research-article

Public Access

Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating

Authors:

Tianyin XuAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 4, Issue 1

Article No.: 03, Pages 1 - 27

https://doi.org/10.1145/3379469

Published: 27 May 2020 Publication History

Abstract

This paper presents a study on the practicality of operating system (OS) kernel debloating---reducing kernel code that is not needed by the target applications---in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named \tool which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for real-world systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts.

References

[1]

Amazon Linux 2. https://aws.amazon.com/amazon-linux-2.

[2]

Apache-Test. http://perl.apache.org/Apache-Test/.

[3]

FIASCO : The L4Re Microkernel. http://os.inf.tu-dresden.de/fiasco.

[4]

LAMP. http://ampps.com/lamp.

[5]

Memcached Test. https://github.com/memcached/memcached/tree/master/t.

[6]

nginx-tests. https://github.com/nginx/nginx-tests.

[7]

PHP Test. https://github.com/php/php-src/tree/master/tests.

[8]

QEMU - the FAST! processor emulator. https://www.qemu.org.

[9]

Redis Test. https://github.com/antirez/redis/tree/unstable/tests.

[10]

the cloud market. https://thecloudmarket.com/stats#/by_platform_definition.

[11]

The MySQL Test Suite. https://dev.mysql.com/doc/refman/5.7/en/mysql-test-suite.html.

[12]

Configuring the FreeBSD Kernel. https://www.freebsd.org/doc/en_US.ISO8859--1/books/handbook/kernelconfig-config.html, 2019.

[13]

Iago Abal, Claus Brabrand, and Andrzej Wasowski. Variability Bugs in the Linux Kernel: a Qualitative Analysis. In ACM/IEEE International Conference on Automated Software Engineering (ASE'14), Vasteras, Sweden, 2014.

Digital Library

[14]

Iago Abal, Jean Melo, Stefan Stnciulescu, Claus Brabrand, Márcio Ribeiro, and Andrzej Wasowski. Variability Bugs in Highly Configurable Systems: A Qualitative Analysis. In ACM Transactions on Software Engineering and Methodology (TOSEM'18), 2018.

[15]

Mathieu Acher, Hugo Martin, Juliana Alves Pereira, Arnaud Blouin, Jean-Marc Jézéquel, Djamel Eddine Khelladi, Luc Lesoil, and Oliver Barais. Learning Very Large Configuration Spaces: What Matters for Linux Kernel Sizes. Technical Report hal-02314830, INRIA, October 2019.

[16]

Mathieu Acher, Hugo Martin, Juliana Alves Pereira, Arnaud Blouin, Djamel Eddine Khelladi, and Jean-Marc Jézéquel. Learning From Thousands of Build Failures of Linux Kernel Configurations. Technical report, INRIA, June 2019.

[17]

Mansour Alharthi, Hong Hu, Hyungon Moon, and Taesoo Kim. On the Effectiveness of Kernel Debloating via Compile-time Configuration. In Proceedings of the 1st Workshop on SoftwAre debLoating And Delayering, Amsterdam, Netherlands, July 2018.

[18]

aobench. Ambient Occlusion Benchmark. https://github.com/gnzlbg/aobench, 2019.

[19]

Armin Biere. Picosat essentials. JSAT, 4, 2008.

[20]

Sol Boucher, Anuj Kalia, David G. Andersen, and Michael Kaminsky. Putting the "Micro" Back in Microservice. In Proceedings of the 2018 USENIX Annual Technical Conference (USENIX ATC '18), Boston, MA, USA, July 2018.

[21]

Brendan Burns and David Oppenheimer. Design Patterns for Container-based Distributed Systems. In Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud'16), Denver, CO, USA, June 2016.

[22]

Cristian Cadar, Daniel Dunbar, and Dawson Engler. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08), San Diego, CA, USA, December 2008.

Digital Library

[23]

Cristian Cadar and Koushik Sen. Symbolic Execution For Software Testing: Three Decades Later. Communications of the ACM, 56(2):82--90, February 2013.

