EuroSec'12 Presentation (ASLR reduces effect of KSM)

EuroSec'12 Presentation (ASLR reduces effect of KSM)

[Kuniyasu Suzaki]

Dear,

I made a presentation which measures OS security functions(ASLR,
Memory Santization, and Cache Page Flushing) on memory deduplication
"KSM with VKM" at EuroSec 2012.

The titile is "Effects of Memory Randomization, Sanitization and Page
Cache on Memory Deduplication".
# This is one of papers related to my memory deduplication research.

The slide is downloadable.
  http://www.slideshare.net/suzaki/eurosec2012-effects-of-memory-randomization-sanitization-and-page-cache-on-memory-deduplication-by-ksuzaki
The paper will be downloadable form ACM Digital Library.

The results show ALSR reduces the effect of memory deduplciation.
Please tell me, if you have comments. Thank you.

------
  Kuniyasu Suzaki, National Institute of Advanced Industrial Science and Technology,
  http://staff.aist.go.jp/k.suzaki
  

Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)

[Marcelo Tosatti]

On Thu, Apr 12, 2012 at 08:24:57PM +0900, Kuniyasu Suzaki wrote:
> 
> Dear,
> 
> I made a presentation which measures OS security functions(ASLR,
> Memory Santization, and Cache Page Flushing) on memory deduplication
> "KSM with VKM" at EuroSec 2012.
> 
> The titile is "Effects of Memory Randomization, Sanitization and Page
> Cache on Memory Deduplication".
> # This is one of papers related to my memory deduplication research.
> 
> The slide is downloadable.
>   http://www.slideshare.net/suzaki/eurosec2012-effects-of-memory-randomization-sanitization-and-page-cache-on-memory-deduplication-by-ksuzaki
> The paper will be downloadable form ACM Digital Library.
> 
> The results show ALSR reduces the effect of memory deduplciation.
> Please tell me, if you have comments. Thank you.
> 
> ------
>   Kuniyasu Suzaki, National Institute of Advanced Industrial Science and Technology,
>   http://staff.aist.go.jp/k.suzaki

Very nice. ALSR is supposed to increase the number of unshared pages
because translation tables that contain addresses of symbols will
differ for every instance of an executable.

Can you share additional information about "HICAMP (hardware memory
deduplication)" ?

Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)

[Kuniyasu Suzaki]

Marcelo,

From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)
Date: Fri, 13 Apr 2012 21:47:47 -0300

> On Thu, Apr 12, 2012 at 08:24:57PM +0900, Kuniyasu Suzaki wrote:
> > 
> > Dear,
> > 
> > I made a presentation which measures OS security functions(ASLR,
> > Memory Santization, and Cache Page Flushing) on memory deduplication
> > "KSM with VKM" at EuroSec 2012.
> > 
> > The titile is "Effects of Memory Randomization, Sanitization and Page
> > Cache on Memory Deduplication".
> > # This is one of papers related to my memory deduplication research.
> > 
> > The slide is downloadable.
> >   http://www.slideshare.net/suzaki/eurosec2012-effects-of-memory-randomization-sanitization-and-page-cache-on-memory-deduplication-by-ksuzaki
> > The paper will be downloadable form ACM Digital Library.
> > 
> > The results show ALSR reduces the effect of memory deduplciation.
> > Please tell me, if you have comments. Thank you.
> > 
> > ------
> >   Kuniyasu Suzaki, National Institute of Advanced Industrial Science and Technology,
> >   http://staff.aist.go.jp/k.suzaki
> 
> Very nice. ALSR is supposed to increase the number of unshared pages
> because translation tables that contain addresses of symbols will
> differ for every instance of an executable.

Thank you for good suggestion.
Anyway, how much the size of translation tables?
In our experience, ALSR on 4 GuestOS (Linux) increased the memory consumption more than 50MB.
Does the translation table in a linux take more than 10MB?

> Can you share additional information about "HICAMP (hardware memory
> deduplication)" ?

The detail of HICAMP was presented at ASPLOS 2011.
 ASPLOS 2011 paper http://dl.acm.org/citation.cfm?id=2151007&preflayout=tabs

------
suzaki

Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)

[Marcelo Tosatti]

