guest OSes • Normal Gentoo Linux (1.12.13, kernel 2.6.31) on a 32GB virtual disk (31GB ext3, 1GB swap) • Gentoo Linux which is built as PIE binaries – It utilize ALSR

  15. Effects of Position Independent Executable (PIE) • Gentoo Linux has 1,469 ELF binary files in /bin, /sbin, /usr/bin, and /usr/sbin. – On Normal Gentoo the total is 88.4MB – On PIE Gentoo the total is 94.6MB (7% more). • The biggest change: “pampop9” 5 396B > 9 440B (75% more) • The biggest change: pampop9 5,396B -> 9,440B (75% more). • The smallest change: “wall” from 9,624B to 9,392B (2% less). • From after PIE Gentoo is mainly used.

  16. With and without ASLR, DropCache and Sanitization on 4VMs Security function Stable State ① Peak Mem ⑤ Guest OS ③ Sharing ④ Unshared+ (MB) Boot Time ② Physical Mem (MB) ASLR Sanitize (MB (%)) Volatile DropCache Virtual/Physical (sec) (MB (%)) ○ 234.9 106.4(45.3) 128.5(54.7) 62 574/458 ○ ○ 431/332 206.9 70.7(34.1) 136.3(65.9) 83 ○ ○ 2063/1661 204.6 82.1(40.1) 122.5(59.9) 61 ○ ○ ○ 2063/1616 186.5 39.4(21.1) 147.1(78.9) 83 574/455 199.0 120.1(60.4) 78.9(39.6) 62 ○ 429/316 169.5 83.1(49.0) 86.5(51.0) 82 ○ 2063/1661 171.2 94.0(54.9) 77.2(45.1) 62 ○ ○ 2063/1161 129.9 50.4(38.8) 79.5(61.2) 85

  17. With and without ASLR, DropCache and Sanitization on 4VMs DropCache delayed Security function Stable State the boot time. ① Peak Mem ⑤ Guest OS ③ Sharing ④ Unshared+ (MB) Boot Time ② Physical Mem (MB) ASLR Sanitize (MB (%)) Volatile DropCache Virtual/Physical (sec) (MB (%)) +18% ○ 234.9 106.4(45.3) 128.5(54.7) 62 574/458 ○ ○ 431/332 206.9 70.7(34.1) 136.3(65.9) 83 -12% ○ ○ 2063/1661 204.6 82.1(40.1) 122.5(59.9) 61 -13% 13% +43% ○ ○ ○ 2063/1616 186.5 39.4(21.1) 147.1(78.9) 83 -21% Decrease Increase 574/455 199.0 120.1(60.4) 78.9(39.6) 62 ○ 429/316 169.5 83.1(49.0) 86.5(51.0) 82 -15% ○ 2063/1661 171.2 94.0(54.9) 77.2(45.1) 62 -14% ○ ○ 2063/1161 129.9 50.4(38.8) 79.5(61.2) 85 -35% Sanitization uses all virtual ASLR decreases deduplication and memory, but consumption increases unique pages. It means ASLR increases physical memory consumption of physical memory is ASLR reduces opportunities for Others (DropCache, Sanitization, and Both) reduced by deduplication. memory deduplication. decrease.

  18. Virtual and Physical memory consumption Sanitization use MB 2500 all memory Virtual Max 1VM, 2VMs, 4VMs Physical Max 2000 1500 1000 Smallest Smallest 500 0 • Sanitization uses all virtual memory. KSM depress the consumption of physical memory but it is still large. • DropCache, (2) and (6), shows the smallest consumptions, because the flushed pages are reused. – They shows enabling DropCahe is the best from the view of memory, but DropCache affects the time performance of GuestOS.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory

Protecting Memory What is there to protect in memory? Page tables and virtual memory protection Special security issues for memory Buffer overflows Lecture 8 Page 1 CS 236 Online What Is In Memory? Executable code

401 views • 24 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
1 Clock algorithm Least Recently Used (LRU) Same functionality as Assume pages used

1 Clock algorithm Least Recently Used (LRU) Same functionality as Assume pages used

Page replacement algorithms Page fault forces a choice No room for new page (steady state) Which page must be removed to make room for an Chapter 4: Memory Management incoming page? How is a page removed from physical memory?

