System-wide compaction and specialization of the linux kernel
LCTES '05 Proceedings of the 2005 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Cloud security is not (just) virtualization security: a short paper
Proceedings of the 2009 ACM workshop on Cloud computing security
Linux kernel developer responses to static analysis bug reports
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
G-Free: defeating return-oriented programming through gadget-less binaries
Proceedings of the 26th Annual Computer Security Applications Conference
Automatic OS kernel TCB reduction by leveraging compile-time configurability
HotDep'12 Proceedings of the Eighth USENIX conference on Hot Topics in System Dependability
New wine in old skins: the case for distributed operating systems in the data center
Proceedings of the 4th Asia-Pacific Workshop on Systems
Hi-index | 0.00 |
Kernel vulnerabilities are a major current practical security problem, as attested by the weaknesses and flaws found in many commodity operating system kernels in recent years. Ever-growing code size in those projects, due to the addition of new features and the reluctance to remove legacy support, indicate that this problem will remain a severe system security threat in the foreseeable future. Reactive measures such as bug fixes via code reviews and testing, while effective, can only alleviate the issue. Furthermore, common practices in system hardening often focus on complex and sometimes hard to achieve goals that require extensive manual intervention such as security policies for sandboxing. In this paper, we explore an alternative, automated and effective way of reducing the attack surface in commodity operating system kernels, which we call trimming. Trimming is a two-fold process: an initial analysis of a given system for unused kernel code sections is followed by an enforcement phase, in which the unused sections are removed or prevented from being executed. We discuss the requirements that should be reflected in the design of a trimming infrastructure, and present a lightweight and flexible implementation example for the Linux kernel by using dynamic binary instrumentation as provided by kprobes. Our evaluations show we can, in the case of a web server, reduce the attack surface of the kernel (in terms of the number of kernel functions accessible from unprivileged users) by about 88%.