Abstract: Systems and processes for managing memory compression security to mitigate security risks related to compressed memory page access are disclosed herein. A system for managing memory compression security includes a system memory and a memory manager. The system memory includes an uncompressed region configured to store a plurality of uncompressed memory pages and a compressed region configured to store a plurality of compressed memory pages. The memory manager identifies a memory page in the uncompressed region of the system memory as a candidate for compression and estimate a decompression time for a compressed version of the identified memory page. The memory manager determines whether the estimated decompression time is less than a constant decompression time. The memory manager, based on a determination that the estimated decompression time is less than the constant decompression time, compresses the memory page and writes the compressed memory page in the compressed region.

Abstract: An execution of an instance of a program that does not include checkpoint-based live update functionality is paused. A set of objects containing state information of the program is identified from a portion of memory used by the instance, and stored in a checkpoint of the program. The execution of the instance is resumed using at least the checkpoint and code that has been dynamically introduced into the instance.

Abstract: A particular portion of a program which can be read from on-disk representations of the program as well as from memory images of the program is identified for use as a version discriminator. A first representation of the portion may be obtained from a first memory image of the program, corresponding to a first running instance of the program. The first representation may be compared to a second representation obtained at a development environment. Based on the results of the comparison, a particular version of the program corresponding to the first running instance may be identified. An indication of the particular version may be stored.

Abstract: Systems and methods are described for managing computing resources by a provider network. A selection of a pricing plan for use of a computing resource is received. The pricing plan can include inclusion of a premium for continued use of the computing resource during a maintenance window, or a cost benefit for interrupting use of the computing resource during the maintenance window. Maintenance is performed on the computing device in accordance with the maintenance window and based on the selected pricing plan.

Abstract: Systems and processes for managing memory compression security to mitigate security risks related to compressed memory page access are disclosed herein. A system for managing memory compression security includes a system memory and a memory manager. The system memory includes an uncompressed region configured to store a plurality of uncompressed memory pages and a compressed region configured to store a plurality of compressed memory pages. The memory manager identifies a memory page in the uncompressed region of the system memory as a candidate for compression and estimate a decompression time for a compressed version of the identified memory page. The memory manager determines whether the estimated decompression time is less than a constant decompression time. The memory manager, based on a determination that the estimated decompression time is less than the constant decompression time, compresses the memory page and writes the compressed memory page in the compressed region.

Abstract: A virtualization service that hosts multiple guests may provide utilities for use in protecting sensitive or secret information from timing side-channel attacks by obscuring accesses to data structures that have been designated as potential targets of such attacks. The service may provide a compiler or analysis tool that identifies data structures within an application that contain, or that are indexed using, sensitive or secret information. The compiler may modify the application code (or an executable representation thereof) to obscure accesses to particular elements in the data structures. For example, the layout or indexing of a sensitive data structure may be scrambled during execution, or elements of multiple data structures may be interleaved within a single, merged data structure. The scrambling may be performed using an unpredictable address translation function (e.g., one that is parameterized during initialization using a random number obtained at runtime), which may be subsequently modified (e.g.

Abstract: Systems and processes for managing memory compression security to mitigate security risks related to compressed memory page access are disclosed herein. A system for managing memory compression security includes a system memory and a memory manager. The system memory includes an uncompressed region configured to store a plurality of uncompressed memory pages and a compressed region configured to store a plurality of compressed memory pages. The memory manager identifies a memory page in the uncompressed region of the system memory as a candidate for compression and estimate a decompression time for a compressed version of the identified memory page. The memory manager determines whether the estimated decompression time is less than a constant decompression time. The memory manager, based on a determination that the estimated decompression time is less than the constant decompression time, compresses the memory page and writes the compressed memory page in the compressed region.

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that supports a plurality of co-located virtual machines (VMs), which can initiate side-channel attacks using the shared cache. The VMM is configured to maintain respective memory maps for the VMs. The VMM is further configured to determine a subset of current host memory pages for a selected VM that can be used in a side-channel attack, relocate the contents of the current host memory pages to replacement host memory pages in the main memory, and modify the subset of entries to change current host memory pages to the respective replacement host memory pages.

Abstract: Computer systems and associated methods are disclosed for performing custom code transformations using a compiler that does not support the custom transformations. In embodiments, a wrapper program intercepts a command to the compiler. The wrapper program generates intermediate code using the compiler in accordance with the command. The wrapper program then performs the code transformations on the intermediate code using a code transformer, for example, by performing a search and replace operation to replace particular code sequences in the intermediate code. The wrapper program then generates the binary code from the transformed intermediate code in accordance with the command. In this manner, software may be compiled with the custom code transformations without extensive changes to the source code or the compiler. In one application, the technique may be used to build a hot patch that applies a security update to a software using the software's original compiler.