853 views • 6 slides
Ausgewhlte Betriebssysteme Memory 1 Memory Management Kernel Page Frames Buddy

Ausgewhlte Betriebssysteme Memory 1 Memory Management Kernel Page Frames Buddy

Ausgewhlte Betriebssysteme Memory 1 Memory Management Kernel Page Frames Buddy Allocator Slab Allocators Buffer Cache Page Cache Process Memory Regions 2 Memory Map 3 Page Frame kernel must keep track of

878 views • 43 slides
TLBs 1 memory HW random memory image page tables with 1-byte page entries answer: 2-byte

TLBs 1 memory HW random memory image page tables with 1-byte page entries answer: 2-byte

TLBs 1 memory HW random memory image page tables with 1-byte page entries answer: 2-byte values read (or replaced) or fault 3 attempts per set of problems submitting only right and blank answers doesnt count as attempt keep

1.2k views • 95 slides
Memory Management Ausgewhlte Betriebssysteme Kernel Page Frames Buddy Allocator

Memory Management Ausgewhlte Betriebssysteme Kernel Page Frames Buddy Allocator

Memory Management Ausgewhlte Betriebssysteme Kernel Page Frames Buddy Allocator Slab Allocators Buffer Cache Memory Page Cache Process Memory Regions 1 2 Memory Map Page Frame kernel

234 views • 11 slides
Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An algorithm that uses (or can use) random coin flips in order to make decisions We will see: randomization can be a powerful tool to Make

497 views • 21 slides
Virtual Memory Chapter 18 S. Dandamudi Outline Introduction Page table placement

Virtual Memory Chapter 18 S. Dandamudi Outline Introduction Page table placement

Virtual Memory Chapter 18 S. Dandamudi Outline Introduction Page table placement Searching hierarchical page Virtual memory concepts tables Page replacement policies Inverted page table Write policy organization

781 views • 23 slides
Virtual Memory - III Effective Access Time (EAT) EAT = (1 p ) x memory access + p x (page

Virtual Memory - III Effective Access Time (EAT) EAT = (1 p ) x memory access + p x (page

CSC 4103 - Operating Systems Performance of Demand Paging Spring 2008 Page Fault Rate 0 p 1.0 if p = 0 no page faults Lecture - XVII if p = 1, every reference is a fault Virtual Memory - III Effective Access Time (EAT)

283 views • 3 slides
Lecture 19: Virtual Memory Virtual Memory concept, Virtual- physical translation, page table,

Lecture 19: Virtual Memory Virtual Memory concept, Virtual- physical translation, page table,

Lecture 19: Virtual Memory Virtual Memory concept, Virtual- physical translation, page table, TLB, Alpha 21264 memory hierarchy 1 Adapted from UC Berkeley CS252 S01 Virtual Memory Virtual memory (VM) allows programs to have the illusion of a

711 views • 23 slides
Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management n Basic

Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management n Basic

Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management n Basic memory management n Swapping n Virtual memory n Page replacement algorithms n Modeling page replacement algorithms n Design issues for paging systems n

817 views • 35 slides
I n p u t sanitization); drop table slides New attacks and countermeasures: SQL

I n p u t sanitization); drop table slides New attacks and countermeasures: SQL

This time Continuing with Software Getting insane with Security I n p u t sanitization); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web architecture Client

1.22k views • 102 slides
Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management Basic

Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management Basic

Chapter 4: Memory Management Part 1: Mechanisms for Managing Memory Memory management Basic memory management Swapping Virtual memory Page replacement algorithms Modeling page replacement algorithms Design issues for paging

950 views • 69 slides
I/O Caching and Page Replacement I/O Caching and Page Replacement Memory/Storage Hierarchy 101

I/O Caching and Page Replacement I/O Caching and Page Replacement Memory/Storage Hierarchy 101

I/O Caching and Page Replacement I/O Caching and Page Replacement Memory/Storage Hierarchy 101 Memory/Storage Hierarchy 101 Very fast 1ns clock P Multiple Instructions SRAM, Fast, Small per cycle Expensive (cache, registers) $ CPU-DRAM

479 views • 14 slides
NOW Handout Page 1 CS258 S99 1 Physi sical al Mem is 2 41 41 or Page size is 2 13 13 or 8Kb

NOW Handout Page 1 CS258 S99 1 Physi sical al Mem is 2 41 41 or Page size is 2 13 13 or 8Kb

11 Advanced Cache Optimizations Memory Technology and DRAM optimizations Virtual Machines Xen VM: Design and Performance AMD Opteron Memory Hierarchy COSC 5351 Advanced Computer Architecture Opteron Memory Performance vs.

