Information Technology Reference
In-Depth Information
Figure 4. Kernel Memory Allocation: Zone balancing logic and usage of zone watermarks
Table 1. Watermark values and free page count
before and after the resource wastage attack for
the normal zone
tampered. The performance degradation imposed
by this attack is considerable.
Impact:
This attack resembles a stealthier
version of the resource exhaustion attack, which
traditionally has been carried out over the network
(Schuba, 1997), (Wang, 2002), (Moore,2006). We
try to achieve a similar goal i.e to overwhelm the
compromised system subtly by creating artificial
memory pressure. This leads to a considerable
performance overhead on the system. This also
causes a large amount of memory to be unused
all the time to maintain the high number of pages
in the free pool, leading to resource wastage. The
attacker could keep the degradation subtle enough
to escape detection over extended periods.
Watermark
Original Value
Modified Value
pages_min
255
210000
pages_low
510
21500
pages_high
765
220000
total free pages
144681 210065
total number of pages in zone: 225280
tained in the free pool, causing applications to
constantly swap to disk. This attack also imposes
a performance overhead on applications as shown
in Table 2. The three tasks that we used to measure
the performance overhead are file copy of a large
number of files, compilation of the Linux kernel
and file compression of a directory. The table
shows the time taken when these tasks were car-
ried out on a clean kernel and after the kernel was
entropy pool contamination
This attack contaminates the entropy pool and the
polynomials used by the Pseudo-Random Number
Generator (PRNG) to stir the pools. The goal of
Table 2. Performance degradation exhibited by applications after the resource wastage attack
Application
Before Attack
After Attack
Degradation (%)
file copy
49s
1m 3s
28.57
compilation
2m 33s
2m 56s
15.03
file compression
8s
23s
187.5
Search WWH ::
Custom Search