Kurmus A, Dechand S, Kapitza R (2014)
Publication Type: Conference contribution
Publication year: 2014
Publisher: Springer Verlag
Book Volume: 8550 LNCS
Pages Range: 212-234
Conference Proceedings Title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Event location: GBR
ISBN: 9783319085081
DOI: 10.1007/978-3-319-08509-8_12
The sheer size of commodity operating system kernels makes them a prime target for local attackers aiming to escalate privileges. At the same time, as much as 90% of kernel functions are not required for processing system calls originating from a typical network daemon. This results in an unnecessarily high exposure. In this paper, we introduce kRazor, an approach to reduce the kernel's attack surface by limiting the amount of kernel code accessible to an application. kRazor first traces individual kernel functions used by an application. kRazor can then detect and prevent uses of unnecessary kernel functions by a process. This step is implemented as a kernel module that instruments select kernel functions. A heuristic on the kernel function selection allows kRazor to have negligible performance overhead. We evaluate results under real-world workloads for four typical server applications. Results show that the performance overhead and false positives remain low, while the attack surface reduction can be as high as 80%. © 2014 Springer International Publishing.
APA:
Kurmus, A., Dechand, S., & Kapitza, R. (2014). Quantifiable run-time kernel attack surface reduction. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 212-234). GBR: Springer Verlag.
MLA:
Kurmus, Anil, Sergej Dechand, and Rüdiger Kapitza. "Quantifiable run-time kernel attack surface reduction." Proceedings of the 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2014, GBR Springer Verlag, 2014. 212-234.
BibTeX: Download