How kernel randomization is canceling memory deduplication in cloud computing systems

Fernando Vañó García; Hector Marco-Gisbert

doi:10.1109/NCA.2018.8548338

How kernel randomization is canceling memory deduplication in cloud computing systems

Fernando Vañó García
, Hector Marco-Gisbert

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Citations (Scopus)

229 Downloads (Pure)

Abstract

Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.

Original language	English
Title of host publication	2018 IEEE 17th International Symposium on Network Computing and Applications
Subtitle of host publication	Cambridge, MA, USA – November 1-3, 2018
Publisher	IEEE
Number of pages	4
ISBN (Electronic)	9781538676592, 9781538676585
ISBN (Print)	9781538676608
DOIs	https://doi.org/10.1109/NCA.2018.8548338
Publication status	Published - 1 Nov 2018
Event	The 17th IEEE International Symposium on Network Computing and Applications - Hyatt Regency Cambridge, Cambridge, United States Duration: 1 Nov 2018 → 3 Nov 2018 http://www.ieee-nca.org/2018/

Conference

Conference	The 17th IEEE International Symposium on Network Computing and Applications
Abbreviated title	NCA 2018
Country/Territory	United States
City	Cambridge
Period	1/11/18 → 3/11/18
Internet address	http://www.ieee-nca.org/2018/

Keywords

Cloud
Memory Deduplication
Information Security
KASLR
Memory Management
Virtualization

Access to Document

10.1109/NCA.2018.8548338

2018 10 01 Garcia et al Kernel acceptedAccepted author manuscript, 234 KB

Cite this

@inproceedings{9fd7f458fbb448079f095ab10e193d0e,

title = "How kernel randomization is canceling memory deduplication in cloud computing systems",

abstract = "Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534\% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.",

keywords = "Cloud, Memory Deduplication, Information Security, KASLR, Memory Management, Virtualization",

author = "\{Va{\~n}{\'o} Garc{\'i}a\}, Fernando and Hector Marco-Gisbert",

year = "2018",

month = nov,

day = "1",

doi = "10.1109/NCA.2018.8548338",

language = "English",

isbn = "9781538676608",

booktitle = "2018 IEEE 17th International Symposium on Network Computing and Applications",

publisher = "IEEE",

address = "United States",

note = "The 17th IEEE International Symposium on Network Computing and Applications, NCA 2018 ; Conference date: 01-11-2018 Through 03-11-2018",

url = "http://www.ieee-nca.org/2018/",

}

Vañó García, F & Marco-Gisbert, H 2018, How kernel randomization is canceling memory deduplication in cloud computing systems. in 2018 IEEE 17th International Symposium on Network Computing and Applications: Cambridge, MA, USA – November 1-3, 2018. IEEE, The 17th IEEE International Symposium on Network Computing and Applications, Cambridge, Massachusetts, United States, 1/11/18. https://doi.org/10.1109/NCA.2018.8548338

How kernel randomization is canceling memory deduplication in cloud computing systems. / Vañó García, Fernando; Marco-Gisbert, Hector.
2018 IEEE 17th International Symposium on Network Computing and Applications: Cambridge, MA, USA – November 1-3, 2018. IEEE, 2018.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - How kernel randomization is canceling memory deduplication in cloud computing systems

AU - Vañó García, Fernando

AU - Marco-Gisbert, Hector

PY - 2018/11/1

Y1 - 2018/11/1

N2 - Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.

AB - Cloud computing dramatically impacted the way we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. The highest possible level of protection must be applied in order to provide a secure cloud computing architecture. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain better performance and resources exploitation. An important case is the memory deduplication mechanism which is canceled by the address space layout randomization (ASLR) protection technique. In this paper, we present a precise analysis of the impact on the memory deduplication technique when kernel randomization is enabled. Our experiments show that the memory overhead to run 24 kernels is increased by 534% (from 613 MiB to 3.9 GiB) when kernel ASLR is enabled.

KW - Cloud

KW - Memory Deduplication

KW - Information Security

KW - KASLR

KW - Memory Management

KW - Virtualization

UR - http://www.ieee-nca.org/2018/index.php?p=63_Conference_Program.md

U2 - 10.1109/NCA.2018.8548338

DO - 10.1109/NCA.2018.8548338

M3 - Conference contribution

SN - 9781538676608

BT - 2018 IEEE 17th International Symposium on Network Computing and Applications

PB - IEEE

T2 - The 17th IEEE International Symposium on Network Computing and Applications

Y2 - 1 November 2018 through 3 November 2018

ER -

How kernel randomization is canceling memory deduplication in cloud computing systems

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this