Abstract
Memory deduplication in virtualized systems is shown to be a very useful memory optimization as it is simple to use and provides memory efficient cloud hosting. However, memory deduplication based side channel attacks---information disclosure attacks and covert channel construction across virtual machines---can be mounted using the timing information available because of Copy-on-Write (CoW) fault handling semantics. The CoW semantic has been a necessary-evil with regard to deduplication as it plays a vital role in supporting guest OS transparent deduplication but enables a timing channel for exploitation. Thus to decimate the huge access time difference between a normal write and a write to a shared page, we propose CoWLight, a combination of hardware and software techniques for handling the CoW page faults in an efficient manner. In this work, we propose to address the security issues at its genesis as opposed to mitigate the side-effects by offloading the CoW fault handling to the hardware itself. Further, we show that CoWLight can reduce the access latency differences significantly (by up to 30x) which is within the noise thresholds in a moderately busy system.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
