Attack surface reduction for commodity OS kernels: Trimmed garden plants may attract less bugs

Kurmus A, Sorniotti A, Kapitza R (2011)


Publication Type: Conference contribution

Publication year: 2011

Conference Proceedings Title: Proceedings of the 4th Workshop on European Workshop on System Security, EUROSEC'11

Event location: AUT

ISBN: 9781450306133

DOI: 10.1145/1972551.1972557

Abstract

Kernel vulnerabilities are a major current practical security problem, as attested by the weaknesses and flaws found in many commodity operating system kernels in recent years. Ever-growing code size in those projects, due to the addition of new features and the reluctance to remove legacy support, indicate that this problem will remain a severe system security threat in the foreseeable future. Reactive measures such as bug fixes via code reviews and testing, while effective, can only alleviate the issue. Furthermore, common practices in system hardening often focus on complex and sometimes hard to achieve goals that require extensive manual intervention such as security policies for sandboxing. In this paper, we explore an alternative, automated and effective way of reducing the attack surface in commodity operating system kernels, which we call trimming. Trimming is a two-fold process: an initial analysis of a given system for unused kernel code sections is followed by an enforcement phase, in which the unused sections are removed or prevented from being executed. We discuss the requirements that should be reflected in the design of a trimming infrastructure, and present a lightweight and flexible implementation example for the Linux kernel by using dynamic binary instrumentation as provided by kprobes. Our evaluations show we can, in the case of a web server, reduce the attack surface of the kernel (in terms of the number of kernel functions accessible from unprivileged users) by about 88%. Copyright © 2011 ACM.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Kurmus, A., Sorniotti, A., & Kapitza, R. (2011). Attack surface reduction for commodity OS kernels: Trimmed garden plants may attract less bugs. In Proceedings of the 4th Workshop on European Workshop on System Security, EUROSEC'11. AUT.

MLA:

Kurmus, Anil, Alessandro Sorniotti, and Rüdiger Kapitza. "Attack surface reduction for commodity OS kernels: Trimmed garden plants may attract less bugs." Proceedings of the 4th Workshop on European Workshop on System Security, EUROSEC'11, AUT 2011.

BibTeX: Download