Institut für Betriebssysteme und Rechnerverbund
- News
- Wir über uns
- Connected and Mobile Systems
- Verlässliche Systemsoftware
  - Übersicht
  - Team
  - Lehre
  - Arbeiten & Jobs
  - Forschung
  - Publikationen
- Algorithmik
- Mikroprozessorlabor
- Studium
- Service
- Spin-Offs
  - Docoloc
  - bliq (formerly AIPARK)
  - Confidential Technologies
- Forschungsverbünde
  - IST.hub

Linux Kernel Attack Surface Reduction Measurement

Betreuer	Prof. Dr. Rüdiger Kapitza
Professor	Prof. Dr. Rüdiger Kapitza
Projekt
IBR Gruppe	DS (Prof. Kapitza)
Art	Masterarbeit
Status	abgeschlossen
Background Kernel vulnerabilities are a major current practical security problem, as attested by the weaknesses and flaws found in many commodity operating system kernels in recent years. Ever-growing code size in those projects, due to the addi- tion of new features and the reluctance to remove legacy support, indicate that this problem will remain a severe sys- tem security threat in the foreseeable future. In order to measure precisely the attack surface of the kernel, that is the amount of privileged code accessible from a given user or application through system calls, we consider using the call graph of kernel functions. This will allow us subsequently to precisely measure the efficiency of attack surface reduc- tion tools such as ktrim, which disallow the execution of unnecessary kernel functions by unprivileged applications. The project will be in collaboration with IBM Research in Zurich. Project Goals Exploring and comparing various tools allowing to map a static (i.e., based on the source code of the kernel) call graph of all kernel functions (e.g., CodeViz). Evaluating their accuracy. Developing a tool that receives as input a list of disallowed kernel functions, and computes attack surface re- duction, i.e., the number of internal kernel functions accessible after the disallowed functions divided by the total number of internal kernel functions accessible. Refinement of the metric (e.g., taking into account the number of lines of code in each function, or by the number of x86 instructions, or input from static taint analysis results on the Linux kernel if time permits). Further Information Anil Kurmus, Alessandro Sorniotti and Rüdiger Kapitza: Attack Surface Reduction For Commodity OS Kernels, in Proceedings of the Fourth European Workshop on System Security, Engin Kirda and Steven Hand, Salzburg,Austria, 2011 (kurmus11ktrim, BibTeX) Requirements Knowledge of operating system principles, especially in the context of Linux (system calls, process context vs. interrupt context, kernel modules). Knowledge of a (scripting) language such as Python to develop the attack surface measurement tool. Linux kernel coding experience is a plus. Experience in practical system security a plus (e.g., buffer overflows, TOCTTOU races). Bei Interesse einfach mal vorbei kommen oder eine E-Mail schicken: Prof. Dr. Rüdiger Kapitza oder bei Anil Kurmus (IBM Research kur@zurich.ibm.com