Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability

Tartler R, Kurmus A, Heinloth B, Rothberg V, Ruprecht A, Dorneanu D, Kapitza R, Schröder-Preikschat W, Lohmann D (2012)

Publication Type: Conference contribution, Conference Contribution

Publication year: 2012

Publisher: USENIX

City/Town: Berkeley, CA, USA

Pages Range: -

Conference Proceedings Title: Proceedings of the 8th Workshop on Hot Topics in System Dependability (HotDep '12)

Event location: Hollywood, CA, USA

URI: http://www4.cs.fau.de/Publications/2012/tartler_12_hotdep.pdf

Abstract

The Linux kernel can be a threat to the dependability of systems because of its sheer size. A simple approach to produce smaller kernels is to manually configure the Linux kernel. However, the more than 11000 configuration options available in recent Linux versions render this a demanding task. We report on designing and implementing the first automated generation of a workload-tailored kernel configuration and discuss the security gains such an approach offers in terms of reduction of the Trusted Computing Base (TCB) size. Our results show that the approach prevents the inclusion of 10% of functions known to be vulnerable in the past.

Authors with CRIS profile

Related research project(s)

Involved external institutions

IBM Zurich Research Laboratory Switzerland (CH)

How to cite

APA:

Tartler, R., Kurmus, A., Heinloth, B., Rothberg, V., Ruprecht, A., Dorneanu, D.,... Lohmann, D. (2012). Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability. In USENIX Association (Eds.), Proceedings of the 8th Workshop on Hot Topics in System Dependability (HotDep '12) (pp. -). Hollywood, CA, USA: Berkeley, CA, USA: USENIX.

MLA:

Tartler, Reinhard, et al. "Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability." Proceedings of the Eigth Workshop on Hot Topics in System Dependability, Hollywood, CA, USA Ed. USENIX Association, Berkeley, CA, USA: USENIX, 2012. -.

BibTeX: Download