usenix conference policies
You are here
Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability
Reinhard Tartler, Friedrich-Alexander University Erlangen-Nuremberg; Anil Kurmus, IBM Research—Zurich; Bernhard Heinloth, Valentin Rothberg, and Andreas Ruprecht, Friedrich-Alexander University Erlangen-Nuremberg; Daniela Dorneanu, IBM Research—Zurich; Rüdiger Kapitza, TU Braunschweig; Wolfgang Schröder-Preikschat and Daniel Lohmann, Friedrich-Alexander University Erlangen-Nuremberg
The Linux kernel can be a threat to the dependability of systems because of its sheer size. A simple approach to produce smaller kernels is to manually configure the Linux kernel. However, the more than 11; 000 configuration options available in recent Linux versions render this a demanding task. We report on designing and implementing the first automated generation of a workload-tailored kernel configuration and discuss the security gains such an approach offers in terms of reduction of the Trusted Computing Base (TCB) size. Our results show that the approach prevents the inclusion of 10% of functions known to be vulnerable in the past.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Reinhard Tartler and Anil Kurmus and Bernhard Heinloth and Valentin Rothberg and Andreas Ruprecht and Daniela Dorneanu and R{\"u}diger Kapitza and Wolfgang Schr{\"o}der-Preikschat and Daniel Lohmann},
title = {Automatic {OS} Kernel {TCB} Reduction by Leveraging {Compile-Time} Configurability},
booktitle = {Eighth Workshop on Hot Topics in System Dependability (HotDep 12)},
year = {2012},
address = {Hollywood, CA},
url = {https://www.usenix.org/conference/hotdep12/workshop-program/presentation/Tartler},
publisher = {USENIX Association},
month = oct,
}
connect with us