ABSTRACT
Address space layout randomization (ASLR) is a widely used component of computer security aimed at preventing code reuse and/or data-only attacks. Modern kernels utilize kernel ASLR (KASLR) and finer-grained forms, such as functional granular KASLR (FGKASLR), but do so as part of an inefficient bootstrapping process we call bootstrap self-randomization. Meanwhile, under increasing pressure to optimize their boot times, microVM architectures such as AWS Firecracker have resorted to eliminating bootstrapping steps, particularly decompression and relocation from the guest kernel boot process, leaving them without KASLR. In this paper, we present in-monitor KASLR, in which the virtual machine monitor efficiently implements KASLR for the guest kernel by skipping the expensive kernel self-relocation steps. We prototype in-monitor KASLR and FGKASLR in the open-source Firecracker virtual machine monitor demonstrating, on a microVM configured kernel, boot times 22% and 16% faster than bootstrapped KASLR and FGKASLR methods, respectively. We also show the low overhead of in-monitor KASLR, with only 4% (2 ms) increase in boot times on average compared to a kernel without KASLR. We also discuss the implications and future opportunities for in-monitor approaches.
- [n. d.]. Apache OpenWhisk: Open Source Serverless Cloud Platform. http://openwhisk.apache.org/. (Accessed on 2021-01-04).Google Scholar
- [n. d.]. AWS Lambda. https://aws.amazon.com/lambda/. (Accessed on 2016-03-04).Google Scholar
- [n. d.]. Azure Functions Serverless Compute. https://azure.microsof.com/en-us/services/functions/. (Accessed on 2021-01-04).Google Scholar
- [n. d.]. Docker. http://docs.docker.io/en/latest/.Google Scholar
- [n. d.]. IBM Cloud Functions. https://www.ibm.com/cloud/functions. (Accessed on 2021-01-04).Google Scholar
- [n. d.]. Intel NEMU: Modern Hypervisor for the Cloud. https://github.com/intel/nemu.Google Scholar
- [n. d.]. Kata Containers: The speed of containers, the security of VMs. https://katacontainers.io/. (Accessed on 2021-01-04).Google Scholar
- [n. d.]. Kernel Samepage Merging. https://www.linux-kvm.org/page/KSM.Google Scholar
- [n. d.]. LING. http://erlangonxen.org.Google Scholar
- [n. d.]. Linux Containers. https://linuxcontainers.org/.Google Scholar
- 2015. Clive: Removing (most of) the software stack from the cloud. http://lsub.org/ls/clive.html.Google Scholar
- 2015. JavaScript library operating system for the cloud. http://runtimejs.org/.Google Scholar
- 2015. The Rumprun unikernel and toolchain for various platforms. https://github.com/rumpkernel/rumprun.Google Scholar
- 2020. pvh. https://xenbits.xen.org/docs/unstable/misc/pvh.html.Google Scholar
- 2020. THE LINUX/x86 BOOT PROTOCOL. https://www.kernel.org/doc/Documentation/x86/boot.rst.Google Scholar
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-Flow Integrity. In Proc. of ACM CCS. Alexandria, VA.Google Scholar
- Kristen Carlson Accardi. 2020. Function Granular KASLR. https://lkml.org/lkml/2020/7/17/947.Google Scholar
- Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In Proc. of USENIX NSDI. Santa Clara, CA.Google Scholar
- Istemi Ekin Akkus, Ruichuan Chen, Ivica Rimac, Manuel Stein, Klaus Satzke, Andre Beck, Paarijaat Aditya, and Volker Hilt. 2018. SAND: Towards High-Performance Serverless Computing. In Proc. of USENIX Annual Technical Conf. Boston, MA.Google Scholar
- Michael Backes and Stefan Nürnberger. 2014. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. In Proc. of USENIX Security. San Diego, CA.Google ScholarDigital Library
- Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the Art of Virtualization. In Proc. of ACM SOSP. Bolton Landing, NY.Google ScholarDigital Library
- Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross. 2015. CAIN: Silently Breaking ASLR in the Cloud. In Proc. of USENIX WOOT. Washington, D.C.Google Scholar
- John Baublitz, Nick Desaulniers, Alex Gaynor, Geoffrey Thomas, Josh Triplett, and Miguel Ojeda. 2020. Barriers to in-tree Rust. In Linux Plumbers Conference. Virtual Conference.Google Scholar
- Alfred Bratterud, Alf-Andre Walla, Hårek Haugerud, Paal E Engelstad, and Kyrre Begnum. 2015. IncludeOS: A minimal, resource efficient unikernel for cloud services. In Proc. of IEEE CloudCom. Vancouver,Canada.Google ScholarDigital Library
- Roy Bryant, Alexey Tumanov, Olga Irzak, Adin Scannell, Kaustubh Joshi, Matti Hiltunen, H. Andrés Lagar-Cavilla, and Eyal de Lara. 2011. Kaleidoscope: Cloud Micro-Elasticity via VM State Coloring. In Proc. of ACM EuroSys. Salzburg, Austria.Google ScholarDigital Library