Digital Library

[24]

Yurong Chen, Shaowen Sun, Tian Lan, and Guru Venkataramani. TOSS: Tailoring Online Server Systems through Binary Feature Customization. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST'18), Toronto, Canada, October 2018.

Digital Library

[25]

Jonathan Corbet. A different approach to kernel configuration. https://lwn.net/Articles/733405/, September 2016.

[26]

Christian Dietrich, Reinhard Tartler, Wolfgang Schröder-Preikschat, and Daniel Lohmann. A Robust Approach for Variability Extraction from the Linux Build System. In Proceedings of the 16th International Software Product Line Conference (SPLC'12), Salvador, Brazil, 2012.

Digital Library

[27]

Alexia Emmanoulopoulou. infographic: How many people use Ubuntu? https://blog.ubuntu.com/2016/04/07/ubuntu-is-everywhere, April 2016.

[28]

Dawson R. Engler, M. Frans Kaashoek, and James O'Toole Jr. Exokernel: An Operating System Architecture for Application-level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP'95), Copper Mountain, Colorado, USA, 1995.

[29]

Kai Germaschewski and Sam Ravnborg. Kernel configuration and building in Linux 2.5. In Proceedings of the 2003 Linux Symposium, Ottawa, Ontario, Canada, July 2003.

[30]

Patrice Godefroid, Nils Klarlund, and Koushik Sen. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05), Chicago, IL, USA, June 2005.

[31]

Joseph M. Hellerstein, Jose Faleiro, Joseph E. Gonzalez, Johann Schleier-Smith, Vikram Sreekanti, Alexey Tumanov, and Chenggang Wu. Serverless Computing: One Step Forward, Two Steps Back. In Proceedings of the 8th Biennial Conference on Innovative Data Systems Research (CIDR'19), Asilomar, California, USA, January 2019.

[32]

Kihong Heo, Woosuk Lee, Pardis Pashakhanloo, and Mayur Naik. Effective Program Debloating via Reinforcement Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS'18), Toronto, Canada, 2018.

Digital Library

[33]

Arnaud Hubaux, Yingfei Xiong, and Krzysztof Czarnecki. A User Survey of Configuration Challenges in Linux and eCos. In Proceedings of 6th International Workshop on Variability Modeling of Software-intensive Systems (VaMoS'12), Leipzig, Germany, January 2012.

Digital Library

[34]

Marko Ivankoviç, Goran Petroviç, René Just, and Gordon Fraser. Code Coverage at Google. In Proceedings of the 2019 12th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2019), Tallinn, Estonia, 2019.

Digital Library

[35]

MSV Janakiram. 10 Reasons Why Ubuntu Is Killing It In The Cloud. https://www.forbes.com/sites/janakirammsv/2016/01/12/10-reasons-why-ubuntu-is-killing-it-in-the-cloud, January 2016.

[36]

Yufei Jiang, Dinghao Wu, and Peng Liu. JRed: Program Customization and Bloatware Mitigation Based on Static Analysis. In 2016 IEEE 40th Annual Computer Software and Applications Conference, 2016.

[37]

Eric Jonas, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, Joao Menezes Carreira, Karl Krauth, Neeraja Yadwadkar, Joseph Gonzalez, Raluca Ada Popa, Ion Stoica, and David A. Patterson. Cloud Programming Simplified: A Berkeley View on Serverless Computing. Technical Report UCB/EECS-2019--3, EECS Department, University of California, Berkeley, Feb 2019.

[38]

Junghwan Kang. A Practical Approach of Tailoring Linux Kernel. In The Linux Foundation Open Source Summit North America, Los Angeles, CA, September 2017.

[39]

Junghwan Kang. An Empirical Study of an Advanced Kernel Tailoring Framework. In The Linux Foundation Open Source Summit, Vancouver, BC, Canada, August 2018.

[40]

Junghwan Kang. Linux Kernel Tailoring Framework. https://github.com/ultract/linux-kernel-tailoring-framework, August 2018.