On Mon, Apr 16, 2012 at 03:52:10PM +0900, Kuniyasu Suzaki wrote:
> 
> Marcelo,
> 
> From: Marcelo Tosatti <mtosatti@redhat.com>
> Subject: Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)
> Date: Fri, 13 Apr 2012 21:47:47 -0300
> 
> > On Thu, Apr 12, 2012 at 08:24:57PM +0900, Kuniyasu Suzaki wrote:
> > > 
> > > Dear,
> > > 
> > > I made a presentation which measures OS security functions(ASLR,
> > > Memory Santization, and Cache Page Flushing) on memory deduplication
> > > "KSM with VKM" at EuroSec 2012.
> > > 
> > > The titile is "Effects of Memory Randomization, Sanitization and Page
> > > Cache on Memory Deduplication".
> > > # This is one of papers related to my memory deduplication research.
> > > 
> > > The slide is downloadable.
> > >   http://www.slideshare.net/suzaki/eurosec2012-effects-of-memory-randomization-sanitization-and-page-cache-on-memory-deduplication-by-ksuzaki
> > > The paper will be downloadable form ACM Digital Library.
> > > 
> > > The results show ALSR reduces the effect of memory deduplciation.
> > > Please tell me, if you have comments. Thank you.
> > > 
> > > ------
> > >   Kuniyasu Suzaki, National Institute of Advanced Industrial Science and Technology,
> > >   http://staff.aist.go.jp/k.suzaki
> > 
> > Very nice. ALSR is supposed to increase the number of unshared pages
> > because translation tables that contain addresses of symbols will
> > differ for every instance of an executable.
> 
> Thank you for good suggestion.
> Anyway, how much the size of translation tables?

One entry per symbol that is accessed outside of the object or
main executable, one table per shared object (GOT and PLT tables). See
the ELF documentation.

> In our experience, ALSR on 4 GuestOS (Linux) increased the memory consumption more than 50MB.
> Does the translation table in a linux take more than 10MB?

Increased memory consumption is due to larger number of pagetables
(which is necessary to cover larger virtual address space). 
Increased number of unshared pages can be explained by translation
tables.

> > Can you share additional information about "HICAMP (hardware memory
> > deduplication)" ?
> 
> The detail of HICAMP was presented at ASPLOS 2011.
>  ASPLOS 2011 paper http://dl.acm.org/citation.cfm?id=2151007&preflayout=tabs
> 
> ------
> suzaki

Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)

[Kuniyasu Suzaki]

From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)
Date: Mon, 16 Apr 2012 21:29:31 -0300

> On Mon, Apr 16, 2012 at 03:52:10PM +0900, Kuniyasu Suzaki wrote:
> > 
> > Marcelo,
> > 
> > From: Marcelo Tosatti <mtosatti@redhat.com>
> > Subject: Re: EuroSec'12 Presentation (ASLR reduces effect of KSM)
> > Date: Fri, 13 Apr 2012 21:47:47 -0300
> > 
> > > On Thu, Apr 12, 2012 at 08:24:57PM +0900, Kuniyasu Suzaki wrote:
> > > > 
> > > > Dear,
> > > > 
> > > > I made a presentation which measures OS security functions(ASLR,
> > > > Memory Santization, and Cache Page Flushing) on memory deduplication
> > > > "KSM with VKM" at EuroSec 2012.
> > > > 
> > > > The titile is "Effects of Memory Randomization, Sanitization and Page
> > > > Cache on Memory Deduplication".
> > > > # This is one of papers related to my memory deduplication research.
> > > > 
> > > > The slide is downloadable.
> > > >   http://www.slideshare.net/suzaki/eurosec2012-effects-of-memory-randomization-sanitization-and-page-cache-on-memory-deduplication-by-ksuzaki
> > > > The paper will be downloadable form ACM Digital Library.
> > > > 
> > > > The results show ALSR reduces the effect of memory deduplciation.
> > > > Please tell me, if you have comments. Thank you.
> > > > 
> > > > ------
> > > >   Kuniyasu Suzaki, National Institute of Advanced Industrial Science and Technology,
> > > >   http://staff.aist.go.jp/k.suzaki
> > > 
> > > Very nice. ALSR is supposed to increase the number of unshared pages
> > > because translation tables that contain addresses of symbols will
> > > differ for every instance of an executable.
> > 
> > Thank you for good suggestion.
> > Anyway, how much the size of translation tables?
> 
> One entry per symbol that is accessed outside of the object or
> main executable, one table per shared object (GOT and PLT tables). See
> the ELF documentation.
> 
> > In our experience, ALSR on 4 GuestOS (Linux) increased the memory consumption more than 50MB.
> > Does the translation table in a linux take more than 10MB?
> 
> Increased memory consumption is due to larger number of pagetables
> (which is necessary to cover larger virtual address space). 
> Increased number of unshared pages can be explained by translation
> tables.

GOT and PLT tables includes Virtual Addresses which are arranged by
ASLR. The address are shown at /proc/PID/task/PID/maps. 
The pagetables are the table to translate form Virtual Address to Physical
Address. The memory pages which includes GOT and PLT tables and
pagetables, are not identical (unshared), and the size is not small.

------
suzaki

> > > Can you share additional information about "HICAMP (hardware memory
> > > deduplication)" ?
> > 
> > The detail of HICAMP was presented at ASPLOS 2011.
> >  ASPLOS 2011 paper http://dl.acm.org/citation.cfm?id=2151007&preflayout=tabs
> > 
> > ------
> > suzaki
>