Potential Covert Channel Through Kernel Samepage Merging on Android

posted in #IT Security, Mobile & Cloud on the 17.05.2024

Kernel Samepage Merging (KSM) is a mechanism in the Linux kernel that allows identical pages in memory to be shared between multiple processes, thereby improving memory usage efficiency. To utilize KSM, a program must explicitly mark a memory area as mergeable. If a page with the same content is marked as mergeable by multiple processes, one of the copies is deleted, and a shared physical memory page is referenced by the page tables of both processes. Since Android is based on the Linux kernel, KSM can also be used here. While there is already research exploring the security implications of KSM on virtual machines, projects on KSM in mobile devices are scarcely found in the literature.

In the scope of this project, we first explain the Android-Linux kernel, the possibility of modification by device manufacturers, and the security issues that have arisen from such modifications in the past. Subsequently, we discuss Kernel Same Page Merging on Android, explain existing covert and side channels, and discuss how KSM on Android could enable new such channels.


File Description File size
pdf Project Report (German) Version 1.0
4 MB