[41]

Antti Kantee and Justin Cormack. Rump Kernels: No OS? No Problem! ;login:, 39(5):11--17, 2014.

[42]

kernel.org. Kconfig. https://www.kernel.org/doc/Documentation/kbuild/kconfig-language.txt, 2018.

[43]

Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har'El, Don Marti, and Vlad Zolotarov. OSV -- Optimizing the Operating System for Virtual Machines. In Proceedings of the 2014 USENIX Annual Technical Conference (USENIX ATC'14), Philadelphia, PA, USA, June 2014.

[44]

George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. Evaluating Fuzz Testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS'18), Toronto, Canada, 2018.

[45]

Hsuan-Chi Kuo, Akshith Gunasekaran, Yeongjin Jang, Sibin Mohan, Rakesh B. Bobba, David Lie, and Jesse Walker. MultiK: A Framework for Orchestrating Multiple Specialized Kernels. arXiv:1903.06889, March 2019.

[46]

Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schrö der-Preikschat, Daniel Lohmann, and Rü diger Kapitza. Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13), San Diego, CA, USA, February 2013.

[47]

Che-Tai Lee, Zeng-Wei Hong, and Jim-Min Lin. Linux Kernel Customization for Embedded Systems By Using Call Graph Approach. In Proceedings of the 2003 Asia and South Pacific Design Automation Conference (ASP-DAC'03), Kitakyushu, Japan, January 2003.

[48]

Chi-Tai Lee, Jim-Min Lin, Zeng-Wei Hong, and Wei-Tsong Lee. An Application-Oriented Linux Kernel Customization for Embedded Systems. Journal of Information Science and Engineering, 20(6), 2004.

[49]

Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. Unikernels: Library Operating Systems for the Cloud. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'13), Houston, Texas, USA, 2013.

Digital Library

[50]

Anil Madhavapeddy and David J. Scott. Unikernels: Rise of the Virtual Library Operating System. Communications of the ACM, 57(1):61--69, 2014.

Digital Library

[51]

Linux man page. addr2line(1). https://linux.die.net/man/1/addr2line, 2019.

[52]

Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. My VM is Lighter (and Safer) Than Your Container. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP'17), Shanghai, China, October 2017.

Digital Library

[53]

Valentin J.M. Manés, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. The Art, Science, and Engineering of Fuzzing: A Survey. arXiv:1812.00140, April 2019.

[54]

Sarah Nadi, Thorsten Berger, Christian K"astner, and Krzysztof Czarnecki. Mining Configuration Constraints: Static Analyses and Empirical Results. In Proceedings of the 36th International Conference on Software Engineering (ICSE'14), Hyderabad, India, 2014.

[55]

Pierre Olivier, Daniel Chiba, Stefan Lankes, Changwoo Min, and Binoy Ravindran. A Binary-Compatible Unikernel. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE'19), Providence, Rhode Island, USA, April 2019.

[56]

Leonardo Passos, Rodrigo Queiroz, Mukelabai Mukelabai, Thorsten Berger, Sven Apel, Krzysztof Czarnecki, and Jesus Padilla. A Study of Feature Scattering in the Linux Kernel. In IEEE Transactions on Software Engineering (TSE), 2018.

[57]

Nicolas Pitre. LWN: Shrinking the kernel with a hammer. https://lwn.net/Articles/748198/, 2018.

[58]

Nicolas Pitre. LWN: Shrinking the kernel with an axe. https://lwn.net/Articles/746780/, 2018.

[59]

Nicolas Pitre. LWN: Shrinking the kernel with link-time garbage collection. https://lwn.net/Articles/741494/, 2018.

[60]

Nicolas Pitre. LWN: Shrinking the kernel with link-time optimization. https://lwn.net/Articles/744507/, 2018.

[61]

Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. RAZOR: A Framework for Post-deployment Software Debloating. In Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, USA, August 2019.

[62]

Anh Quach, Aravind Prakash, and Lok Yan. Debloating Software through Piece-Wise Compilation and Loading. In Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA, August 2018.

