research-article

KASLR in the age of MicroVMs

Authors:
Benjamin Holmes

Vassar College

Vassar College
View Profile

,
Jason Waterman

Vassar College

Vassar College
View Profile

,
Dan Williams

Virginia Tech

Virginia Tech
View Profile

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer SystemsMarch 2022Pages 149–165https://doi.org/10.1145/3492321.3519578

Published:28 March 2022Publication History

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

Pages 149–165

ABSTRACT

Address space layout randomization (ASLR) is a widely used component of computer security aimed at preventing code reuse and/or data-only attacks. Modern kernels utilize kernel ASLR (KASLR) and finer-grained forms, such as functional granular KASLR (FGKASLR), but do so as part of an inefficient bootstrapping process we call bootstrap self-randomization. Meanwhile, under increasing pressure to optimize their boot times, microVM architectures such as AWS Firecracker have resorted to eliminating bootstrapping steps, particularly decompression and relocation from the guest kernel boot process, leaving them without KASLR. In this paper, we present in-monitor KASLR, in which the virtual machine monitor efficiently implements KASLR for the guest kernel by skipping the expensive kernel self-relocation steps. We prototype in-monitor KASLR and FGKASLR in the open-source Firecracker virtual machine monitor demonstrating, on a microVM configured kernel, boot times 22% and 16% faster than bootstrapped KASLR and FGKASLR methods, respectively. We also show the low overhead of in-monitor KASLR, with only 4% (2 ms) increase in boot times on average compared to a kernel without KASLR. We also discuss the implications and future opportunities for in-monitor approaches.

