Speakers: Lorenzo Bossi, Daniele Mammone
October 10th, 2025 | 11.30 am
DEIB - NECSTLab Meeting Room (Bld. 20)
Online by Zoom
Contact: Prof. Marco Santambrogio
Abstract
On Friday, October 10th, 2025, we will have a new talk for the series #NECSTFridayTalk.During this talk, we will have, as speakers, Daniele Mammone, PhD, and Lorenzo Bossi, Researcher, both working at Dipartimento di Elettronica, Informazione e Bioingegneria.
The Linux kernel’s Out-of-Memory (OOM) killer ensures system stability by terminating processes when memory is exhausted, but its heuristic-based design was not built for adversarial contexts. This paper introduces OOM Confusion Attacks, a novel class of Denial of Service (DoS) attacks that exploit the OOM killer to execute privileged process termination, targeting critical services rather than attacker processes. By orchestrating memory exhaustion through numerous unprivileged processes, these attacks may kill target applications, block service recovery, and destabilize systems. We demonstrate the feasibility of OOM Confusion Attacks on default Linux configurations commonly used by cloud providers, formulate and quantify the resource constraints for success, and evaluate application exposure to OOM Confusion Attacks. Additionally, we identify race conditions that can be exploited to block the recovery of privileged services. To mitigate these threats, we propose strategies to increase the resilience of critical applications.
The NECSTLab is a DEIB laboratory, with different research lines on advanced topics in computing systems: from architectural characteristics, to hardware-software codesign methodologies, to security and dependability issues of complex system architectures.
Every week, the “NECSTFridayTalk” invites researchers, professionals or entrepreneurs to share their work experiences and projects they are implementing in the “Computing Systems”.