research-article

Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis

Authors:

Marcus PeinadoAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 1994 - 2008

https://doi.org/10.1145/3576915.3623208

Published: 21 November 2023 Publication History

Abstract

Kernel debloating is a practical mechanism to mitigate the security problems of the operating system kernel by reducing its attack surface. Existing kernel debloating mechanisms focus on specializing a kernel to run a target application based on its dynamic traces collected in the past - they remove functions from the kernel which are not used by the application according to the traces. However, since the dynamic traces do not ensure full coverage, false removals of required functions are unavoidable. This paper proposes Hacksaw, a novel mechanism to debloat a kernel for a target machine based on its hardware device inventory. Hacksaw accurately debloats a kernel without false removals because figuring out which hardware components are attached to the machine as well as which device drivers manage them is comprehensive and deterministic. Hacksaw removes not only inoperative device drivers that do not control any attached hardware components but also other kernel modules and functions which are associated with the inoperative drivers according to three dependency analysis approaches: call-graph, driver-model, and compilation-unit analyses. Our evaluation shows that Hacksaw effectively removes inoperative kernel modules and functions (i.e., their respective reduction ratios are 45% and 30% on average) while ensuring validity and compatibility.

References

[1]

Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu. 2021. SHARD: Fine-Grained Kernel Specialization with Context-Aware Hardening. In Proceedings of the 30th USENIX Security Symposium (Security). Virtual.

[2]

Mansour Alharthi, Hong Hu, Hyungon Moon, and Taesoo Kim. 2018. On the Effectiveness of Kernel Debloating via Compile-time Configuration. In Proceedings of the Second Workshop on Forming an Ecosystem Around Software Transformation (FEAST).

[3]

Sebastian Angel, Riad S. Wahby, Max Howald, Joshua B. Leners, Michael Spilo, Zhen Sun, Andrew J. Blumberg, and Michael Walfish. 2016. Defending against malicious peripherals with Cinch. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.

Digital Library

[4]

Ioannis Angelakopoulos, Gianluca Stringhini, and Manuel Egele. 2023. FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules. In Proceedings of the 32nd USENIX Security Symposium (Security). Anaheim, CA.

[5]

Patroklos Argyroudis and Dimitris Glynos. 2011. Protecting the Core: Kernel Exploitation Mitigations. Black Hat Europe (2011).

[6]

Arm. 2021. Software Just Works on Arm-Based Devices.

[7]

Jia-Ju Bai, Tuo Li, Kangjie Lu, and Shi-Min Hu. 2021. Static Detection of Unsafe DMA Accesses in Device Drivers. In Proceedings of the 30th USENIX Security Symposium (Security). Virtual.

[8]

Silas Boyd-Wickizer and Nickolai Zeldovich. 2010. Tolerating Malicious Device Drivers in Linux. In Proceedings of the 2010 USENIX Annual Technical Conference (ATC). Boston, MA.

Digital Library

[9]

Alexander Bulekov, Bandan Das, Stefan Hajnocz, and Manuel Egele. 2022. Morphuzz: Bending (Input) Space to Fuzz Virtual Devices. In Proceedings of the 31st USENIX Security Symposium (Security). Boston, MA.

[10]

Douglas Campbell and Chris Grevstad. 1985. A tutorial for make. In Proceedings of the 1985 ACM Annual Conference on The Range of Computing.

Digital Library

[11]

Javier Martinez Canillas. 2012. Kbuild: the Linux Kernel Build System. Linux Journal (2012).

[12]

Capstone. 2023. Capstone: The Ultimate Disassembly. https://www.capstone-engine.org.

[13]

Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. 2009. Fast Byte-Granularity Software Fault Isolation. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP). Big Sky, MT.

Digital Library

[14]

Giacomo Catenazzi. 2023. LKDDb: Linux Kernel Driver DataBase. https://cateee.net/lkddb/.

[15]

Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M Frans Kaashoek. 2011. Linux kernel vulnerabilities: State-of-the-art defenses and open problems. In Proceedings of the Second Asia-Pacific Workshop on Systems (APSys).

