Cloud providers use memory deduplication to reduce the memory utilization of their systems. Memory deduplication merges memory pages with identical content and maps them under a copy-on-write semantic. Previous work showed that memory deduplication can be exploited in a local scenario to perform ASLR breaks, Rowhammer attacks and fingerprint applications.
Countermeasures have been proposed to disable memory deduplication across security domains. Memory deduplication was re-enabled within a security domain on Windows as well as on Linux server systems.
By: Erik Kraft, Daniel Gruss & Martin Schwarzl
Full Abstract & Presentation Materials: https://www.blackhat.com/asia-22/briefings/schedule/#remote-memory-deduplication-attacks-26068
0 Comments