Linux Security Summit 2014/Abstracts/Kurmus
Quantifying and Reducing the Kernel Attack Surface
The Linux kernel ships with many features which can be, and are, exploited by attackers. In this talk, we explore two different approaches to reduce the kernel attack surface. One at compile-time, whereby execution traces of the kernel are taken into account to automatically generate a tailored kernel configuration. Another at run-time, whereby traces are directly used at run-time to detect the use of unnecessary functions by a subset of applications. Prior to that, we will give a precise definition of the attack surface and propose ways of measuring it, to be able to objectively evaluate the benefits of such approaches. Evaluation results show that attack surface reduction is an effective approach, whether we quantify attack surface in terms of CVEs that would have prevented, or reduction of the amount of reachable code under reasonable threat models.