References

[n. d.]. Apache OpenWhisk: Open Source Serverless Cloud Platform. http://openwhisk.apache.org/. (Accessed on 2021-01-04).Google Scholar
[n. d.]. AWS Lambda. https://aws.amazon.com/lambda/. (Accessed on 2016-03-04).Google Scholar
[n. d.]. Azure Functions Serverless Compute. https://azure.microsof.com/en-us/services/functions/. (Accessed on 2021-01-04).Google Scholar
[n. d.]. Docker. http://docs.docker.io/en/latest/.Google Scholar
[n. d.]. IBM Cloud Functions. https://www.ibm.com/cloud/functions. (Accessed on 2021-01-04).Google Scholar
[n. d.]. Intel NEMU: Modern Hypervisor for the Cloud. https://github.com/intel/nemu.Google Scholar
[n. d.]. Kata Containers: The speed of containers, the security of VMs. https://katacontainers.io/. (Accessed on 2021-01-04).Google Scholar
[n. d.]. Kernel Samepage Merging. https://www.linux-kvm.org/page/KSM.Google Scholar
[n. d.]. LING. http://erlangonxen.org.Google Scholar
[n. d.]. Linux Containers. https://linuxcontainers.org/.Google Scholar
2015. Clive: Removing (most of) the software stack from the cloud. http://lsub.org/ls/clive.html.Google Scholar
2015. JavaScript library operating system for the cloud. http://runtimejs.org/.Google Scholar
2015. The Rumprun unikernel and toolchain for various platforms. https://github.com/rumpkernel/rumprun.Google Scholar
2020. pvh. https://xenbits.xen.org/docs/unstable/misc/pvh.html.Google Scholar
2020. THE LINUX/x86 BOOT PROTOCOL. https://www.kernel.org/doc/Documentation/x86/boot.rst.Google Scholar
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-Flow Integrity. In Proc. of ACM CCS. Alexandria, VA.Google Scholar
Kristen Carlson Accardi. 2020. Function Granular KASLR. https://lkml.org/lkml/2020/7/17/947.Google Scholar
Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In Proc. of USENIX NSDI. Santa Clara, CA.Google Scholar
Istemi Ekin Akkus, Ruichuan Chen, Ivica Rimac, Manuel Stein, Klaus Satzke, Andre Beck, Paarijaat Aditya, and Volker Hilt. 2018. SAND: Towards High-Performance Serverless Computing. In Proc. of USENIX Annual Technical Conf. Boston, MA.Google Scholar
Michael Backes and Stefan Nürnberger. 2014. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. In Proc. of USENIX Security. San Diego, CA.Google ScholarDigital Library
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the Art of Virtualization. In Proc. of ACM SOSP. Bolton Landing, NY.Google ScholarDigital Library
Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross. 2015. CAIN: Silently Breaking ASLR in the Cloud. In Proc. of USENIX WOOT. Washington, D.C.Google Scholar
John Baublitz, Nick Desaulniers, Alex Gaynor, Geoffrey Thomas, Josh Triplett, and Miguel Ojeda. 2020. Barriers to in-tree Rust. In Linux Plumbers Conference. Virtual Conference.Google Scholar
Alfred Bratterud, Alf-Andre Walla, Hårek Haugerud, Paal E Engelstad, and Kyrre Begnum. 2015. IncludeOS: A minimal, resource efficient unikernel for cloud services. In Proc. of IEEE CloudCom. Vancouver,Canada.Google ScholarDigital Library
Roy Bryant, Alexey Tumanov, Olga Irzak, Adin Scannell, Kaustubh Joshi, Matti Hiltunen, H. Andrés Lagar-Cavilla, and Eyal de Lara. 2011. Kaleidoscope: Cloud Micro-Elasticity via VM State Coloring. In Proc. of ACM EuroSys. Salzburg, Austria.Google ScholarDigital Library
James Cadden, Thomas Unger, Yara Awad, Han Dong, Orran Krieger, and Jonathan Appavoo. 2020. SEUSS: Skip Redundant Paths to Make Serverless Fast. In Proc. of ACM EuroSys. Heraklion, Greece.Google ScholarDigital Library
Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking Data on Meltdown-Resistant CPUs. In Proc. of ACM CCS. London, United Kingdom.Google ScholarDigital Library
Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, and Daniel Gruss. 2020. KASLR: Break it, Fix it, Repeat. In Proc. of ACM ASIA CCS. Taipei, Taiwan.Google ScholarDigital Library
Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, and Ahmad-Reza Sadeghi. 2016. Selfrando: Securing the Tor Browser against De-anonymization Exploits. Proceedings on Privacy Enhancing Technologies 2016, 4 (2016), 454--469.Google ScholarCross Ref
Jonathan Corbet. 2011. Kernel address randomization. https://lwn.net/Articles/444503/.Google Scholar
Lizzie Dixon. 2017. Breaking KASLR with perf. https://blog.lizzie.io/kaslr-and-perf.html.Google Scholar
Dong Du, Tianyi Yu, Yubin Xia, Binyu Zang, Guanglu Yan, Chenggang Qin, Qixuan Wu, and Haibo Chen. 2020. Catalyzer: Sub-Millisecond Startup for Serverless Computing with Initialization-Less Booting (ASPLOS '20). 467--481.Google ScholarDigital Library
Jake Edge. 2013. Randomizing the kernel. https://lwn.net/Articles/546686/.Google Scholar
Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Proc of IEEE/ACM MICRO. Taipei, Taiwan.Google ScholarCross Ref
David Gens, Orlando Arias, Dean Sullivan, Christopher Liebchen, Yier Jin, and Ahmad-Reza Sadeghi. 2017. LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization. In Proc. of RAID. Atlanta, GA.Google ScholarCross Ref
Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum. 2012. Enhanced Operating System Security Through Efficient and Finegrained Address Space Randomization. In Proc. of USENIX Security. Bellevue, WA.Google Scholar
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Proc. of ESSoS. Bonn, Germany.Google ScholarCross Ref
Daniel Gruss, Clémentine Maurice, Andreas Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In Proc. of ACM CCS. Vienna, Austria.Google ScholarDigital Library
Diwaker Gupta, Sangmin Lee, Michael Vrable, Stefan Savage, Alex C. Snoeren, George Varghese, Geoffrey M. Voelker, and Amin Vahdat. 2008. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proc. of USENIX OSDI. San Diego, CA.Google ScholarDigital Library
Baoquan He. 2015. randomize kernel physical address and virtual address separately. https://lwn.net/Articles/635901/.Google Scholar
R. Hund, C. Willems, and T. Holz. 2013. Practical Timing Side Channel Attacks against Kernel Space ASLR. In Proc. of IEEE Security and Privacy. San Francisco, CA.Google Scholar
Yeongjin Jang, Sangho Lee, and Taesoo Kim. 2016. Breaking Kernel Address Space Layout Randomization with Intel TSX. In Proc. of ACM CCS. Vienna, Austria.Google ScholarDigital Library
Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. 2006. Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. In Proc. of ACSAC. Miami Beach, FL.Google ScholarDigital Library
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News 42, 3 (2014), 361--372.Google ScholarDigital Library
Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har'El, Don Marti, and Vlad Zolotarov. 2014. OSv: optimizing the operating system for virtual machines. In Proc. of USENIX Annual Technical Conf. Philadelphia, PA.Google Scholar
Amit Klein and Benny Pinkas. 2019. From IP ID to Device ID and KASLR Bypass. In Proc. of USENIX Security. Santa Clara, CA.Google Scholar
Hyungjoon Koo and Michalis Polychronakis. 2016. Juggling the Gadgets: Binary-Level Code Randomization Using Instruction Displacement. In Proc. of ACM ASIA CCS. Xi'an, China.Google ScholarDigital Library
Hsuan-Chi Kuo, Dan Williams, Ricardo Koller, and Sibin Mohan. 2020. A Linux in Unikernel Clothing. In Proc. of ACM EuroSys. Heraklion, Greece.Google ScholarDigital Library
Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, and Wenke Lee. 2014. From Zygote to Morula: Fortifying Weakened ASLR on Android. In Proc. of IEEE Security and Privacy. San Jose, CA.Google ScholarDigital Library
Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. 2013. Unikernels: Library Operating Systems for the Cloud. In Proc. of ACM ASPLOS. Houston, TX.Google ScholarDigital Library
Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. 2017. My VM is Lighter (and Safer) than your Container. In Proc. of ACM SOSP. Shanghai, China.Google ScholarDigital Library
Ming Mao and Marty Humphrey. 2012. A Performance Study on the VM Startup Time in the Cloud. In 2012 IEEE Fifth International Conference on Cloud Computing. 423--430. Google ScholarDigital Library
Joao Martins, Mohamed Ahmed, Costin Raiciu, Vladimir Olteanu, Michio Honda, Roberto Bifulco, and Felipe Huici. 2014. ClickOS and the Art of Network Function Virtualization. In Proc. of USENIX NSDI. Seattle, WA.Google ScholarDigital Library
Edward Oakes, Leon Yang, Dennis Zhou, Kevin Houck, Tyler Harter, Andrea Arpaci-Dusseau, and Remzi Arpaci-Dusseau. 2018. SOCK: Rapid Task Provisioning with Serverless-Optimized Containers. In Proc. of USENIX Annual Technical Conf. Boston, MA.Google Scholar
Pierre Olivier, Daniel Chiba, Stefan Lankes, Changwoo Min, and Binoy Ravindran. 2019. A Binary-compatible Unikernel. In Proc. of ACM VEE (Providence, RI).Google ScholarDigital Library
Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2012. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization. In Proc. of IEEE Security and Privacy. San Francisco, CA.Google Scholar
Mathias Payer. 2012. Too much PIE is bad for performance. Technical Report 766. ETH Zurich, Zurich, Switzerland.Google Scholar
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In Proc. of USENIX Security. Austin, TX.Google Scholar
Xiang (Jenny) Ren, Kirk Rodrigues, Luyuan Chen, Camilo Vega, Michael Stumm, and Ding Yuan. 2019. An Analysis of Performance Evolution of Linux's Core Operations. In Proc. of ACM SOSP. Huntsville, Ontario, Canada.Google ScholarDigital Library
Dan Rosenberg. 2010. kptr_restrict for hiding kernel pointers. https://lwn.net/Articles/420403/.Google Scholar
Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-Libc without Function Calls (on the X86). In Proc. of ACM CCS. Alexandria, VA.Google ScholarDigital Library
Klaus Stengel, Florian Schmaus, and Rüdiger Kapitza. 2013. EsseOS: Haskell-based Tailored Services for the Cloud. In Proceedings of the 12th International Workshop on Adaptive and Reflective Middleware (Beijing, China) (ARM '13). ACM, New York, NY, USA, Article 4, 6 pages. Google ScholarDigital Library
The PaX team. 2013. KASLR: An Exercise in Cargo Cult Security. https://grsecurity.net/kaslr_an_exercise_in_cargo_cult_security.Google Scholar
Arjan van de Ven. 2015. An introduction to Clear Containers. https://lwn.net/Articles/644675/.Google Scholar
Fernando Vano-Garcia and Hector Marco-Gisbert. 2020. KASLR-MT: Kernel Address Space Layout Randomization for Multi-Tenant cloud systems. J. Parallel and Distrib. Comput. 137 (2020), 77 -- 90.Google ScholarDigital Library
F. Vañó-García and H. Marco-Gisbert. 2018. How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems. In Proc. of IEEE NCA". Cambridge, MA.Google Scholar
Kai-Ting Amy Wang, Rayson Ho, and Peng Wu. 2019. Replayable Execution Optimized for Page Sharing for a Managed Runtime Environment. In Proc. of ACM EuroSys. Dresden, Germany.Google Scholar
Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. 2012. Binary Stirring: Self-Randomizing Instruction Addresses of Legacy X86 Binary Code. In Proc. of ACM CCS. Raleigh, North Carolina, USA.Google ScholarDigital Library
Andrew Whitaker, Marianne Shaw, and Steven D. Gribble. 2002. Scale and Performance in the Denali Isolation Kernel. In Proc. of USENIX OSDI. Boston, MA.Google Scholar
Dan Williams and Ricardo Koller. 2016. Unikernel Monitors: Extending Minimalism Outside of the Box. In Proc. of USENIX HotCloud. Denver, CO.Google ScholarDigital Library
Dan Williams, Ricardo Koller, Martin Lucina, and Nikhil Prakash. 2018. Unikernels As Processes. In Proc. of ACM SoCC. Carlsbad, CA.Google ScholarDigital Library
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proc. of USENIX Security. San Diego, CA.Google Scholar