513 views • 14 slides
Paging in details (recap) Page Lookup Physical Memory Virtual Address page offset Physical

Paging in details (recap) Page Lookup Physical Memory Virtual Address page offset Physical

Paging in details (recap) Page Lookup Physical Memory Virtual Address page offset Physical Address frame offset Page Table page frame Improving paging Larger virtual than physical memory (swapping) Smaller page tables Faster

380 views • 25 slides
MDE-based Sensor Management and Verification for a Self-Driving Miniature Vehicle Christian

MDE-based Sensor Management and Verification for a Self-Driving Miniature Vehicle Christian

MDE-based Sensor Management and Verification for a Self-Driving Miniature Vehicle Christian Berger Md Abdullah Al Mamun Jrgen Hansson Division of Software Engineering Department of Computer Science & Engineering The 13th Workshop on

762 views • 16 slides
Topic 15 Using MicroPython on ESP32 Professor Peter YK Cheung Dyson School of Design Engineering

Topic 15 Using MicroPython on ESP32 Professor Peter YK Cheung Dyson School of Design Engineering

Topic 15 Using MicroPython on ESP32 Professor Peter YK Cheung Dyson School of Design Engineering URL: www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/ E-mail: p.cheung@imperial.ac.uk PYKC 9 June 2020 Topic 15 Slide 1 DE 1.3 - Electronics 1

752 views • 13 slides
Lab 0 2 Overview Learn how to use the command line to navigate and manipulate files as well

Lab 0 2 Overview Learn how to use the command line to navigate and manipulate files as well

1 Lab 0 2 Overview Learn how to use the command line to navigate and manipulate files as well as compile and run your embedded programs Install the Arduino compiler and other software We have the software on some USB drives you can

529 views • 20 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating

CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating

CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating language Jinja templates are simply text files Include Jinja tags that will be expanded when the template is rendered Here, we'll

381 views • 8 slides
Improving the Security of Edge Computing Services Update status of the support for AMD and Intel

Improving the Security of Edge Computing Services Update status of the support for AMD and Intel

Improving the Security of Edge Computing Services Update status of the support for AMD and Intel processors FOSDEM 2020 Piotr Krl 1 / 13 Who am I Piotr Krl Founder & Embedded Systems Consultant open-source firmware @pietrushnic

142 views • 13 slides
The 5 Elements of IoT Security Julien Vermillard - Sierra Wireless Who am I? Software Engineer

The 5 Elements of IoT Security Julien Vermillard - Sierra Wireless Who am I? Software Engineer

The 5 Elements of IoT Security Julien Vermillard - Sierra Wireless Who am I? Software Engineer Sierra Wireless AirVantage.net cloud service Eclipse IoT: Leshan project lead Wakaama and Californium committer Twitter: @vrmvrm Email:

824 views • 47 slides
Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu

Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu

Hardware Backdooring is practical Jonathan Brossard (Toucan System) Florentin Demetrescu (Cassidian) DISCLAIMER We are not terrorists . We won't release our PoC backdoor. The x86 architecture is plagued by legacy. Governments know.

525 views • 37 slides
The Timers of the STM32 Microcontrollers Corrado Santoro ARSLAB - Autonomous and Robotic Systems

The Timers of the STM32 Microcontrollers Corrado Santoro ARSLAB - Autonomous and Robotic Systems

The Timers of the STM32 Microcontrollers Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory Dipartimento di Matematica e Informatica - Universit` a di Catania, Italy santoro@dmi.unict.it L.S.M. Course Corrado Santoro The

235 views • 19 slides

More recommend