Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating

Hsuan Chi Kuo; Jianyan Chen; Sibin Mohan; Tianyin Xu

doi:10.1145/3393691.3394215

Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating

Hsuan Chi Kuo, Jianyan Chen, Sibin Mohan, Tianyin Xu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper presents a study on the practicality of operating system (OS) kernel debloating-reducing kernel code that is not needed by the target applications-in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named Cozart which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for realworld systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts.

Original language	English (US)
Title of host publication	Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems
Place of Publication	New York
Publisher	Association for Computing Machinery
Pages	87-88
Number of pages	2
ISBN (Electronic)	9781450379854
DOIs	https://doi.org/10.1145/3393691.3394215
State	Published - Jun 8 2020
Event	2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020 - Boston, United States Duration: Jun 8 2020 → Jun 12 2020

Conference

Conference	2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020
Country/Territory	United States
City	Boston
Period	6/8/20 → 6/12/20

Keywords

configuration
debloating
kernel
operating system
os
specialization

ASJC Scopus subject areas

Hardware and Architecture
Computer Networks and Communications
Computational Theory and Mathematics

Online availability

10.1145/3393691.3394215

Library availability

Discover UIUC Full Text

Cite this

Kuo, H. C., Chen, J., Mohan, S., & Xu, T. (2020). Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating. In Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems (pp. 87-88). Association for Computing Machinery. https://doi.org/10.1145/3393691.3394215

Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating. / Kuo, Hsuan Chi; Chen, Jianyan; Mohan, Sibin et al.
Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems. New York: Association for Computing Machinery, 2020. p. 87-88.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kuo, HC, Chen, J, Mohan, S & Xu, T 2020, Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating. in Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems. Association for Computing Machinery, New York, pp. 87-88, 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020, Boston, United States, 6/8/20. https://doi.org/10.1145/3393691.3394215

Kuo HC, Chen J, Mohan S , Xu T. Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating. In Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems. New York: Association for Computing Machinery. 2020. p. 87-88 Epub 2020 Jun 8. doi: 10.1145/3393691.3394215

@inproceedings{b0ecde86a2f243b9bb48994df6fbd714,

title = "Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating",

abstract = "This paper presents a study on the practicality of operating system (OS) kernel debloating-reducing kernel code that is not needed by the target applications-in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named Cozart which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for realworld systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts. ",

keywords = "configuration, debloating, kernel, operating system, os, specialization",

author = "Kuo, {Hsuan Chi} and Jianyan Chen and Sibin Mohan and Tianyin Xu",

note = "Publisher Copyright: {\textcopyright} 2019 Owner/Author.; 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020 ; Conference date: 08-06-2020 Through 12-06-2020",

year = "2020",

month = jun,

day = "8",

doi = "10.1145/3393691.3394215",

language = "English (US)",

pages = "87--88",

booktitle = "Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems",

publisher = "Association for Computing Machinery",

address = "United States",

}

TY - GEN

T1 - Set the Configuration for the Heart of the OS

T2 - 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2020

AU - Kuo, Hsuan Chi

AU - Chen, Jianyan

AU - Mohan, Sibin

AU - Xu, Tianyin

PY - 2020/6/8

Y1 - 2020/6/8

N2 - This paper presents a study on the practicality of operating system (OS) kernel debloating-reducing kernel code that is not needed by the target applications-in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named Cozart which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for realworld systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts.

AB - This paper presents a study on the practicality of operating system (OS) kernel debloating-reducing kernel code that is not needed by the target applications-in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named Cozart which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for realworld systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts.

KW - configuration

KW - debloating

KW - kernel

KW - operating system

KW - os

KW - specialization

UR - http://www.scopus.com/inward/record.url?scp=85086180248&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85086180248&partnerID=8YFLogxK

U2 - 10.1145/3393691.3394215

DO - 10.1145/3393691.3394215

M3 - Conference contribution

AN - SCOPUS:85086180248

SP - 87

EP - 88

BT - Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems

PB - Association for Computing Machinery

CY - New York

Y2 - 8 June 2020 through 12 June 2020

ER -

Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating

Abstract

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this