Secure Page Fusion with VUsion

Marco Oliverio, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

36 Downloads (Pure)

Abstract

To reduce memory pressure, modern operating systems and hypervisors such as Linux/KVM deploy page-level memory fusion to merge physical memory pages with the same content (i.e., page fusion). A write to a fused memory page triggers a copy-on-write event that unmerges the page to preserve correct semantics. While page fusion is crucial in saving memory in production, recent work shows significant security weaknesses in its current implementations. Attackers can abuse timing side channels on the unmerge operation to leak sensitive data such as randomized pointers. Additionally, they can exploit the predictability of the merge operation to massage physical memory for reliable Rowhammer attacks. In this paper, we present VUsion, a secure page fusion system. VUsion can stop all the existing and even new classes of attack, where attackers leak information by side-channeling the merge operation or massage physical memory via predictable memory reuse patterns. To mitigate information disclosure attacks, we ensure attackers can no longer distinguish between fused and non-fused pages. To mitigate memory massaging attacks, we ensure fused pages are always allocated from a high-entropy pool. Despite its secure design, our comprehensive evaluation shows that VUsion retains most of the memory saving benefits of traditional memory fusion with negligible performance overhead while maintaining compatibility with other advanced memory management features.

Original languageEnglish
Title of host publicationSOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles
PublisherAssociation for Computing Machinery, Inc
Pages531-545
Number of pages15
ISBN (Electronic)9781450350853
DOIs
Publication statusPublished - Oct 2017
Event26th ACM Symposium on Operating Systems Principles, SOSP 2017 - Shanghai, China
Duration: 28 Oct 201731 Oct 2017

Conference

Conference26th ACM Symposium on Operating Systems Principles, SOSP 2017
Country/TerritoryChina
CityShanghai
Period28/10/1731/10/17

Funding

We would like to thank our shepherd Jay Lorch and the anonymous SOSP reviewers for their extensive and helpful feedback. The IT for research group at the Vrije Universiteit Amsterdam provided us with one of the servers used in VUsion’s evaluation. This work was supported by the European Commission through project H2020 ICT-32-2014 SHARCS under Grant Agreement No. 644571 and by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI Dowsing.

FundersFunder number
Achievement Rewards for College Scientists Foundation
Horizon 2020 Framework Programme644571
European CommissionH2020 ICT-32-2014
Nederlandse Organisatie voor Wetenschappelijk OnderzoekNWO 639.023.309 VICI Dowsing

    Keywords

    • Memory Management
    • Page Fusion
    • Rowhammer
    • Side channels

    Fingerprint

    Dive into the research topics of 'Secure Page Fusion with VUsion'. Together they form a unique fingerprint.

    Cite this