Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
httperf—a tool for measuring web server performance
ACM SIGMETRICS Performance Evaluation Review
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
System-wide compaction and specialization of the linux kernel
LCTES '05 Proceedings of the 2005 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)
Detecting and countering system intrusions using software wrappers
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Turning down the LAMP: software specialisation for the cloud
HotCloud'10 Proceedings of the 2nd USENIX conference on Hot topics in cloud computing
Efficient extraction and analysis of preprocessor-based variability
GPCE '10 Proceedings of the ninth international conference on Generative programming and component engineering
Proceedings of the sixth conference on Computer systems
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
A robust approach for variability extraction from the Linux build system
Proceedings of the 16th International Software Product Line Conference - Volume 1
Hi-index | 0.00 |
The Linux kernel can be a threat to the dependability of systems because of its sheer size. A simple approach to produce smaller kernels is to manually configure the Linux kernel. However, the more than 11,000 configuration options available in recent Linux versions render this a demanding task. We report on designing and implementing the first automated generation of a workload-tailored kernel configuration and discuss the security gains such an approach offers in terms of reduction of the Trusted Computing Base (TCB) size. Our results show that the approach prevents the inclusion of 10% of functions known to be vulnerable in the past.