Abstract: A particular portion of a program which can be read from on-disk representations of the program as well as from memory images of the program is identified for use as a version discriminator. A first representation of the portion may be obtained from a first memory image of the program, corresponding to a first running instance of the program. The first representation may be compared to a second representation obtained at a development environment. Based on the results of the comparison, a particular version of the program corresponding to the first running instance may be identified. An indication of the particular version may be stored.

Abstract: A particular portion of a program which can be read from on-disk representations of the program as well as from memory images of the program is identified for use as a version discriminator. A first representation of the portion may be obtained from a first memory image of the program, corresponding to a first running instance of the program. The first representation may be compared to a second representation obtained at a development environment. Based on the results of the comparison, a particular version of the program corresponding to the first running instance may be identified. An indication of the particular version may be stored.

Abstract: In a virtualization environment, a guest process may protect itself from potential timing side-channel attacks by other guest processes on the same host machine by taking steps to obscure accesses to alternative critical code paths (e.g., alternative paths within cryptographic functions whose selection at runtime is dependent on secret data) that have been designated as potential targets of such attacks. This may include interleaving instructions from multiple alternative code paths so that they land in the same cache lines (e.g., so that all code paths pass through the same set of cache lines). The different code paths may be allocated the same or different numbers of bytes per cache line, and unused allocated locations may be filled with NOPs. Chunks of code for a given code path that fall on different cache lines may be linked using local jumps. Some code chunks may span the boundaries between two cache lines.

Abstract: A code patching component may insert a binary patch into a native-code representation of a program during execution. Prior to inserting the binary patch, a patch code analysis tool may receive a source code patch for the program, and determine that applying the source code patch would change the binary for the program outside of the patched area (e.g., due to changes in the number of lines, changes in the file names or path information for source code files from which the program is built, or line directives that embed line numbers or file names in the binary for the patched program). The tool may modify the source code patch to limit its effects to the patch area by adding empty lines, merging of lines of code, or forcing a line number change. The tool may filter line directives to match previously embedded file name information.

Abstract: During execution of an application that accesses a shared memory, a security component may, based on an indication from a performance monitor, determine that the application is carrying out a timing side-channel attack. The performance monitor may trigger an interrupt if a pre-determined number of cache line flushes is executed, after which the security component may inspect program instructions of the executing application to determine whether those instructions are likely being used in such an attack. In response to determining that an attack is under way, the security component may take action to mitigate or curtail the attack. The security component may modify the program instructions or page mapping of the executing application to make accesses to portions of the shared memory targeted by the cache line flushes predictable or consistent (e.g., by replacing the instructions with traps, removing them, or inserting instructions immediately before or after them).

Abstract: In a virtualization environment, a guest process may protect itself from potential timing side-channel attacks by other guest processes on the same host machine by taking steps to avoid same-page merging for memory pages that it accesses. Pages that include critical code (e.g., cryptographic functions) or sensitive data (e.g., cryptography keys) may be designated as important pages to protect from such attacks. A placeholder location of a specified size for storing a non-deterministic value (e.g., a random or pseudorandom number) may be inserted into these pages when instantiated, making them unlikely to match pages accessed by other guests. Therefore, the host machine may be unlikely to identify them as pages for which there is a same-page merging opportunity. The values in the placeholder locations may be updated periodically or in response to certain events (e.g., context switches between guests or the detection of same-page merging).

Abstract: During execution of a program, a code patching component may insert a redirection patch into a native-code representation of the program. The code patching component may identify a patch area in the native-code representation, copy existing code from the patch area to another location for subsequent emulation by a trap handler, determine the number of instructions and type of native-code elements within the patch area, and replace native-code elements in the patch area with native-code elements representing a jump type instruction and a target address argument for the jump type instruction (directly or indirectly indicating the location of new code that replaces the code in the patch area). The target address argument may be determined by the code patching component based on the program's characteristics, and may include a collection of elements representing existing code, trap type instructions, NOP type instructions, or arbitrary values.

Abstract: Methods and apparatus for checksumming network packets encapsulated according to an encapsulation protocol are described in which a single checksum is performed at the encapsulation layer, with checksum generation performed at the source encapsulation layer and checksum validation performed at the destination encapsulation layer. The packet source and packet destination may be informed by the encapsulation layer that a checksum operation is not necessary for the network packets. By performing checksumming at the encapsulation layer, the method may reduce overhead as checksum computation is initiated once rather than twice as in conventional encapsulation techniques. In addition, checksum algorithms may be used that provide stronger error detection or correction than is provided by standard network protocol checksumming, different checksum algorithms may be selected for different paths according to one or more criteria, and checksum operations may be offloaded to hardware.