Set the configuration for the heart of the OS: On the Practicality of Operating System Kernel Debloating

Hsuan Chi Kuo, Jianyan Chen, Sibin Mohan, Tianyin Xu

Research output: Contribution to journalArticlepeer-review

Abstract

This paper presents a study on the practicality of operating system (OS) kernel debloating, that is, reducing kernel code that is not needed by the target applications. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot time and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are not widely adopted in practice, especially in production environments. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, such as both accidental and essential ones. To understand these limitations, we build an advanced debloating framework named Cozart that enables us to conduct a number of experiments on different types of OS kernels (such as Linux and the L4 microkernel) with a wide variety of applications (such as HTTPD, Memcached, MySQL, NGINX, PHP, and Redis). Our experimental results reveal the challenges and opportunities in making OS kernel debloating practical. We share these insights and our experience to shed light on addressing the limitations of kernel debloating techniques in future research and development efforts.

Original languageEnglish (US)
Pages (from-to)101-109
Number of pages9
JournalCommunications of the ACM
Volume65
Issue number5
DOIs
StatePublished - May 2022

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Set the configuration for the heart of the OS: On the Practicality of Operating System Kernel Debloating'. Together they form a unique fingerprint.

Cite this