Index Terms

KASLR in the age of MicroVMs
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Virtualization and security

Recommendations

Virtio network paravirtualization driver

One of the techniques used to improve I/O performance of virtual machines is paravirtualization. Paravirtualized devices are intended to reduce the performance overhead on full virtualization where all hardware devices are emulated. The interface of a ...
Read More
Live gang migration of virtual machines
HPDC '11: Proceedings of the 20th international symposium on High performance distributed computing

This paper addresses the problem of simultaneously migrating a group of co-located and live virtual machines (VMs), i.e, VMs executing on the same physical machine. We refer to such a mass simultaneous migration of active VMs as "live gang migration". ...
Read More
Pre-Copy and post-copy VM live migration for memory intensive applications
Euro-Par'12: Proceedings of the 18th international conference on Parallel processing workshops

Virtualization technology provides a means for server consolidation, reducing the number of physical servers required for running a given workload. Virtual Machine (VM) live migration facilitates the transfer of a running (VM) between physical hosts ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems
March 2022
783 pages
ISBN:9781450391627
DOI:10.1145/3492321
General Chair:
Yérom-David Bromberg
University of Rennes 1
,
Program Chairs:
Anne-Marie Kermarrec
EPFL
,
Christos Kozyrakis
Stanford University
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 March 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
Author Tags
KASLR
MicroVM
operating systems
security
virtual machines
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate241of1,308submissions,18%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 729
  Total Downloads
- Downloads (Last 12 months)126
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

KASLR in the age of MicroVMs

EuroSys '22: Proceedings of the Seventeenth European Conference on Computer Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Virtio network paravirtualization driver

Live gang migration of virtual machines

Pre-Copy and post-copy VM live migration for memory intensive applications