- James Cadden, Thomas Unger, Yara Awad, Han Dong, Orran Krieger, and Jonathan Appavoo. 2020. SEUSS: Skip Redundant Paths to Make Serverless Fast. In Proc. of ACM EuroSys. Heraklion, Greece.Google ScholarDigital Library
- Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking Data on Meltdown-Resistant CPUs. In Proc. of ACM CCS. London, United Kingdom.Google ScholarDigital Library
- Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, and Daniel Gruss. 2020. KASLR: Break it, Fix it, Repeat. In Proc. of ACM ASIA CCS. Taipei, Taiwan.Google ScholarDigital Library
- Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, and Ahmad-Reza Sadeghi. 2016. Selfrando: Securing the Tor Browser against De-anonymization Exploits. Proceedings on Privacy Enhancing Technologies 2016, 4 (2016), 454--469.Google ScholarCross Ref
- Jonathan Corbet. 2011. Kernel address randomization. https://lwn.net/Articles/444503/.Google Scholar
- Lizzie Dixon. 2017. Breaking KASLR with perf. https://blog.lizzie.io/kaslr-and-perf.html.Google Scholar
- Dong Du, Tianyi Yu, Yubin Xia, Binyu Zang, Guanglu Yan, Chenggang Qin, Qixuan Wu, and Haibo Chen. 2020. Catalyzer: Sub-Millisecond Startup for Serverless Computing with Initialization-Less Booting (ASPLOS '20). 467--481.Google ScholarDigital Library
- Jake Edge. 2013. Randomizing the kernel. https://lwn.net/Articles/546686/.Google Scholar
- Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Proc of IEEE/ACM MICRO. Taipei, Taiwan.Google ScholarCross Ref
- David Gens, Orlando Arias, Dean Sullivan, Christopher Liebchen, Yier Jin, and Ahmad-Reza Sadeghi. 2017. LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization. In Proc. of RAID. Atlanta, GA.Google ScholarCross Ref
- Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum. 2012. Enhanced Operating System Security Through Efficient and Finegrained Address Space Randomization. In Proc. of USENIX Security. Bellevue, WA.Google Scholar
- Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Proc. of ESSoS. Bonn, Germany.Google ScholarCross Ref
- Daniel Gruss, Clémentine Maurice, Andreas Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In Proc. of ACM CCS. Vienna, Austria.Google ScholarDigital Library
- Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, Geoffrey M. Voelker, and Amin Vahdat. 2008. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proc. of USENIX OSDI. San Diego, CA.Google ScholarDigital Library
- Baoquan He. 2015. randomize kernel physical address and virtual address separately. https://lwn.net/Articles/635901/.Google Scholar
- R. Hund, C. Willems, and T. Holz. 2013. Practical Timing Side Channel Attacks against Kernel Space ASLR. In Proc. of IEEE Security and Privacy. San Francisco, CA.Google Scholar
- Yeongjin Jang, Sangho Lee, and Taesoo Kim. 2016. Breaking Kernel Address Space Layout Randomization with Intel TSX. In Proc. of ACM CCS. Vienna, Austria.Google ScholarDigital Library
- Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. 2006. Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. In Proc. of ACSAC. Miami Beach, FL.Google ScholarDigital Library
- Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News 42, 3 (2014), 361--372.Google ScholarDigital Library
- Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har'El, Don Marti, and Vlad Zolotarov. 2014. OSv: optimizing the operating system for virtual machines. In Proc. of USENIX Annual Technical Conf. Philadelphia, PA.Google Scholar
- Amit Klein and Benny Pinkas. 2019. From IP ID to Device ID and KASLR Bypass. In Proc. of USENIX Security. Santa Clara, CA.Google Scholar
- Hyungjoon Koo and Michalis Polychronakis. 2016. Juggling the Gadgets: Binary-Level Code Randomization Using Instruction Displacement. In Proc. of ACM ASIA CCS. Xi'an, China.Google ScholarDigital Library
- Hsuan-Chi Kuo, Dan Williams, Ricardo Koller, and Sibin Mohan. 2020. A Linux in Unikernel Clothing. In Proc. of ACM EuroSys. Heraklion, Greece.Google ScholarDigital Library
- Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee. 2014. From Zygote to Morula: Fortifying Weakened ASLR on Android. In Proc. of IEEE Security and Privacy. San Jose, CA.Google ScholarDigital Library
- Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. 2013. Unikernels: Library Operating Systems for the Cloud. In Proc. of ACM ASPLOS. Houston, TX.Google ScholarDigital Library
- Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. 2017. My VM is Lighter (and Safer) than your Container. In Proc. of ACM SOSP. Shanghai, China.Google ScholarDigital Library
- Ming Mao and Marty Humphrey. 2012. A Performance Study on the VM Startup Time in the Cloud. In 2012 IEEE Fifth International Conference on Cloud Computing. 423--430. Google ScholarDigital Library
