Purgemem: Towards Building A Memory Safe Cloud

Cloud computing has become the industry standard for rapid application deployment, scalable server support, and mobile and distributed services. It provides seamless scalability and access to infinite resource theoretically. Unfortunately, the co-tenancy of cloud computing makes Cloud Services vulnerable to privacy issues. In the past, researchers have shown that it is possible to compromise important information by exploiting the co-tenancy nature of clouds. In this paper, we first identify a new method which can be used to collect residual application data from the main memory of a virtual machine hosted in the cloud even the application is closed by the user. We show that using traditional forensic tools in all three major cloud providers (Amazon AWS, Google Cloud, and Microsoft Azure), one can gather information about a closed application from the main memory if the machine is compromised. To resolve this vulnerability, we propose PurgeMEM, a framework which provides a service 14 deleting residual memory left by a closed application. PurgeMEM continuously monitors processes launched by user applications. When a process is about to finish, PurgeMEM is notified and then it cleans up the physical memory location by writing known hex values and thereby preserving the privacy of the user data. We developed a PurgeMEM prototype for the Linux environment and evaluated it with four small applications. For all the applications, our prototype is able to sanitize and delete memory residuals successfully with a negligible performance overhead (2.97%).