Breaking KASLR Using Memory Deduplication in Virtualized Environments

Taehun Kim; Taehyun Kim; Youngjoo Shin

doi:10.3390/electronics10172174

Breaking KASLR Using Memory Deduplication in Virtualized Environments

Electronics ◽

10.3390/electronics10172174 ◽

2021 ◽

Vol 10 (17) ◽

pp. 2174

Author(s):

Taehun Kim ◽

Taehyun Kim ◽

Youngjoo Shin

Keyword(s):

Virtual Machines ◽

Defense Mechanism ◽

Side Channel ◽

Page Table ◽

Timing Channel ◽

Channel Analysis ◽

Memory Sharing ◽

Memory Deduplication ◽

Space Layout ◽

Address Space Layout Randomization

Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate that KASLR can still be broken, even with the latest OSs where KPTI is applied. In particular, we present a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines. The proposed attack leverages the memory deduplication feature on a hypervisor, which provides a timing channel for inferring secret information regarding the victim. By conducting experiments on KVM and VMware ESXi, we show that the proposed attack can obtain the kernel address within a short amount of time. We also present several countermeasures that can prevent such an attack.

Get full-text (via PubEx)

A memory-deduplication side-channel attack to detect applications in co-resident virtual machines

Proceedings of the 33rd Annual ACM Symposium on Applied Computing - SAC '18 ◽

10.1145/3167132.3167151 ◽

2018 ◽

Cited By ~ 5

Author(s):

Jens Lindemann ◽

Mathias Fischer

Keyword(s):

Virtual Machines ◽

Side Channel ◽

Side Channel Attack ◽

Memory Deduplication

Get full-text (via PubEx)

On the detection of applications in co-resident virtual machines via a memory deduplication side-channel

ACM SIGAPP Applied Computing Review ◽

10.1145/3307624.3307628 ◽

2019 ◽

Vol 18 (4) ◽

pp. 31-46

Author(s):

Jens Lindemann ◽

Mathias Fischer

Keyword(s):

Virtual Machines ◽

Side Channel ◽

Memory Deduplication

Get full-text (via PubEx)

A Defense Mechanism Based on Improved Allocation Strategy of VMs Co-Resident Attack in Power Cloud Platform

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666200311142532 ◽

2020 ◽

Vol 13 ◽

Author(s):

Yuancheng Li ◽

Pan Zhang ◽

Daoxing Li ◽

Jing Zeng

Keyword(s):

Virtual Machine ◽

Simulation Experiment ◽

Virtual Machines ◽

Defense Mechanism ◽

Security Threats ◽

Allocation Strategy ◽

Cloud Platform ◽

Deployment Strategy ◽

Dbscan Algorithm ◽

Maximum Minimum

Background: Cloud platform is widely used in electric power field. Virtual machine co-resident attack is one of the major security threats to the existing power cloud platform. Objective: This paper proposes a mechanism to defend virtual machine co-resident attack on power cloud platform. Method: Our defense mechanism uses the DBSCAN algorithm to classify and output the classification results through the random forest and uses improved virtual machine deployment strategy which combines the advantages of random round robin strategy and maximum/minimum resource strategy to deploy virtual machines. Results: we made a simulation experiment on power cloud platform of State Grid and verified the effectiveness of proposed defense deployment strategy. Conclusion: After the virtual machine deployment strategy is improved, the coverage of the virtual machine is remarkably reduced which proves that our defense mechanism achieves some effect of defending the virtual machine from virtual machine co-resident attack.

Get full-text (via PubEx)