Digital Library

[16]

Jonathan Corbet. 2017. Restricting automatic kernel-module loading. https://lwn.net/Articles/740455/.

[17]

Jonathan Corbet, Alessandro Rubini, and Greg Kroah-Hartman. 2005. Linux Device Drivers. "O'Reilly Media, Inc.".

[18]

Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, and Giovanni Vigna. 2017. DIFUZE: Interface Aware Fuzzing for Kernel Drivers. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). Dallas, TX.

Digital Library

[19]

Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).

[20]

devicetree.org. 2021. Devicetree Specification Release v0.4-rc1. https://www.devicetree.org/specifications/.

[21]

DockerSlim. 2022. DockerSlim. https://dockersl.im.

[22]

FIRST. 2019. Common Vulnerability Scoring System v3.1: Specification Document. https://www.first.org/cvss/v3.1/specification-document.

[23]

Foundeo Inc. 2023 a. Linux Kernel - Security Vulnerabilities in 2023. https://stack.watch/product/linux/linux-kernel/.

[24]

Foundeo Inc. 2023 b. Microsoft Windows 10 - Security Vulnerabilities in 2023. https://stack.watch/product/microsoft/windows-10/.

[25]

Archana Ganapathi, Viji Ganapathi, and David A Patterson. 2006. Windows XP Kernel Crash Analysis. In Proceedings of the 20th Large Installation System Administration Conference (LISA).

[26]

Matheus E. Garbelini, Vaibhav Bedi, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan. 2022. BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing. In Proceedings of the 31st USENIX Security Symposium (Security). Boston, MA.

[27]

Matheus E. Garbelini, Chundong Wang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan. 2020. SweynTooth: Unleashing Mayhem over Bluetooth Low Energy. In Proceedings of the 2020 USENIX Annual Technical Conference (ATC).

[28]

Paul Gazzillo. 2017. Kmax: Finding All Configurations of Kbuild Makefiles Statically. In Proceedings of 2017 11th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

[29]

Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis. 2020. Temporal System Call Specialization for Attack Surface Reduction. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA.

Digital Library

[30]

Seyedhamed Ghavamnia, Tapti Palit, and Michalis Polychronakis. 2022. C2C: Fine-grained Configuration-driven System Call Filtering. In Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS). Los Angeles, CA.

Digital Library

[31]

Kirk Glerum, Kinshuman Kinshumann, Steve Greenberg, Gabriel Aul, Vince Orgovan, Greg Nichols, David Grant, Gretchen Loihle, and Galen Hunt. 2009. Debugging in the (Very) Large: Ten Years of Implementation and Experience. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP). Big Sky, MT.

Digital Library

[32]

Google Cloud. 2019. Migration to Google Cloud: Getting started. https://cloud.google.com/architecture/migration-to-gcp-getting-started.

[33]

Jay Gordon. 2021. On Prem To The Cloud: Lift and Shift (Ep 2). https://devblogs.microsoft.com/devops/on-prem-to-the-cloud-lift-and-shift-ep-2/.

[34]

Stephen J. Gowdy. 2023. The USB ID Repository. http://www.linux-usb.org/usb-ids.html.

[35]

GRIMM. 2021. New Old Bugs in the Linux Kernel. https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html.

[36]

Zhongshu Gu, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2014. Face-Change: Application-Driven Dynamic Kernel View Switching in a Virtual Machine. In Proceedings of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

Digital Library

[37]

Zhongshu Gu, William N. Sumner, Zhui Deng, Xiangyu Zhang, and Dongyan Xu. 2013. DRIP: A Framework for Purifying Trojaned Kernel Drivers. In Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

Digital Library

[38]

Bernhard Heinloth, Marco Ammon, Dustin T Nguyen, Timo Hönig, Volkmar Sieh, and Wolfgang Schröder-Preikschat. 2019. Cocoon: Custom-Fitted Kernel Compiled on Demand. In Proceedings of the 10th Workshop on Programming Languages and Operating Systems (PLOS).

