From ZRLKUR@ch.ibm.com Tue Jun 10 00:57:22 2014 Date: Fri, 6 Jun 2014 18:40:55 +0200 From: Anil Kurmus1 To: lss-pc@ext.namei.org Cc: ak@securegoose.org Subject: [lss-pc] LSS refereed presentation proposal Hi, As mentioned in my previous email, I'd like to present some of the work I have done in my phd thesis (which I will defend next July), as well as discuss some of the things that have been keeping me busy for the last year. Here is a short abstract for a 35 min + 10 min presentation. I have more things that I'd like to discuss, but I think this would be a good start :) I didn't receive a reply to my previous email, but I assume you don't need the slides for now. Let me know if you'd like to know more. Quantifying and Reducing Kernel Attack Surface The Linux kernel ships with many features which can be, and are, exploited by attackers. In this talk, we explore two different approaches to reduce the kernel attack surface. One at compile-time, whereby execution traces of the kernel are taken into account to automatically generate a tailored kernel configuration. Another at run-time, whereby traces are directly used at run-time to detect the use of unnecessary functions by a subset of applications. Prior to that, we will give a precise definition of the attack surface and propose ways of measuring it, to be able to objectively evaluate the benefits of such approaches. Evaluation results show that attack surface reduction is an effective approach, whether we quantify attack surface in terms of CVEs that would have prevented, or reduction of the amount of reachable code under reasonable threat models. References: Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schr?der-Preikschat, Daniel Lohmann and R?diger Kapitza: Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring, in Proceedings of the 20th Network and Distributed System Security Symposium (NDSS '13), Internet Society (ISOC), 2013. Anil Kurmus, Sergej Dechand, and Ruediger Kapitza. "Quantifiable Run-time Kernel Attack Surface Reduction". In: Proceedings of the 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA?14). London/Egham, UK, 2014 (accepted for publication, available on demand). Anil Kurmus _______________________________________________ lss-pc mailing list lss-pc@ext.namei.org https://ext.namei.org/mailman/listinfo/lss-pc