Abstract
Memory deduplication, an OS memory optimization technique that merges identical pages into a single Copy-on-Write (CoW) page, has been shown to be susceptible to a variety of timing side channel attacks, all of which stem from the differences between write times to the CoW page and to the normal page. To mitigate this issue, operating systems only merge pages from the same security domain (e.g., from the same process); moreover, browsers can piggyback on this defense with the recent adoption of site isolation. This was all considered sufficient, because it thwarts existing attacks, which have all relied upon separate domain (e.g., cross-process) scenarios. In this paper, we examine the effectiveness of same-domain memory deduplication as a mitigation by presenting two case studies that show that an attacker can still leverage the deduplication side channel to leak secrets. Specifically, our case studies highlight one key flaw: That it is non-Trivial to separate programs into separate security domains. In the first case study, we examine a client-server scenario-A scenario that inherently requires a server to read data from an untrusted client-And demonstrate that the client can control the alignment of data in memory to disclose the server's secret data. In the second case study, we examine a recent version of Firefox-A browser that has undergone massive efforts to ensure that data from different origins are separated into different domains-And demonstrate that nonetheless, a malicious webpage can exploit the browser's partial implementation of site isolation to leak secret data across tabs. We conclude that same-domain memory deduplication as a defense is difficult to implement correctly, and hence, is insufficient.
Original language | English |
---|---|
Title of host publication | EuroSec '22 |
Subtitle of host publication | Proceedings of the 15th European Workshop on Systems Security |
Publisher | Association for Computing Machinery, Inc |
Pages | 29-35 |
Number of pages | 7 |
ISBN (Electronic) | 9781450392556 |
DOIs | |
Publication status | Published - Apr 2022 |
Event | 15th European Workshop on Systems Security, EuroSec 2022 - Virtual, Online, France Duration: 5 Apr 2022 → 8 Apr 2022 |
Conference
Conference | 15th European Workshop on Systems Security, EuroSec 2022 |
---|---|
Country/Territory | France |
City | Virtual, Online |
Period | 5/04/22 → 8/04/22 |
Bibliographical note
Funding Information:We thank our shepherd, Alessandro Sorniotti, and the anonymous reviewers for their valuable comments. This work was supported by the EU’s Horizon 2020 research and innovation programme under grant agreement No. 825377 (UNICORE) and by Netherlands Organisation for Scientific Research through project “Intersectž. This paper reflects only the authors’ view. The funding agencies are not responsible for any use that may be made of the information it contains.
Publisher Copyright:
© 2022 ACM.
Keywords
- memory deduplication
- side channel attacks