Kengo Iijima

Memory deduplication as a threat to the guest OS

Memory deduplication shares same-content memory pages and reduces the consumption of physical memory. It is effective on environments that run many virtual machines with the same operating system. Memory deduplication, however, is vulnerable to memory disclosure attacks, which reveal the existence of an application or file on another virtual machine. Such an attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write. In our experience on KSM (kernel samepage merging) with the KVM virtual machine, the attack could detect the existence of sshd and apache2 on Linux, and IE6 and Firefox on WindowsXP. It also could detect a downloaded file on the Firefox browser. We describe the attack mechanism in this paper, and also mention countermeasures against this attack.

KNOPPIX/Math: portable and distributable collection of mathematical software and free documents

We propose a new computer environment for mathematicians that can be set up easily and quickly.

Impact on Chunk Size on Deduplication and Disk Prefetch

CAS (Content Addressable Storage) systems reduce total volume of vir- tual disk with deduplication technique. The effects of deduplication has been eva- luated and confirmed in some papers. Most evaluations, however, were achieved by small chunk size (4KB-8KB) and did not care about I/O optimization (disk pre- fetch) on a real usage. Effective disk prefetch is larger than the chunk size and causes many CAS operations. Furthermore, previous evaluations did not care about ratio of effective data in a chunk. The ratio is improved by block realloca- tion of file system, which considers access profile. Chunk size should be decided by considering these effects on a real usage. This paper evaluates effectiveness of deduplication on a large chunk of CAS system which considers the optimization for disk prefetch and effective data in a chunk. The optimization was achieved for boot procedure, because it was a mandatory operation on any operating systems. The results showed large chunk (256KB) was effective on booting Linux and could maintain the effect of deduplication.

SFS-KNOPPIX

KNOPPIX is a bootable CD with a collection of GNU/Linux software. KNOPPIX is very convenient but it requires downloading 700 MB iso image and burning a CD-ROM when it is renewed. In order to solve this problem we made SFS-KNOPPIX which boots from Internet with SFS (self-certifying file system), SFS-KNOPPIX requires 20 MB boot-loader with Linux-kernel and miniroot. Root file system is obtained from Internet with SFS at boot time. It enables to change root file system and makes easy to try new version of KNOPPIX. In this paper we describe the detail of SFS-KNOPPIX and its performance