- -

KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems

RiuNet: Institutional repository of the Polithecnic University of Valencia

Share/Send to

Cited by

Statistics

KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems

Show simple item record

Files in this item

dc.contributor.author Vañó-García, Fernando es_ES
dc.contributor.author Marco-Gisbert, Héctor es_ES
dc.date.accessioned 2021-11-29T19:27:31Z
dc.date.available 2021-11-29T19:27:31Z
dc.date.issued 2020-03 es_ES
dc.identifier.issn 0743-7315 es_ES
dc.identifier.uri http://hdl.handle.net/10251/177656
dc.description.abstract [EN] Cloud computing has completely changed our lives. This technology dramatically impacted on how we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. To provide a secure cloud computing architecture, the highest possible level of protection must be applied. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain a better performance and resources exploitation. Kernel ASLR (KASLR) is a widely adopted protection technique present in all modern operating systems. KASLR is a very effective technique that thwarts unknown attacks but unfortunately its randomness have a significant impact on memory deduplication savings. Both techniques are very desired by the industry, the first one because of the high level of security that it provides and the latter to obtain better performance and resources exploitation. In this paper, we propose KASLR-MT, a new Linux kernel randomization approach compatible with memory deduplication. We identify why the most widely and effective technique used to mitigate attacks at kernel level, KASLR, fails to provide protection and shareability at the same time. We analyze the current Linux kernel randomization and how it affects to the shared memory of each kernel region. Then, based on the analysis, we propose KASLR-MT, the first effective and practical Kernel ASLR memory protection that maximizes the memory deduplication savings rate while providing a strong security. Our tests reveal that KASLR-MT is not intrusive, very scalable and provides strong protection without sacrificing the shareability. (C) 2019 Elsevier Inc. All rights reserved. es_ES
dc.language Inglés es_ES
dc.publisher Elsevier es_ES
dc.relation.ispartof Journal of Parallel and Distributed Computing es_ES
dc.rights Reconocimiento - No comercial - Sin obra derivada (by-nc-nd) es_ES
dc.subject Cloud es_ES
dc.subject Virtualization es_ES
dc.subject Security es_ES
dc.subject Memory deduplication es_ES
dc.subject Operating systems es_ES
dc.subject.classification ARQUITECTURA Y TECNOLOGIA DE COMPUTADORES es_ES
dc.title KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems es_ES
dc.type Artículo es_ES
dc.identifier.doi 10.1016/j.jpdc.2019.11.008 es_ES
dc.rights.accessRights Abierto es_ES
dc.contributor.affiliation Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors es_ES
dc.description.bibliographicCitation Vañó-García, F.; Marco-Gisbert, H. (2020). KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems. Journal of Parallel and Distributed Computing. 137:77-90. https://doi.org/10.1016/j.jpdc.2019.11.008 es_ES
dc.description.accrualMethod S es_ES
dc.relation.publisherversion https://doi.org/10.1016/j.jpdc.2019.11.008 es_ES
dc.description.upvformatpinicio 77 es_ES
dc.description.upvformatpfin 90 es_ES
dc.type.version info:eu-repo/semantics/publishedVersion es_ES
dc.description.volume 137 es_ES
dc.relation.pasarela S\439341 es_ES


This item appears in the following Collection(s)

Show simple item record