Preventing Secret Data Leakage from Foreign Mappings in Virtual Machines

The foreign mapping mechanism of Xen is used in privileged virtual machines (VM) for platform management. With help of it, a privileged VM can map arbitrary machine frames of memory from a specific VM into its page tables. This leaves a vulnerability that malware may compromise the secrecy of normal VMs by exploiting the foreign mapping mechanism. To address this privacy exposure, we present a novel application’s memory privacy protection (AMP2) scheme by exploiting hypervisor. In AMP2, an application can protect its memory privacy by registering its address space into hypervisor; before the application exists or cancels its protection, any foreign mapping to protected pages will be disabled. With these measures, AMP2 prevents sensitive data leakage when malware attempts to eavesdrop them by exploiting foreign mapping. Finally, extensive experiments are performed to validate AMP2. The experimental results show that AMP2 achieves strong privacy resilency while incurs only 2% extra overhead for CPU workloads.