Digital Library

[39]

Felicitas Hetzelt, Martin Radev, Robert Buhren, Mathias Morbitzer, and Jean-Pierre Seifert. 2021. VIA: Analyzing Device Interfaces of Protected Virtual Machines. In Proceedings of the Annual Computer Security Applications Conference (ACSAC).

Digital Library

[40]

Zhenghao Hu and Brendan Dolan-Gavitt. 2022. IRQDebloat: Reducing Driver Attack Surface in Embedded Devices. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[41]

Yongzhe Huang, Vikram Narayanan, David Detweiler, Kaiming Huang, Gang Tan, Trent Jaeger, and Anton Burtsev. 2022. KSplit: Automating Device Driver Isolation. In Proceedings of the 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Carlsbad, CA.

[42]

Asim Kadav and Michael M Swift. 2012. Understanding Modern Device Drivers. In Proceedings of the 17th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). London, UK.

Digital Library

[43]

Kyungtae Kim, Taegyu Kim, Ertza Warraich, Byoungyoung Lee, Kevin RB Butler, Antonio Bianchi, and Dave Jing Tian. 2022. FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[44]

Su Yong Kim, Sangho Lee, Insu Yun, Wen Xu, Byoungyoung Lee, Youngtae Yun, and Taesoo Kim. 2017. CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC). Santa Clara, CA.

[45]

Hsuan-Chi Kuo, Jianyan Chen, Sibin Mohan, and Tianyin Xu. 2020a. Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating. Proceedings of the ACM on Measurement and Analysis of Computing Systems (SIGMETRICS), Vol. 4, 1 (2020), 1--27.

Digital Library

[46]

Hsuan-Chi Kuo, Dan Williams, Ricardo Koller, and Sibin Mohan. 2020b. A Linux in Unikernel Clothing. In Proceedings of the 15th European Conference on Computer Systems (EuroSys). Crete, Greece.

Digital Library

[47]

Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schröder-Preikschat, Daniel Lohmann, and Rüdiger Kapitza. 2013. Attack Surface Metrics and Automated Compile-Time Kernel Tailoring. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[48]

Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the International Symposium on Code Generation and Optimization (CGO).

[49]

Linux Kernel CVEs. 2023. Linux Kernel Vulnerability Tracker. https://linuxkernelcves.com.

[50]

Linux Test Project. 2023. LTP - Linux Test Project. https://linux-test-project.github.io.

[51]

Kangjie Lu and Hong Hu. 2019. Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS). London, UK.

[52]

Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna. 2017. DR.CHECKER: A Soundy Analysis for Linux Kernel Drivers. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, Canada.

[53]

Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. 2017. My VM is Lighter (and Safer) than you Container. In Proceedings of the 26th ACM Symposium on Operating Systems Principles (SOSP). Shanghai, China.

Digital Library

[54]

Mohamad Mansouri, Jun Xu, and Georgios Portokalidis. 2023. Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary Programs. In Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS). Melbourne, Victoria, Australia.

Digital Library

[55]

Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M Frans Kaashoek. 2011. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP). Cascais, Portugal.

Digital Library

[56]

Derrick McKee, Yianni Giannaris, Carolina Ortega, Howard Shrobe, Mathias Payer, Hamed Okhravi, and Nathan Burow. 2022. Preventing Kernel Hacks with HAKCs. In Proceedings of the 2022 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[57]

Vikram Narayanan, Abhiram Balasubramanian, Charlie Jacobsen, Sarah Spall, Scott Bauer, Michael Quigley, Aftab Hussain, Abdullah Younis, Junjie Shen, Moinak Bhattacharyya, and Anton Burtsev. 2019. LXDs: Towards Isolation of Kernel Subsystems. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). Renton, WA.

[58]

Vikram Narayanan, Yongzhe Huang, Gang Tan, Trent Jaeger, and Anton Burtsev. 2020. Lightweight Kernel Isolation with Virtualization and VM functions. In Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). Lausanne, Switzerland.