- Joao Martins, Mohamed Ahmed, Costin Raiciu, Vladimir Olteanu, Michio Honda, Roberto Bifulco, and Felipe Huici. 2014. ClickOS and the Art of Network Function Virtualization. In Proc. of USENIX NSDI. Seattle, WA.Google ScholarDigital Library
- Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea Arpaci-Dusseau, and Remzi Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proc. of USENIX Annual Technical Conf. Boston, MA.Google Scholar
- Pierre Olivier, Daniel Chiba, Stefan Lankes, Changwoo Min, and Binoy Ravindran. 2019. A Binary-compatible Unikernel. In Proc. of ACM VEE (Providence, RI).Google ScholarDigital Library
- Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2012. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization. In Proc. of IEEE Security and Privacy. San Francisco, CA.Google Scholar
- Mathias Payer. 2012. Too much PIE is bad for performance. Technical Report 766. ETH Zurich, Zurich, Switzerland.Google Scholar
- Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In Proc. of USENIX Security. Austin, TX.Google Scholar
- Xiang (Jenny) Ren, Kirk Rodrigues, Luyuan Chen, Camilo Vega, Michael Stumm, and Ding Yuan. 2019. An Analysis of Performance Evolution of Linux's Core Operations. In Proc. of ACM SOSP. Huntsville, Ontario, Canada.Google ScholarDigital Library
- Dan Rosenberg. 2010. kptr_restrict for hiding kernel pointers. https://lwn.net/Articles/420403/.Google Scholar
- Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-Libc without Function Calls (on the X86). In Proc. of ACM CCS. Alexandria, VA.Google ScholarDigital Library
- Klaus Stengel, Florian Schmaus, and Rüdiger Kapitza. 2013. EsseOS: Haskell-based Tailored Services for the Cloud. In Proceedings of the 12th International Workshop on Adaptive and Reflective Middleware (Beijing, China) (ARM '13). ACM, New York, NY, USA, Article 4, 6 pages. Google ScholarDigital Library
- The PaX team. 2013. KASLR: An Exercise in Cargo Cult Security. https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_security.Google Scholar
- Arjan van de Ven. 2015. An introduction to Clear Containers. https://lwn.net/Articles/644675/.Google Scholar
- Fernando Vano-Garcia and Hector Marco-Gisbert. 2020. KASLR-MT: Kernel Address Space Layout Randomization for Multi-Tenant cloud systems. J. Parallel and Distrib. Comput. 137 (2020), 77 -- 90.Google ScholarDigital Library
- F. Vañó-García and H. Marco-Gisbert. 2018. How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems. In Proc. of IEEE NCA". Cambridge, MA.Google Scholar
- Kai-Ting Amy Wang, Rayson Ho, and Peng Wu. 2019. Replayable Execution Optimized for Page Sharing for a Managed Runtime Environment. In Proc. of ACM EuroSys. Dresden, Germany.Google Scholar
- Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. 2012. Binary Stirring: Self-Randomizing Instruction Addresses of Legacy X86 Binary Code. In Proc. of ACM CCS. Raleigh, North Carolina, USA.Google ScholarDigital Library
- Andrew Whitaker, Marianne Shaw, and Steven D. Gribble. 2002. Scale and Performance in the Denali Isolation Kernel. In Proc. of USENIX OSDI. Boston, MA.Google Scholar
- Dan Williams and Ricardo Koller. 2016. Unikernel Monitors: Extending Minimalism Outside of the Box. In Proc. of USENIX HotCloud. Denver, CO.Google ScholarDigital Library
- Dan Williams, Ricardo Koller, Martin Lucina, and Nikhil Prakash. 2018. Unikernels As Processes. In Proc. of ACM SoCC. Carlsbad, CA.Google ScholarDigital Library
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proc. of USENIX Security. San Diego, CA.Google Scholar
Index Terms
- KASLR in the age of MicroVMs
Recommendations
Virtio network paravirtualization driver
One of the techniques used to improve I/O performance of virtual machines is paravirtualization. Paravirtualized devices are intended to reduce the performance overhead on full virtualization where all hardware devices are emulated. The interface of a ...
Live gang migration of virtual machines
HPDC '11: Proceedings of the 20th international symposium on High performance distributed computingThis paper addresses the problem of simultaneously migrating a group of co-located and live virtual machines (VMs), i.e, VMs executing on the same physical machine. We refer to such a mass simultaneous migration of active VMs as "live gang migration". ...
Pre-Copy and post-copy VM live migration for memory intensive applications
Euro-Par'12: Proceedings of the 18th international conference on Parallel processing workshopsVirtualization technology provides a means for server consolidation, reducing the number of physical servers required for running a given workload. Virtual Machine (VM) live migration facilitates the transfer of a running (VM) between physical hosts ...
Comments