Breaking KASLR Using Memory Deduplication in Virtualized Environments
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Taehun | - |
dc.contributor.author | Kim, Taehyun | - |
dc.contributor.author | Shin, Youngjoo | - |
dc.date.accessioned | 2022-02-24T06:40:27Z | - |
dc.date.available | 2022-02-24T06:40:27Z | - |
dc.date.created | 2022-02-07 | - |
dc.date.issued | 2021-09 | - |
dc.identifier.issn | 2079-9292 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/136709 | - |
dc.description.abstract | Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate that KASLR can still be broken, even with the latest OSs where KPTI is applied. In particular, we present a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines. The proposed attack leverages the memory deduplication feature on a hypervisor, which provides a timing channel for inferring secret information regarding the victim. By conducting experiments on KVM and VMware ESXi, we show that the proposed attack can obtain the kernel address within a short amount of time. We also present several countermeasures that can prevent such an attack. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | MDPI | - |
dc.subject | ATTACK | - |
dc.title | Breaking KASLR Using Memory Deduplication in Virtualized Environments | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Shin, Youngjoo | - |
dc.identifier.doi | 10.3390/electronics10172174 | - |
dc.identifier.scopusid | 2-s2.0-85114314554 | - |
dc.identifier.wosid | 000694068400001 | - |
dc.identifier.bibliographicCitation | ELECTRONICS, v.10, no.17 | - |
dc.relation.isPartOf | ELECTRONICS | - |
dc.citation.title | ELECTRONICS | - |
dc.citation.volume | 10 | - |
dc.citation.number | 17 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
dc.subject.keywordPlus | ATTACK | - |
dc.subject.keywordAuthor | KASLR | - |
dc.subject.keywordAuthor | memory deduplication | - |
dc.subject.keywordAuthor | side-channel attack | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.