Digital Library

[63]

Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, and Patrick McDaniel. Cimplifier: Automatically Debloating Containers. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017), Paderborn, Germany, 2017.

[64]

Neil Savage. Going Serverless. Communications of the ACM, 61(2), February 2018.

[65]

Alberto Savoia. Code coverage goal: 80% and no less! https://testing.googleblog.com/2010/07/code-coverage-goal-80-and-no-less.html, July 2010.

[66]

Koushik Sen, Darko Marinov, and Gul Agha. CUTE: A Concolic Unit Testing Engine for C. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE'05), Lisbon, Portugal, September 2005.

[67]

Hashim Sharif, Muhammad Abubakar, Ashish Gehani, and Fareed Zaffar. TRIMMER: Application Specialization for Code Debloating. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE '18), Montpellier, France, September 2018.

[68]

Steven She and Thorsten Berger. Formal Semantics of the Kconfig Language. Technical report, Electrical and Computer Engineering, University of Waterloo, Canada, January 2010. Technical Note.

[69]

Klaus Stengel, Florian Schmaus, and Rü diger Kapitza. EsseOS: Haskell-based Tailored Services for the Cloud. In Proceedings of the 12th International Workshop on Adaptive and Reflective Middleware (ARM'13), Beijing, China, December 2013.

[70]

Chengnian Sun, Yuanbo Li, Qirun Zhang, Tianxiao Gu, and Zhendong Su. Perses: Syntax-guided Program Reduction. In In Proceedings of the 40th International Conference on Software Engineering (ASE'18), 2018.

[71]

Reinhard Tartler, Anil Kurmus, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Daniela Dorneanu, Rüdiger Kapitza, Wolfgang Schröder-Preikschat, and Daniel Lohmann. Automatic OS Kernel TCB Reduction by Leveraging Compile-time Configurability. In Proceedings of the 8th USENIX Conference on Hot Topics in System Dependability (HotDep'12), Hollywood, CA, 2012.

[72]

Reinhard Tartler, Daniel Lohmann, Julio Sincero, and Wolfgang Schröder-Preikschat. Feature Consistency in Compile-time-configurable System Software: Facing the Linux 10,000 Feature Problem. In Proceedings of the Sixth Conference on Computer Systems (Eurosys'11), Salzburg, Austria, April 2011.

Digital Library

[73]

Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. Cooperation and Security Isolation of Library OSes for Multi-process Applications. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys'14), Amsterdam, The Netherlands, 2014.

Digital Library

[74]

Chia-Che Tsai, Bhushan Jain, Nafees Ahmed Abdul, and Donald E. Porter. A Study of Modern Linux API Usage and Compatibility: What to Support When You're Supporting. In Proceedings of the 11th European Conference on Computer Systems (EuroSys'16), London, UK, 2016.

Digital Library

[75]

Bart Veer and John Dallaway. The eCos component writer's guide. Available: ecos. sourceware. org/ecos/docs-latest/cdl-guide/cdlguide. html, 2000.

[76]

Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, and Rukma Talwadker. Hey, You Have Given Me Too Many Knobs! Understanding and Dealing with Over-Designed Configuration in System Software. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'15), Bergamo, Italy, August 2015.

Digital Library

[77]

Tianyin Xu, Vineet Pandey, and Scott Klemmer. An HCI View of Configuration Problems. arXiv:1601.01747, January 2016.

[78]

Tianyin Xu and Yuanyuan Zhou. Systems Approaches to Tackling Configuration Errors: A Survey. ACM Computing Surveys (CSUR), 47(4), July 2015.

[79]

Lamia M. Youseff, Richard Wolski, and Chandra Krintz. Linux Kernel Specialization for Scientific Application Performance. Technical Report 2005--29, University of California Santa Barbara, 2005.

