【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7992次   下载 7519 本文二维码信息
码上扫一扫!
基于虚拟化内存隔离的Rowhammer攻击防护机制
石培涛,刘宇涛,陈海波
分享到: 微信 更多
(上海交通大学并行与分布式系统研究所, 上海 中国 200240)
摘要:
随着虚拟化技术的发展与云计算的流行,虚拟化环境下的安全防护问题一直受到广泛的关注。最近的Rowhammer攻击打破了人们对于硬件的信赖,同时基于Rowhammer攻击的各种攻击方式已经威胁到了虚拟化环境下的虚拟机监视器以及其他虚拟机的安全。目前业界已有的对Rowhammer攻击的防御机制或者局限于修改物理硬件,或者无法很好的部署在虚拟化环境下。本文提出一种方案,该方案实现了一套在虚拟机监视器层面的Rowhammer感知的内存分配机制,能够在虚拟机监视器层面以虚拟机的粒度进行Rowhammer攻击的隔离防护。测试表明,该方案能够在不修改硬件,以及引入较小的性能开销(小于6%的运行时开销和小于0.1%的内存开销)的前提下,成功阻止从虚拟机到虚拟机监视器以及跨虚拟机的Rowhammer攻击。
关键词:  虚拟化安全  内存分配  Rowhammer攻击  Xen
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.001
Received:July 18, 2017Revised:August 10, 2017
基金项目:国家重点研发计划No.2016YFB1000104资助。
Defense against Rowhammer Attack with Memory Isolation in Virtualized Environments
SHI Peitao,LIU Yutao,CHEN Haibo
Institution of Parallel and Distributed Systems, Shanghai Jiaotong University, Shanghai 200240, China
Abstract:
The virtualization security has increasingly gained widespread attention with the spreading of cloud computation in recent years. And some common hardware-software contracts which were supposed to be the base of security system have been violated by some attacks like "rowhammer". Adversaries have used rowhammer attack to break the isolation between virtual machines and hypervisor as well as to threaten the security in the virtualization environment. To date, all the known defenses against rowhammer either require the modification on hardware or are hard to be deployed in the virtualization environment. We present a novel method, which can prevent the spreading of rowhammer attacks by isolating the memory of different security domains (e.g., the kernel of hypervisor and the virtual machines). We extent the physical memory allocator of Xen to be aware of rowhammer. Our solution does not require any modification to the hardware, and it is transparent to the guest VMs. The evaluation shows its effectiveness in preventing against rowhammer attacks, as well as the efficiency in introducing negligible overhead (the runtime performance overhead is lower than 6%, and the memory cost is lower than 0.1%).
Key words:  virtualization security  rowhammer attack  memory allocator  Xen