Blogs (61) >>
Thu 19 Jul 2018 16:00 - 16:37 at Paris - SALAD 3 Chair(s): Jan Vitek

Linux kernel contains a large number of features that not all systems need, while Linux distributors enable as many features as possible to make their distributions generic, leading to severe bloating problem. Intuitively, we can use the existing configuration system to remove unnecessary features. However, it is unclear whether this system is adequate for kernel debloating. In this study, we perform analysis to understand how much security benefit a user can obtain if she performs the kernel debloating through the compile-time configuration. Our study shows that existing configuration system provides a convenient and effective vector to reduce the attack surface while producing a functional kernel. With such result, we plan to spend more effort to build a secure kernel through the compile-time debloating.

Thu 19 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 18:30
SALAD 3SALAD at Paris
Chair(s): Jan Vitek Northeastern University
16:00
37m
Talk
On the Effectiveness of Kernel Debloating via Compile-time Configuration
SALAD
Mansour Alharthi , Hong Hu Georgia Institute of Technology, Hyungon Moon Georgia Tech, Taesoo Kim Georgia Tech
16:37
37m
Talk
WALA Everywhere: Cross Language Deep Analysis and Cross IDE Tool Support
SALAD
Julian Dolby IBM Thomas J. Watson Research Center
17:15
37m
Talk
Detection of Spectre vulnerabilities via static analysis
SALAD
Omer Tripp Google Inc.
17:52
37m
Talk
BinRec: Attack Surface Reduction Through Dynamic Binary Recovery
SALAD
Taddeus Kroes Vrije Universiteit Amsterdam, Anil Altinay , Joseph Nash , Yeoul Na , Stijn Volckaert University of California, Irvine, Herbert Bos , Michael Franz University of California, Irvine, Cristiano Giuffrida