Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring

Author(s): Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schroder-Preikschat, Daniel Lohmann, and Rudiger Kapitza

Download: Paper (PDF)

Date: 23 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

We design and implement an automated approach to produce a kernel configuration that is adapted to a particular workload and hardware, and present an attack surface evaluation framework for evaluating security improvements for the different kernels obtained.  Our results show that, for real-world server use cases, the attack surface reduction obtained by tailoring the kernel ranges from about 50% to 85%.