Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY 2018); pages 238--247; Tempe, Arizona, USA; March 19-21, 2018.
Many security and forensic analyses rely on the ability to fetch memory snapshots from a target machine. To date, the security community has relied on virtualization, external hardware or trusted hardware to obtain such snapshots. These techniques either sacrifice snapshot consistency or degrade the performance of applications executing atop the target. We present SnipSnap, a new snapshot acquisition system based on on-package DRAM technologies that offers snapshot consistency without excessively hurting the performance of the target's applications. We realize SnipSnap and evaluate its benefits using careful hardware emulation and software simulation, and report our results.
Dedication. This paper is dedicated to the memory of our friend, colleague and mentor, Professor Liviu Iftode (1959-2017).
Slides: [ Powerpoint ]
Code: [ TLA+ model of Snipsnap ]
DOI: [ 10.1145/3176258.3176325 ]