Attack surface reduction in contemporary operating systems via practical kernel debloating

Kuo, Hsuan-Chi

Permalink

https://hdl.handle.net/2142/116151 Copy

Description

Title

Attack surface reduction in contemporary operating systems via practical kernel debloating

Author(s)

Kuo, Hsuan-Chi

Issue Date

2022-06-03

Director of Research (if dissertation) or Advisor (if thesis)

Mohan, Sibin

Doctoral Committee Chair(s)

Mohan, Sibin

Committee Member(s)

• Iyer, Ravishankar
• Adve, Vikram
• Xu, Tianyin
• Williams, Daniel

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• kernel
• operating systems
• debloating
• specialization

Abstract

This dissertation aims to address the problem of bloat in operating system (OS) kernels. It explores the problem by postulating that modern operating systems have multiple sources of bloat — from code to runtime overheads — that increases attack surfaces and negatively affects performance: reduction of such bloat (”debloating”), in a practical way, can make operating systems more robust and efficient. To validate this hypothesis, the work is divided into the following three groups: 1. Evaluate the tradeoffs between kernel debloating and kernel redesign (e.g., unikernels) 2. Study kernel debloating techniques and validate their effectiveness 3. Develop a practical and effective kernel debloating framework Previous work and this dissertation show that only a small part of a kernel is used by most applications. The redundant parts introduce performance regression (e.g., prolonged boot time and higher memory footprint) and enlarge attack surfaces (e.g., vulnerabilities due to software bugs). A study on using kernel debloating to reduce attack surfaces is conducted and shows that debloating is effective in reducing the redundancy as well as the kernel size (e.g., more than 80% for most cloud applications). The study also identifies the limitations that prevent the practical usage of a kernel debloating including the amount of manual efforts and instability of produced kernels. This dissertation demonstrates the indispensable benefits of commodity OS kernel debloating by studying other specialization techniques (e.g., unikernels). Unlike unikernels that only runs a small subset of Linux applications, the debloated Linux kernel not only runs every Linux application (full POSIX support) but also outperforms unikernels in various dimensions (e.g., boot time, image size, memory footprint and application performance). Motivated by the benefits of kernel debloating, this dissertation explores debloating techniques by building a kernel orchestration framework (MultiK) and kernel profiling tools (DKut and SKut). The experiment results confirm that applications use only a small part of the kernel (e.g., 93% of the kernel can be reduced for a web server). The results also show that aggressive and intrusive kernel debloating leads instability and cause kernel crashes, therefore, hindering its practical adoption. Based on the lessons learned, this dissertation further introduces an advanced and practical kernel debloating framework (Cozart) which debloats kernels automatically and generates stable kernels. I use Cozart as a vehicle to study how to make debloating more practical. I share these insights and my experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts. Finally, I go beyond the traditional definition of debloating and present KFuse that optimizes kernel extensions and reduce inefficiency.

Graduation Semester

2022-08

Type of Resource

Thesis

Copyright and License Information

Copyright 2022 Hsuan-Chi Kuo

Owning Collections