Master Thesis Online
Master thesis : Integrating address space layout randomization and make it compatible with memory de-duplication in Unikraft
Loslever, Terry 
Promoteur(s) :
Mathy, Laurent
;
Gain, Gaulthier
Date de soutenance : 27-jui-2022/28-jui-2022 • URL permanente : http://hdl.handle.net/2268.2/14572
TFE.pdfDétails
| Titre : | Master thesis : Integrating address space layout randomization and make it compatible with memory de-duplication in Unikraft |
| Titre traduit : | [fr] Intégrer la distribution aléatoire de l'espace d'adressage dans Unikraft et la rendre compatible avec la déduplication mémoire. |
| Auteur : | Loslever, Terry
|
| Date de soutenance : | 27-jui-2022/28-jui-2022 |
| Promoteur(s) : | Mathy, Laurent
Gain, Gaulthier
|
| Membre(s) du jury : | Boigelot, Bernard
Donnet, Benoît
|
| Langue : | Anglais |
| Nombre de pages : | 67 |
| Discipline(s) : | Ingénierie, informatique & technologie > Sciences informatiques |
| Public cible : | Chercheurs Professionnels du domaine Etudiants |
| Institution(s) : | Université de Liège, Liège, Belgique |
| Diplôme : | Master : ingénieur civil en informatique, à finalité spécialisée en "computer systems security" |
| Faculté : | Mémoires de la Faculté des Sciences appliquées |
Résumé
[en] During the past years, people's online services usage kept growing which increases the load on the servers of cloud services and content distribution network. Those servers often run on containers that run on top of monolithic operating systems or simply on monolithic operating systems which embarks libraries, abstractions and codes that may nor be needed nor be used by the application it runs.
Unikernels give the opportunity to the developer to build a specific operating system that contains only features that will be further used by the application and run it directly on top of the hypervisor. Furthermore, simplifying the operating system, on which the application runs, often results in a performance gain.
However, if unikernels were to be used more frequently by the industry, we have to be certain that they are as secure as the other technologies available on the market. Throughout this thesis, we have implemented address space layout randomization inside Unikraft in order to make memory related vulnerabilities harder to exploit.
Nevertheless, address space layout randomization comes at a cost which is its memory usage. We addressed that problem and found a way to mitigate the overhead : through page sharing between the unikernels thanks to indirection tables, which were implemented in two different manners. In the first, problematic instructions were set in a table that is appended directly to its corresponding library while the second creates a global table at a specified address that holds instructions from every libraries. Gaulthier Gain, the co-supervisor of this thesis, implemented the appended method thus this thesis addresses the implementation of the global table and the comparison between the two manners.
Finally, we compared the performances of our address space layout randomization with Unikraft's previous implementation of it, and we discussed the two indirection methods. We came to the conclusion that the appended tables gave satisfying results when there was enough images running on the hypervisor, while the other was not giving any memory savings due to the constraints induced by the x86 64 bits CPU architecture.
Fichier(s)
Document(s)
Citer ce mémoire
L'Université de Liège ne garantit pas la qualité scientifique de ces travaux d'étudiants ni l'exactitude de l'ensemble des informations qu'ils contiennent.