Abstract
To reduce memory pressure, modern operating systems and hypervisors such as Linux/KVM deploy page-level memory fusion to merge physical memory pages with the same content (i.e., page fusion). A write to a fused memory page triggers a copy-on-write event that unmerges the page to preserve correct semantics. While page fusion is crucial in saving memory in production, recent work shows significant security weaknesses in its current implementations. Attackers can abuse timing side channels on the unmerge operation to leak sensitive data such as randomized pointers. Additionally, they can exploit the predictability of the merge operation to massage physical memory for reliable Rowhammer attacks. In this paper, we present VUsion, a secure page fusion system. VUsion can stop all the existing and even new classes of attack, where attackers leak information by side-channeling the merge operation or massage physical memory via predictable memory reuse patterns. To mitigate information disclosure attacks, we ensure attackers can no longer distinguish between fused and non-fused pages. To mitigate memory massaging attacks, we ensure fused pages are always allocated from a high-entropy pool. Despite its secure design, our comprehensive evaluation shows that VUsion retains most of the memory saving benefits of traditional memory fusion with negligible performance overhead while maintaining compatibility with other advanced memory management features.
Original language | English |
---|---|
Title of host publication | SOSP '17: Proceedings of the 26th Symposium on Operating Systems Principles |
Publisher | Association for Computing Machinery, Inc |
Pages | 531-545 |
Number of pages | 15 |
ISBN (Electronic) | 9781450350853 |
DOIs | |
Publication status | Published - Oct 2017 |
Event | 26th ACM Symposium on Operating Systems Principles, SOSP 2017 - Shanghai, China Duration: 28 Oct 2017 → 31 Oct 2017 |
Conference
Conference | 26th ACM Symposium on Operating Systems Principles, SOSP 2017 |
---|---|
Country/Territory | China |
City | Shanghai |
Period | 28/10/17 → 31/10/17 |
Funding
We would like to thank our shepherd Jay Lorch and the anonymous SOSP reviewers for their extensive and helpful feedback. The IT for research group at the Vrije Universiteit Amsterdam provided us with one of the servers used in VUsion’s evaluation. This work was supported by the European Commission through project H2020 ICT-32-2014 SHARCS under Grant Agreement No. 644571 and by the Netherlands Organisation for Scientific Research through grant NWO 639.023.309 VICI Dowsing.
Funders | Funder number |
---|---|
Achievement Rewards for College Scientists Foundation | |
Horizon 2020 Framework Programme | 644571 |
European Commission | H2020 ICT-32-2014 |
Nederlandse Organisatie voor Wetenschappelijk Onderzoek | NWO 639.023.309 VICI Dowsing |
Keywords
- Memory Management
- Page Fusion
- Rowhammer
- Side channels