Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni*ae
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Career Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support
      • PhD Studies
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic Partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Foundation University
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • IBR YouTube
    • Facebook
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute of Operating Systems and Computer Networks
  • Open Theses
Logo IBR
IBR Login
  • Institute of Operating Systems and Computer Networks
    • News
    • About us
      • Whole Team
      • Directions
      • Floor Plan
      • Projects
      • Publications
      • Software
      • News Archive
    • Connected and Mobile Systems
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
      • Datasets
    • Reliable System Software
      • Overview
      • Team
      • Teaching
      • Theses & Jobs
      • Research
      • Publications
    • Algorithms
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
    • Microprocessor Lab
    • Education
      • Winter 2025/2026
      • Summer 2025
      • Theses
    • Services
      • Library
      • Mailinglists
      • Webmail
      • Knowledge Base
      • Wiki
      • Account Management
      • Services Status
    • Spin-Offs
      • Docoloc
      • bliq (formerly AIPARK)
      • Confidential Technologies
    • Research Cooperations
      • IST.hub

Linux Kernel Attack Surface Reduction Measurement

SupervisorProf. Dr. Rüdiger Kapitza
ProfessorProf. Dr. Rüdiger Kapitza
Project
IBR GroupDS (Prof. Kapitza)
TypeMaster Thesis
Statusfinished

Background

Kernel vulnerabilities are a major current practical security problem, as attested by the weaknesses and flaws found in many commodity operating system kernels in recent years. Ever-growing code size in those projects, due to the addi- tion of new features and the reluctance to remove legacy support, indicate that this problem will remain a severe sys- tem security threat in the foreseeable future. In order to measure precisely the attack surface of the kernel, that is the amount of privileged code accessible from a given user or application through system calls, we consider using the call graph of kernel functions. This will allow us subsequently to precisely measure the efficiency of attack surface reduc- tion tools such as ktrim, which disallow the execution of unnecessary kernel functions by unprivileged applications.

The project will be in collaboration with IBM Research in Zurich. Project Goals

  • Exploring and comparing various tools allowing to map a static (i.e., based on the source code of the kernel) call graph of all kernel functions (e.g., CodeViz). Evaluating their accuracy.
  • Developing a tool that receives as input a list of disallowed kernel functions, and computes attack surface re- duction, i.e., the number of internal kernel functions accessible after the disallowed functions divided by the total number of internal kernel functions accessible.
  • Refinement of the metric (e.g., taking into account the number of lines of code in each function, or by the number of x86 instructions, or input from static taint analysis results on the Linux kernel if time permits).

Further Information

  • Anil Kurmus, Alessandro Sorniotti and Rüdiger Kapitza: Attack Surface Reduction For Commodity OS Kernels, in Proceedings of the Fourth European Workshop on System Security, Engin Kirda and Steven Hand, Salzburg,Austria, 2011 (kurmus11ktrim, BibTeX)

Requirements

  • Knowledge of operating system principles, especially in the context of Linux (system calls, process context vs. interrupt context, kernel modules).
  • Knowledge of a (scripting) language such as Python to develop the attack surface measurement tool.
  • Linux kernel coding experience is a plus.
  • Experience in practical system security a plus (e.g., buffer overflows, TOCTTOU races).

Bei  Interesse  einfach  mal  vorbei  kommen  oder  eine  E-­Mail  schicken:

 

Prof. Dr. Rüdiger Kapitza oder bei Anil  Kurmus (IBM Research kur@zurich.ibm.com

 
last changed 2016-06-14, 16:03 by Prof. Dr. Rüdiger Kapitza

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility