To mitigate this, operating systems, such as Windows 10 from v1903 onwards, only merge pages that are considered safe (e.g., pages filled with 0x00 or 0xff whose content will not change throughout their lifetime), and pages that are in the same security domain. CoW pages, however, present significantly slower write times than normal pages and as such memory deduplication has been shown to be susceptible to a variety of timing side channel attacks, such as the original Dedup Est Machina attacks. Memory deduplication is an OS memory optimization technique that merges identical pages into a single Copy-on-Write (CoW) page, to improve memory efficiency and storage space requirements of a running system. We conclude that same-domain memory deduplication as a defense is difficult to implement correctly, and hence, is insufficient. In the second case study, we examine a recent version of Firefox (v83.0)-a browser that has undergone massive efforts to ensure that data from different origins are separated into different domains-and demonstrate that nonetheless, a malicious webpage can exploit the browser’s partial implementation of site isolation to leak secret data across tabs. In the first case study, we examine a client-server scenario-a scenario that inherently requires a server to read data from an untrusted client-and demonstrate that the client can control the alignment of data in memory to disclose the server’s secret data. In particular, we present two case studies that highlight one key flaw: that it is non-trivial to separate programs into separate security domains. In this work, we examine the effectiveness of same-domain memory deduplication, i.e., a defense deployed in modern operating systems to mitigate the memory deduplication side channel. On the Effectiveness of Same-Domain Memory Deduplication TL DR
0 kommentar(er)
