Skip to main content

Memory Deduplication as a Protective Factor in Virtualized Systems

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12809))

Included in the following conference series:

Abstract

We introduce a method for protection against a side-channel attack made possible by the use of a cloud-computing feature called memory deduplication. Memory deduplication improves the efficiency with which physical memory is used by the virtual machines (VMs) running on the same server by keeping in memory only one copy of the libraries and other software used by multiple VMs. However, this allows an attacker’s VM to find out the memory locations (and thus the operations) used by a victim’s VM, as these locations are cached and can be accessed faster than memory locations not used by the victim. To perform the attack, the malicious VM needs to execute an abnormal sequence of cache flushes, and our new method detects this by monitoring memory locations associated with sensitive (e.g., encryption) operations and using logistic regression to identify the abnormal cached operations. Furthermore, by using its own cache flushing, our method disrupts the side channel, making it more difficult for the attacker to acquire useful information. The experiments we ran using the KVM hypervisor and Ubuntu 18.04 LTS VMs on both Debian 10 and CentOS physical servers show that our method can detect attacks with 99% accuracy, and can feed fake information to an attacker with between 2–8% CPU overheads.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. Privacy 8(6), 24–31 (2010)

    Article  Google Scholar 

  2. Garrison, G., Kim, S., Wakefield, R.L.: Success factors for deploying cloud computing. Commun. ACM 55(9), 62–68 (2012)

    Article  Google Scholar 

  3. Hussain, S.A., Fatima, M., Saeed, A., Raza, I., Shahzad, R.K.: Multilevel classification of security concerns in cloud computing. Appl. Comput. Inform. 13(1), 57–65 (2017)

    Article  Google Scholar 

  4. Kuyoro, S., Ibikunle, F., Awodele, O.: Cloud computing security issues and challenges. Int. J. Comput. Networks (IJCN) 3(5), 247–255 (2011)

    Google Scholar 

  5. Saxena, S., Sanyal, G., Srivastava, S., Amin, R.: Preventing from cross-vm side-channel attack using new replacement method. Wireless Pers. Commun. 97(3), 4827–4854 (2017)

    Article  Google Scholar 

  6. Anwar, S., et al.: Cross-VM cache-based side channel attacks and proposed prevention mechanisms: a survey. J. Network Comput. Appl. 93, 259–279 (2017)

    Article  Google Scholar 

  7. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-vm attack on AES. In: International Workshop on Recent Advances in Intrusion Detection, pp. 299–319 (2014)

    Google Scholar 

  8. Yarom, Y., Falkner, K.: Flush+ reload: a high resolution, low noise, l3 cache side-channel attack. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 14), pp. 719–732 (2014)

    Google Scholar 

  9. Hornby, T.: Side-channel attacks on everyday applications: distinguishing inputs with flush+reload. BlackHat USA (2016)

    Google Scholar 

  10. Philippe-Jankovic, D., Zia, T.A.: Breaking VM isolation-an in-depth look into the cross VM flush reload cache timing attack. Int. J. Comput. Sci. Network Secur. (IJCSNS) 17(2), 181 (2017)

    Google Scholar 

  11. Bazm, M.-M., Sautereau, T., Lacoste, M., Sudholt, M., Menaud, J.-M.: Cache-based side-channel attacks detection through intel cache monitoring technology and hardware performance counters. In: 3rd International Conference on Fog and Mobile Edge Computing (FMEC), pp. 7–12 (2018)

    Google Scholar 

  12. Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)

    Article  Google Scholar 

  13. Cho, J., Kim, T., Kim, S., Im, M., Kim, T., Shin, Y.: Real-time detection for cache side channel attack using performance counter monitor. Appl. Sci. 10(3), 984 (2020)

    Article  Google Scholar 

  14. Gulmezoglu, B., Moghimi, A., Eisenbarth, T., Sunar, B.: Fortuneteller: predicting microarchitectural attacks via unsupervised deep learning. arXiv preprint arXiv:1907.03651 (2019)

  15. Mushtaq, M., Akram, A., Bhatti, M.K., Rais, R.N.B., Lapotre, V., Gogniat, G.: Run-time detection of prime+ probe side-channel attack on AES encryption algorithm. In: Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–5 (2018)

    Google Scholar 

  16. Zhang, T., Zhang, Y., Lee, R.B.: Cloudradar: a real-time side-channel attack detection system in clouds. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 118–140 (2016)

    Google Scholar 

  17. Wang, H., Sayadi, H., Rafatirad, S., Sasan, A., Homayoun, H.: Scarf: detecting side-channel attacks at real-time using low-level hardware features. In: IEEE 26th International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1–6 (2020)

    Google Scholar 

  18. Xia, W., et al.: A comprehensive study of the past, present, and future of data deduplication. Proc. IEEE 104(9), 1681–1710 (2016)

    Article  Google Scholar 

  19. Suzaki, K., Iijima,K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: 4th European Workshop on System Security, p. 1 (2011)

    Google Scholar 

  20. Xiao, J., Xu, Z., Huang, H., Wang, H.: Security implications of memory deduplication in a virtualized environment. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12 (2013)

    Google Scholar 

  21. Lindemann, J., Fischer, M.: A memory-deduplication side-channel attack to detect applications in co-resident virtual machines. In: 33rd Annual ACM Symposium on Applied Computing, pp. 183–192 (2018)

    Google Scholar 

  22. Yan, L., Guo, Y., Chen, X., Mei, H.: A study on power side channels on mobile devices. In: 7th Asia-Pacific Symposium on Internetware, pp. 30–38 (2015)

    Google Scholar 

  23. Briongos, S., Irazoqui, G., Malagón, P., Eisenbarth, T.: Cacheshield: detecting cache attacks through self-observation. In: 8th ACM Conference on Data and Application Security and Privacy, pp. 224–235 (2018)

    Google Scholar 

  24. Bernstein, D.J.: Cache-timing attacks on AES (2005)

    Google Scholar 

  25. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on Xen and VMware. In: IEEE 4th International Conference on Big Data and Cloud Computing, pp. 737–744 (2014)

    Google Scholar 

  26. Jayasinghe, D., Fernando, J., Herath, R., Ragel, R.: Remote cache timing attack on advanced encryption standard and countermeasures. In: 5th International Conference on Information and Automation for Sustainability, pp. 177–182 (2010)

    Google Scholar 

  27. Atici, A.C., Yilmaz, C., Savaş, E.: Cache-timing attacks without a profiling phase. Turkish J. Electr. Eng. Comput. Sci. 26(4), 1953–1966 (2018)

    Article  Google Scholar 

  28. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack. IACR Cryptology ePrint Archive, vol. 2014, p. 140 (2014)

    Google Scholar 

  29. Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: IEEE Symposium on Security and Privacy, pp. 490–505 (2011)

    Google Scholar 

  30. Base, V.K.: Security considerations and disallowing inter-virtual machine transparent page sharing, VMware Knowledge Base, vol. 2080735 (2014)

    Google Scholar 

  31. Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+ flush: a fast and stealthy cache attack. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 279–299 (2016)

    Google Scholar 

  32. Yarom, Y.: Mastik: a micro-architectural side-channel toolkit. https://cs.adelaide.edu.au/~yval/Mastik/

  33. Intel: Virtual targets. https://software.intel.com/content/www/us/en/develop/documentation/vtune-help/top/set-up-analysis-target/on-virtual-machine.html

  34. Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling of virtual machines. In: 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 3–14 (2011)

    Google Scholar 

  35. Hat, R.: 2.2. Virtual Performance Monitoring Unit (vPMU) Red Hat Enterprise Linux 7. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_tuning_and_optimization_guide/sect-virtualization_tuning_optimization_guide-monitoring_tools-vpmu

  36. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: Homealone: co-residency detection in the cloud via side-channel analysis. In: IEEE Symposium on Security and Privacy, pp. 313–328 (2011)

    Google Scholar 

  37. Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 15(2), 843–859 (2012)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vassilios Vassilakis .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Albalawi, A., Vassilakis, V., Calinescu, R. (2021). Memory Deduplication as a Protective Factor in Virtualized Systems. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81645-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81644-5

  • Online ISBN: 978-3-030-81645-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics