Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring

Anil Kurmus,Reinhard Tartler,Daniela Dorneanu,Bernhard Heinloth,Valentin Rothberg,Andreas Ruprecht,Wolfgang Schröder-Preikschat,Daniel Lohmann,Rüdiger Kapitza

Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring

2013

Anil Kurmus
Reinhard Tartler
Daniela Dorneanu
Bernhard Heinloth
Valentin Rothberg
Andreas Ruprecht
Wolfgang Schröder-Preikschat
Daniel Lohmann
Rüdiger Kapitza

We design and implement an automated approach to produce a kernel configuration that is adapted to a particular workload and hardware, and present an attack surface evaluation framework for evaluating security improvements for the different kernels obtained. Our results show that, for real-world server use cases, the attack surface reduction obtained by tailoring the kernel ranges from about 50% to 85%.

Correction
Source
Cite
Save
Machine Reading By IdeaReader

References

Citations