Cited By

Craun MHussain KGautam UJi ZRao TWilliams D(2024)Eliminating eBPF Tracing Overhead on Untraced ProcessesProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673431(16-22)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672197.3673431
Landsberg TDietrich CLohmann D(2024)Should I Bother? Fast Patch Filtering for Statically-Configured Software VariantsProceedings of the 28th ACM International Systems and Software Product Line Conference10.1145/3646548.3672585(12-23)Online publication date: 2-Sep-2024
https://dl.acm.org/doi/10.1145/3646548.3672585
Yıldıran NOh JLawall JGazzillo P(2024)Maximizing Patch Coverage for Testing of Highly-Configurable Software without Exploding Build TimesProceedings of the ACM on Software Engineering10.1145/36437461:FSE(427-449)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643746
Show More Cited By

Index Terms

Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating
1. General and reference
  1. Cross-computing tools and techniques
    1. Empirical studies
2. Software and its engineering
  1. Software notations and tools
    1. Software configuration management and version control systems
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Set the configuration for the heart of the OS: on the practicality of operating system kernel debloating

This paper presents a study on the practicality of operating system (OS) kernel debloating, that is, reducing kernel code that is not needed by the target applications. Despite their significant benefits regarding security (attack surface reduction) and ...
Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating
SIGMETRICS '20: Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems

This paper presents a study on the practicality of operating system (OS) kernel debloating---reducing kernel code that is not needed by the target applications---in real-world systems. Despite their significant benefits regarding security (attack ...
Adapting Linux for mobile platforms: An empirical study of Android
ICSM '12: Proceedings of the 2012 IEEE International Conference on Software Maintenance (ICSM)

To deliver a high quality software system in a short release cycle time, many software organizations chose to reuse existing mature software systems. Google has adapted one of the most reused computer operating systems (i.e., Linux) into an operating ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 4, Issue 1

SIGMETRICS

March 2020

467 pages

EISSN:2476-1249

DOI:10.1145/3402934

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California
,
Zhi-Li Zhang
University of Minnesota

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 May 2020

Online AM: 07 May 2020

Published in POMACS Volume 4, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,050
Total Downloads

Downloads (Last 12 months)206
Downloads (Last 6 weeks)23

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Craun MHussain KGautam UJi ZRao TWilliams D(2024)Eliminating eBPF Tracing Overhead on Untraced ProcessesProceedings of the ACM SIGCOMM 2024 Workshop on eBPF and Kernel Extensions10.1145/3672197.3673431(16-22)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672197.3673431
Landsberg TDietrich CLohmann D(2024)Should I Bother? Fast Patch Filtering for Statically-Configured Software VariantsProceedings of the 28th ACM International Systems and Software Product Line Conference10.1145/3646548.3672585(12-23)Online publication date: 2-Sep-2024
https://dl.acm.org/doi/10.1145/3646548.3672585
Yıldıran NOh JLawall JGazzillo P(2024)Maximizing Patch Coverage for Testing of Highly-Configurable Software without Exploding Build TimesProceedings of the ACM on Software Engineering10.1145/36437461:FSE(427-449)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643746
Zhang HAlhanahnah MAhmed FFatih DLeitner PAli-Eldin A(2024)Machine Learning Systems are Bloated and VulnerableProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36390328:1(1-30)Online publication date: 21-Feb-2024
https://dl.acm.org/doi/10.1145/3639032
Kim TRudo DZhao KZhao ZSkarlatos D(2024)Perspective: A Principled Framework for Pliable and Secure Speculation in Operating Systems2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00059(739-755)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00059
Le MAhmed SWilliams DJamjoom H(2023)Securing Container-based Clouds with Syscall-aware SchedulingProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582835(812-826)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3582835
Hu ZLee SPeinado MMeng WJensen CCremers CKirda E(2023)Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency AnalysisProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623208(1994-2008)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623208
Jinbo ZWuqiang SGuiquan S(2021)Research on Operating System Kernel Security Based on Mandatory Behavior Control Mechanism (MBC)Proceedings of the 2021 1st International Conference on Control and Intelligent Robotics10.1145/3473714.3473727(67-73)Online publication date: 18-Jun-2021
https://dl.acm.org/doi/10.1145/3473714.3473727

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents