research-article

Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms

Authors:

Kui RenAuthors Info & Claims

ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

Pages 869 - 880

https://doi.org/10.1145/3564625.3564634

Published: 05 December 2022 Publication History

Abstract

Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc.

In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically.

Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.

References

[1]

2021. VMware ESXi: The Purpose-Built Bare Metal Hypervisor. https://www.vmware.com/products/esxi-and-esx.html.

[2]

2022. Docker run reference. https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities.

[3]

2022. Host cgroup management. https://github.com/kata-containers/kata-containers/blob/main/docs/design/host-cgroups.md.

[4]

2022. Linux Container Configuration. https://github.com/opencontainers/runtime-spec/blob/main/config-linux.md#control-groups.

[5]

2022. Linux Test Project. https://linux-test-project.github.io/.

[6]

2022. LLVM Value Tracking Analysis. https://llvm.org/doxygen/ValueTracking_8cpp.html.

[7]

2022. The new cgroup slab memory controller. https://lwn.net/Articles/824216/.

[8]

2022. New Linux Memory Controller. https://thenewstack.io/a-new-linux-memory-controller-promises-to-save-lots-of-ram/.

[9]

2022. What is AWS Fargate?https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html.

[10]

2022. Whole Program LLVM. https://github.com/travitch/whole-program-llvm.

[11]

AWS. 2022. AWS Management Console. https://aws.amazon.com/console/.

[12]

Gaurav Banga, Peter Druschel, and Jeffrey C Mogul. 1999. Resource containers: A new facility for resource management in server systems. In OSDI, Vol. 99. 45–58.

[13]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. ACM SIGOPS operating systems review 37, 5 (2003), 164–177.

[14]

Sigmund Cherem, Lonnie Princehouse, and Radu Rugina. 2007. Practical memory leak detection using guarded value-flow analysis. In Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation. 480–491.

Digital Library

[15]

IBM Cloud. 2022. IBM Cloud Functions. https://www.ibm.com/cloud/functions.

[16]

Grzegorz Czajkowski and Thorsten Von Eicken. 1998. JRes: A resource accounting interface for Java. ACM SIGPLAN Notices 33, 10 (1998), 21–35.

Digital Library

[17]

Docker. 2022. Runtime metrics. https://docs.docker.com/config/containers/runmetrics/.

[18]

Docker. 2022. Seccomp security profiles for Docker. https://docs.docker.com/engine/security/seccomp/.

[19]

Dong Du, Tianyi Yu, Yubin Xia, Binyu Zang, Guanglu Yan, Chenggang Qin, Qixuan Wu, and Haibo Chen. 2020. Catalyzer: Sub-millisecond startup for serverless computing with initialization-less booting. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 467–481.

Digital Library

[20]

Navid Emamdoost, Qiushi Wu, Kangjie Lu, and Stephen McCamant. 2021. Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning. In In Proceedings of the 2021 Annual Network and Distributed System Security Symposium (NDSS’21).

[21]

Qing Gao, Yingfei Xiong, Yaqing Mi, Lu Zhang, Weikun Yang, Zhaoping Zhou, Bing Xie, and Hong Mei. 2015. Safe memory-leak fixing for c programs. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 459–470.

[22]

Xing Gao, Zhongshu Gu, Zhengfa Li, Hani Jamjoom, and Cong Wang. 2019. Houdini’s Escape: Breaking the Resource Rein of Linux Control Groups. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1073–1086.

Digital Library

[23]

Red Hat. 2022. Red Hat OpenShift. https://www.redhat.com/en/technologies/cloud-computing/openshift.

[24]

katacontainers. 2022. Kata Containers: The speed of containers, the security of VMs. https://katacontainers.io/.

[25]

Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. kvm: the Linux virtual machine monitor. In Proceedings of the Linux symposium, Vol. 1. Dttawa, Dntorio, Canada, 225–230.

[26]

Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har’El, Don Marti, and Vlad Zolotarov. 2014. OSv—optimizing the operating system for virtual machines. In 2014 USENIX Annual Technical Conference (USENIX ATC 14). 61–72.

[27]

Wen Li, Haipeng Cai, Yulei Sui, and David Manz. 2020. PCA: Memory Leak Detection Using Partial Call-Path Analysis(ESEC/FSE 2020). Association for Computing Machinery, New York, NY, USA.

[28]

Mei Liu and Xuhua Ding. 2010. On trustworthiness of cpu usage metering and accounting. In 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops. IEEE, 82–91.

Digital Library

[29]

Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. 2017. My VM is Lighter (and Safer) than your Container. In Proceedings of the 26th Symposium on Operating Systems Principles. 218–233.

Digital Library

[30]

Apache OpenWhisk. 2022. Apache OpenWhisk: Open Source Serverless Cloud Platform. https://openwhisk.apache.org/.

[31]

Daniel Perez and Benjamin Livshits. 2020. Broken metre: Attacking resource metering in EVM. In Network and Distributed Systems Security (NDSS) Symposium 2020.

[32]

Donald E Porter, Silas Boyd-Wickizer, Jon Howell, Reuben Olinsky, and Galen C Hunt. 2011. Rethinking the library OS from the top down. In Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems. 291–304.

Digital Library

[33]

David W Price, Algis Rudys, and Dan S Wallach. 2003. Garbage collector memory accounting in language-based systems. In 2003 Symposium on Security and Privacy, 2003. IEEE, 263–274.

Digital Library

[34]

Rami Rosen. 2016. Namespaces and Cgroups – the basis of Linux Containers. https://netdevconf.info/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf.

[35]

Zhiming Shen, Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, Christina Delimitrou, Robbert Van Renesse, and Hakim Weatherspoon. 2019. X-containers: Breaking down barriers to improve performance and isolation of cloud-native containers. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems. 121–135.

Digital Library

[36]

Yulei Sui, Ding Ye, and Jingling Xue. 2012. Static memory leak detection using full-sparse value-flow analysis. In Proceedings of the 2012 International Symposium on Software Testing and Analysis. 254–264.

Digital Library

[37]

Jianqiang Wang, Siqi Ma, Yuanyuan Zhang, Juanru Li, Zheyu Ma, Long Mai, Tiancheng Chen, and Dawu Gu. 2019. Nlp-eye: Detecting memory corruptions via semantic-aware memory operation function identification. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). 309–321.

[38]

Adam Wick and Matthew Flatt. 2004. Memory accounting without partitions. In Proceedings of the 4th international symposium on Memory management. 120–130.

Digital Library

[39]

Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, and Kangjie Lu. 2021. Understanding and Detecting Disordered Error Handling with Precise Function Pairing. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association.

[40]

Yichen Xie and Alex Aiken. 2005. Context-and path-sensitive memory leak detection. In Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering. 115–125.

Digital Library

[41]

Hua Yan, Yulei Sui, Shiping Chen, and Jingling Xue. 2016. Automated memory leak fixing on value-flow slices for c programs. In Proceedings of the 31st Annual ACM Symposium on Applied Computing. 1386–1393.

Digital Library

[42]

Nanzi Yang, Wenbo Shen, Jinku Li, Yutian Yang, Kangjie Lu, Jietao Xiao, Tianyu Zhou, Chenggang Qin, Wang Yu, Jianfeng Ma, 2021. Demons in the shared kernel: Abstract resource attacks against os-level virtualization. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 764–778.

Digital Library

[43]

Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M Azab, and Ruowen Wang. 2019. Pex: A permission check analysis framework for linux kernel. In 28th USENIX Security Symposium (USENIX Security 19). 1205–1220.

[44]

Yiming Zhang, Jon Crowcroft, Dongsheng Li, Chengfen Zhang, Huiba Li, Yaozheng Wang, Kai Yu, Yongqiang Xiong, and Guihai Chen. 2018. KylinX: a dynamic library operating system for simplified and efficient cloud virtualization. In 2018 USENIX Annual Technical Conference (USENIXATC 18). 173–186.

[45]

Yuting Zhang and Richard West. 2006. Process-aware interrupt scheduling and accounting. In 2006 27th IEEE International Real-Time Systems Symposium (RTSS’06). IEEE, 191–201.

Digital Library

[46]

Jinmeng Zhou, Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed Azab, Ruowen Wang, Peng Ning, and Kui Ren. 2022. Automatic Permission Check Analysis for Linux Kernel. IEEE Transactions on Dependable and Secure Computing (2022).

Digital Library

Cited By

Xia THu HWu DBalzarotti DXu W(2024)DEEPTYPEProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699229(5877-5894)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699229
Valdez EAhmed SGu Zde Dinechin CCheng PJamjoom HLuo BLiao XXu JKirda ELie D(2024)Crossing Shifted Moats: Replacing Old Bridges with New Tunnels to Confidential ContainersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670352(1390-1404)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670352
Yu JXie XZhang CChen SLi YShen WChristakis MPradel M(2024)Bugs in Pods: Understanding Bugs in Container Runtime SystemsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680366(1364-1376)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680366

Index Terms

Making Memory Account Accountable: Analyzing and Detecting Memory Missing-account bugs for Container Platforms
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Virtualization and security

Recommendations

DoS Attacks on Your Memory in Cloud
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (...
Write-once-memory-code phase change memory
DATE '14: Proceedings of the conference on Design, Automation & Test in Europe

This paper describes a write-once-memory-code phase change memory (WOM-code PCM) architecture for next-generation non-volatile memory applications. Specifically, we address the long latency of the write operation in PCM --- attributed to PCM SET --- by ...
Enabling Hybrid PCM Memory System with Inherent Memory Management
RACS '16: Proceedings of the International Conference on Research in Adaptive and Convergent Systems

Replacing the traditional volatile main memory, e.g., DRAM, with a non-volatile phase change memory (PCM) has become a possible solution to reduce the energy consumption of computing systems. To further reduce the bit cost of PCM, the development trend ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '22: Proceedings of the 38th Annual Computer Security Applications Conference

December 2022

1021 pages

ISBN:9781450397599

DOI:10.1145/3564625

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Evaluated & Reusable / v1.1

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC

ACSAC: Annual Computer Security Applications Conference

December 5 - 9, 2022

TX, Austin, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
414
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)11

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xia THu HWu DBalzarotti DXu W(2024)DEEPTYPEProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699229(5877-5894)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699229
Valdez EAhmed SGu Zde Dinechin CCheng PJamjoom HLuo BLiao XXu JKirda ELie D(2024)Crossing Shifted Moats: Replacing Old Bridges with New Tunnels to Confidential ContainersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670352(1390-1404)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670352
Yu JXie XZhang CChen SLi YShen WChristakis MPradel M(2024)Bugs in Pods: Understanding Bugs in Container Runtime SystemsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680366(1364-1376)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680366

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents