Quantifiable run-time kernel attack surface reduction
Kurmus A, Dechand S, Kapitza R (2014)
Publication Type: Conference contribution
Publication year: 2014
Journal
Publisher: Springer Verlag
Book Volume: 8550 LNCS
Pages Range: 212-234
Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Event location: GBR
ISBN: 9783319085081
DOI: 10.1007/978-3-319-08509-8_12
Abstract
The sheer size of commodity operating system kernels makes them a prime target for local attackers aiming to escalate privileges. At the same time, as much as 90% of kernel functions are not required for processing system calls originating from a typical network daemon. This results in an unnecessarily high exposure. In this paper, we introduce kRazor, an approach to reduce the kernel's attack surface by limiting the amount of kernel code accessible to an application. kRazor first traces individual kernel functions used by an application. kRazor can then detect and prevent uses of unnecessary kernel functions by a process. This step is implemented as a kernel module that instruments select kernel functions. A heuristic on the kernel function selection allows kRazor to have negligible performance overhead. We evaluate results under real-world workloads for four typical server applications. Results show that the performance overhead and false positives remain low, while the attack surface reduction can be as high as 80%. © 2014 Springer International Publishing.
Authors with CRIS profile
Involved external institutions
IBM Zurich Research Laboratory
Switzerland (CH)
Rheinische Friedrich-Wilhelms-Universität Bonn
Germany (DE)
Technische Universität Braunschweig
Germany (DE)
Switzerland (CH)
Rheinische Friedrich-Wilhelms-Universität Bonn
Germany (DE)
Technische Universität Braunschweig
Germany (DE)
How to cite
APA:
Kurmus, A., Dechand, S., & Kapitza, R. (2014). Quantifiable run-time kernel attack surface reduction. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 212-234). GBR: Springer Verlag.
MLA:
Kurmus, Anil, Sergej Dechand, and Rüdiger Kapitza. "Quantifiable run-time kernel attack surface reduction." Proceedings of the 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2014, GBR Springer Verlag, 2014. 212-234.
BibTeX: Download