Secure Page Fusion with VUsion

Marco Oliverio, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


To reduce memory pressure, modern operating systems and hypervisors such as Linux/KVM deploy page-level memory fusion to merge physical memory pages with the same content (i.e., page fusion). A write to a fused memory page triggers a copy-on-write event that unmerges the page to preserve correct semantics. While page fusion is crucial in saving memory in production, recent work shows significant security weaknesses in its current implementations. Attackers can abuse timing side channels on the unmerge operation to leak sensitive data such as randomized pointers. Additionally, they can exploit the predictability of the merge operation to massage physical memory for reliable Rowhammer attacks. In this paper, we present VUsion, a secure page fusion system. VUsion can stop all the existing and even new classes of attack, where attackers leak information by side-channeling the merge operation or massage physical memory via predictable memory reuse patterns. To mitigate information disclosure attacks, we ensure attackers can no longer distinguish between fused and non-fused pages. To mitigate memory massaging attacks, we ensure fused pages are always allocated from a high-entropy pool. Despite its secure design, our comprehensive evaluation shows that VUsion retains most of the memory saving benefits of traditional memory fusion with negligible performance overhead while maintaining compatibility with other advanced memory management features.

Original languageEnglish
Title of host publicationSOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles
PublisherAssociation for Computing Machinery, Inc
Number of pages15
ISBN (Electronic)9781450350853
Publication statusPublished - 14 Oct 2017
Event26th ACM Symposium on Operating Systems Principles, SOSP 2017 - Shanghai, China
Duration: 28 Oct 201731 Oct 2017


Conference26th ACM Symposium on Operating Systems Principles, SOSP 2017


  • Memory Management
  • Page Fusion
  • Rowhammer
  • Side channels


Dive into the research topics of 'Secure Page Fusion with VUsion'. Together they form a unique fingerprint.

Cite this