Digital Library

[59]

Anh Nguyen, Himanshu Raj, Shravan Rayanchu, Stefan Saroiu, and Alec Wolman. 2012. Delusional Boot: Securing Cloud Hypervisors without Massive Re-engineering. In Proceedings of the 7th European Conference on Computer Systems (EuroSys). Bern, Switzerland.

Digital Library

[60]

Jeho Oh, Necip Fazil Yildiran, Julian Braha, and Paul Gazzillo. 2021. Finding Broken Linux Configuration Specifications by Statically Analyzing the Kconfig Language. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

[61]

Pierre Olivier, Daniel Chiba, Stefan Lankes, Changwoo Min, and Binoy Ravindran. 2019. A Binary-Compatible Unikernel. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE). Providence, RI.

Digital Library

[62]

PCI SIG. 2019. PCI Express Base Specification Revision 5.0 Version 1.0. https://members.pcisig.com/wg/PCI-SIG/document/13005.

[63]

Hui Peng and Mathias Payer. 2020. USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA.

[64]

Phoronix Media. 2023. Phoronix Test Suite - Linux Testing & Benchmarking Platform, Automated Testing, Open-Source Benchmarking. https://www.phoronix-test-suite.com.

[65]

Albert Pool and Martin Mares. 2023. The PCI ID Repository. https://pci-ids.ucw.cz.

[66]

Alexander Popov. 2021. Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel. https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html.

[67]

Ivan Pustogarov, Qian Wu, and David Lie. 2020. Ex-vivo dynamic analysis framework for Android device drivers. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[68]

Srikanth Rangavajhala and Prasanna Raghavendran. 2021. Lift and shift: Rehost your workload on AWS to accelerate your cloud journey. https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-rehosting/welcome.html.

[69]

Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, and Patrick McDaniel. 2017. Cimplifier: Automatically Debloating Containers. In Proceedings of the 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE). Paderborn, Germany.

Digital Library

[70]

Tristan Ravitch. 2023. travitch/whole-program-llvm: A wrapper script to build whole-program LLVM bitcode files. https://github.com/travitch/whole-program-llvm.

[71]

Petter Reinholdtsen. 2013. Modalias strings - a practical way to map "stuff" to hardware. http://people.skolelinux.org/pere/blog/Modalias_strings___a_practical_way_to_map__stuff__to_hardware.html.

[72]

Rami Rosen. 2013. Resource management: Linux kernel Namespaces and cgroups. http://www.haifux.org/lectures/299/netLec7.pdf.

[73]

Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. 2020. Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA.

[74]

Barbara G Ryder. 1979. Constructing the call graph of a program. IEEE Transactions on Software Engineering 3 (1979), 216--226.

Digital Library

[75]

Michael S. 2019. Linux kernel module autoloading. https://duasynt.com/blog/linux-kernel-module-autoloading.

[76]

Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz. 2021. Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types. In Proceedings of the 30th USENIX Security Symposium (Security). Virtual.

[77]

Zekun Shen, Ritik Roongta, and Brendan Dolan-Gavitt. 2022. Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds. In Proceedings of the 31st USENIX Security Symposium (Security). Boston, MA.

[78]

Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, and Michael Franz. 2019. PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[79]

Dokyung Song, Felicitas Hetzelt, Jonghwan Kim, Brent Byunghoon Kang, Jean-Pierre Seifert, and Michael Franz. 2020. Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA.

[80]

Reinhard Tartler, Daniel Lohmann, Julio Sincero, and Wolfgang Schröder-Preikschat. 2011. Feature Consistency in Compile-Time-Configurable System Software: Facing the Linux 10,000 Feature Problem. In Proceedings of the 6th Conference on Computer Systems (EuroSys).

Digital Library

[81]

Jörg Thalheim, Pramod Bhatotia, Pedro Fonseca, and Baris Kasikci. 2018. CNTR: Lightweight OS Containers. In Proceedings of the 2018 USENIX Annual Technical Conference (ATC). Boston, MA.

[82]

The kernel development community. 2023 a. Development tools for the kernel. https://www.kernel.org/doc/html/latest/dev-tools/index.html.

[83]

The kernel development community. 2023 b. Device drivers infrastructure. https://www.kernel.org/doc/html/latest/driver-api/infrastructure.html.

[84]

The kernel development community. 2023 c. Platform Devices and Drivers. https://www.kernel.org/doc/html/latest/driver-api/driver-model/platform.html.

[85]

The kernel development community. 2023 d. Seccomp BPF (Secure Computing with Filters). https://www.kernel.org/doc/html/latest/userspace-api/seccomp_filter.html.

[86]

UEFI Form, Inc. 2022. ACPI Specification 6.5. https://uefi.org/specs/ACPI/6.5/.

[87]

Jianliang Wu, Ruoyu Wu, Daniele Antonioli, Mathias Payer, Nils Ole Tippenhauer, Dongyan Xu, Dave Jing Tian, and Antonio Bianchi. 2021. LightBlue: Automatic Profile-Aware Debloating of Bluetooth Stacks. In Proceedings of the 30th USENIX Security Symposium (Security). Virtual.

[88]

Zhi Zhang, Yueqiang Cheng, Surya Nepal, Dongxi Liu, Qingni Shen, and Fethi Rabhi. 2018. KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID).

[89]

Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, and Chao Zhang. 2022a. StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing. In Proceedings of the 31st USENIX Security Symposium (Security). Boston, MA.

[90]

Wenjia Zhao, Kangjie Lu, Qiushi Wu, and Yong Qi. 2022b. Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators. In Proceedings of the 2022 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

Cited By

Alhanahnah MBoshmaf YGehani ACraven RMickelson M(2024)SoK: Software Debloating Landscape and Future DirectionsProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695792(11-18)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695792
Kuvaiskii DStavrakakis DQin KXing CBhatotia PVij MLuo BLiao XXu JKirda ELie D(2024)Gramine-TDX: A Lightweight OS Kernel for Confidential VMsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690323(4598-4612)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690323
Kuzuno HYamauchi T(2024)Mitigation of privilege escalation attack using kernel data relocation mechanismInternational Journal of Information Security10.1007/s10207-024-00890-423:5(3351-3367)Online publication date: 25-Jul-2024
https://dl.acm.org/doi/10.1007/s10207-024-00890-4

Index Terms

Hacksaw: Hardware-Centric Kernel Debloating via Device Inventory and Dependency Analysis
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Slimium: Debloating the Chromium Browser with Feature Subsetting
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Today, a web browser plays a crucial role in offering a broad spectrum of web experiences. The most popular browser, Chromium, has become an extremely complex application to meet ever-increasing user demands, exposing unavoidably large attack vectors ...
A pre-selecting base kernel method in multiple kernel learning

The pre-defined base kernel greatly affects the performance of multiple kernel learning (MKL), but selecting the pre-defined base kernel still has no theoretical guidance. In practice, it is very difficult to select a set of appropriate base kernels ...
Online kernel selection via incremental sketched kernel alignment
IJCAI'18: Proceedings of the 27th International Joint Conference on Artificial Intelligence

In contrast to offline kernel selection, online kernel selection must rise to the new challenges of passing the training set once, selecting optimal kernels and updating hypotheses at each round, enjoying a sublinear regret bound for online kernel ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
313
Total Downloads

Downloads (Last 12 months)160
Downloads (Last 6 weeks)12

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alhanahnah MBoshmaf YGehani ACraven RMickelson M(2024)SoK: Software Debloating Landscape and Future DirectionsProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695792(11-18)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695792
Kuvaiskii DStavrakakis DQin KXing CBhatotia PVij MLuo BLiao XXu JKirda ELie D(2024)Gramine-TDX: A Lightweight OS Kernel for Confidential VMsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690323(4598-4612)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690323
Kuzuno HYamauchi T(2024)Mitigation of privilege escalation attack using kernel data relocation mechanismInternational Journal of Information Security10.1007/s10207-024-00890-423:5(3351-3367)Online publication date: 25-Jul-2024
https://dl.acm.org/doi/10.1007/s10207-024-00890-4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten