The present disclosure relates generally to virtual computing systems, and more particularly to security in a virtual computing system.
Memory of a virtual computing system is typically divided into units referred to as “pages.” Files, for example, are composed in memory of a plurality of memory pages. In some virtual computing systems, a hypervisor reduces physical memory consumption by sharing same-content memory pages between virtual machines. For example, if two virtual machines have a same file, the hypervisor may store a single copy of the file, which is accessed by both virtual machines. This technique is also known as “memory deduplication.”
A deduplicated memory page may be written to (e.g., by a guest or guest application) in order to modify the content of the deduplicated memory page. When this happens, the deduplicated memory page may no longer have identical content that is shared between the two virtual machines. Thus, a copy-on-write technique may be utilized to create a separate copy of the memory page that is modified from the deduplicated memory page.
The creation of a separate copy of the memory page using a copy-on-write may result in a write access time that is different than the write access time of a memory page that is not deduplicated. For example, the page access time of the copy-on-write may take measurably longer than a write that is not a copy-on-write. Thus, memory deduplication is vulnerable to an attacker monitoring access times of page writes, in order to determine whether a memory page is deduplicated. A determination that a memory page is deduplicated provides the attacker with information regarding which content (e.g., files and applications) is being used on the virtual machine(s).