On the Effectiveness of Same-Domain Memory Deduplication
العنوان: | On the Effectiveness of Same-Domain Memory Deduplication |
---|---|
المؤلفون: | Andreas Costi, Brian Johannesmeyer, Erik Bosman, Cristiano Giuffrida, Herbert Bos |
المساهمون: | Computer Systems, Network Institute, Systems and Network Security |
المصدر: | EuroSec '22: Proceedings of the 15th European Workshop on Systems Security, 29-35 STARTPAGE=29;ENDPAGE=35;TITLE=EuroSec '22 Costi, A, Johannesmeyer, B, Bosman, E, Giuffrida, C & Bos, H 2022, On the Effectiveness of Same-Domain Memory Deduplication . in EuroSec '22 : Proceedings of the 15th European Workshop on Systems Security . Association for Computing Machinery, Inc, pp. 29-35, 15th European Workshop on Systems Security, EuroSec 2022, Virtual, Online, France, 5/04/22 . https://doi.org/10.1145/3517208.3523754Test |
بيانات النشر: | Association for Computing Machinery, Inc, 2022. |
سنة النشر: | 2022 |
مصطلحات موضوعية: | side channel attacks, memory deduplication |
الوصف: | Memory deduplication, an OS memory optimization technique that merges identical pages into a single Copy-on-Write (CoW) page, has been shown to be susceptible to a variety of timing side channel attacks, all of which stem from the differences between write times to the CoW page and to the normal page. To mitigate this issue, operating systems only merge pages from the same security domain (e.g., from the same process); moreover, browsers can piggyback on this defense with the recent adoption of site isolation. This was all considered sufficient, because it thwarts existing attacks, which have all relied upon separate domain (e.g., cross-process) scenarios. In this paper, we examine the effectiveness of same-domain memory deduplication as a mitigation by presenting two case studies that show that an attacker can still leverage the deduplication side channel to leak secrets. Specifically, our case studies highlight one key flaw: That it is non-Trivial to separate programs into separate security domains. In the first case study, we examine a client-server scenario-A scenario that inherently requires a server to read data from an untrusted client-And demonstrate that the client can control the alignment of data in memory to disclose the server's secret data. In the second case study, we examine a recent version of Firefox-A browser that has undergone massive efforts to ensure that data from different origins are separated into different domains-And demonstrate that nonetheless, a malicious webpage can exploit the browser's partial implementation of site isolation to leak secret data across tabs. We conclude that same-domain memory deduplication as a defense is difficult to implement correctly, and hence, is insufficient. |
اللغة: | English |
الوصول الحر: | https://explore.openaire.eu/search/publication?articleId=doi_dedup___::9cf5cf2fc3a67284b58a28c93fd37512Test https://research.vu.nl/en/publications/42915386-649d-43c1-a438-4271ea248d04Test |
حقوق: | OPEN |
رقم الانضمام: | edsair.doi.dedup.....9cf5cf2fc3a67284b58a28c93fd37512 |
قاعدة البيانات: | OpenAIRE |
الوصف غير متاح. |