usenix security10-poster-suzaki

Post on 31-May-2015






Click to see full reader


USENIX Security 2010 Poster. TItle is "Moving from Logical Sharing of Guest OS to Physical Sharing of Deduplication on Virtual Machine".


Moving from Logical Sharing of Guest OS

to Physical Sharing of Deduplication on Virtual Machine*Kuniyasu Suzaki† Toshiki Yagi† Kengo Iijima† Nguyen Anh Quynh† Cyrille Artho† Yoshihito Watanebe‡† National Institute of Advanced Industrial Science and Technology ‡ Alpha Systems Inc.

Main Problem: Logical Sharing (dynamic-link sharedlibrary, symbolic link, etc) has security and managementproblems which come from the dynamic management.

Idea : Static-link shared library and substantial copy can solve the problem, but they require more memory and storage (problem1).

(solution1) Current virtual machines havededuplication, which is a technique to sharesame-content chunks of virtual device(memory and storage), reducing the total realusage.Memory Deduplication: VMware’s Content-Based PageSharing [SOSP’02], Xen’s Differential Engine [OSDI’08] andSatori [USENIX’09], KVM’s KSM (Kernel SamepageManagement) [LinuxSymp’09].Storage Deduplication: Venti [FAST’02], HydraStar

(problem2) Unfortunately, current applicationsare not easy to re-compile with static-link.

(solution2) “pseudo-static” converter integrates dynamic-link shared libraries into an ELF binary file. However, it requires more memory and storage than static-link, because each ELF file

(Sub Problems)• search path replacement attack• GOT overwrite attack• Dependency Hell

Storage Deduplication: Venti [FAST’02], HydraStar[FAST’09], LBCAS [LinuxSymp’09]

storage than static-link, because each ELF file has same copy of libraries.

Pseudo-static converter: statifier, ermine, and autopackage on Linux

(Goal) Deduplication (Physical Sharing) mitigates the redundancy caused by“pseudo-static” converter. The combination increases security of an OS on a VM.

(Implementation and evaluation) GentooLinux is customized by statifier on KVMvirtual machine with deduplication.The storage image was increased 1.88 times(7,075MB/3,754MB). It was mitigated by LBCAS(16KB block storage deduplication) into 1.16 times(4,352MB).The memory usage at boot time was increased 2.64 times(344.2MB/130.8MB) and it was mitigated by KSM(4KB bock memory dedulicatoin) into 0.91times(101.2MB).Statifier prevents search path replacement attack andDependency Hell, because shared libraries are included.GOT overwrite attack is mitigated because the table isprefixed and verified.

Effect of Memory Deduplication* Details are presented at HotSec 2010.

top related