Contemporary operating systems, such as Linux, have grown to be large, complex pieces of software. They are meant to support a large number of applications and hardware devices. Yet, typical applications may only use a fraction of the code in such operating systems. With increased code comes increased attack surfaces – particularly if the code paths are not stressed/explored often enough. Combined with the increased use of container-type systems, a security vulnerability that is exploited by any one application could result in the failure of either the entire operating system or even other applications running on the same platform.
In this talk I present two methods for “code debloating”, i.e. automatic code reduction, for commodity operating systems, especially Linux. COZART, uses compile-time configuration options, while MULTI-K uses more aggressive tracing-based methods combined with masking of OS code to orchestrate multiple specialized (reduced) kernels. Both of these operate in a manner that’s transparent to the end user/application developers. We see significant savings in OS code usage, better boot times and performance and also improved security and resiliency guarantees.
Sibin Mohan is an Associate Professor in the School of Electrical Engineering and Computer Science at Oregon State University. Prior to this he was a Research Assistant Professor in the Computer Science and Electrical Engineering Departments at the University of Illinois at Urban-Champaign. He completed his Ph.D. and M.S. in Computer Science from North Carolina State University in 2008 and 2004 respectively. His undergraduate degree was in Computer Science and Engineering from Bangalore University, India in 2001. He was previously a postdoctoral scholar in the Computer Science department at UIUC. In the past, he has also worked in Hewlett Packard’s India Software Operations.
Sibin’s research interests are in the area of systems, security, networking and autonomous systems. His current research efforts include:
resiliency and security for: cyber-physical systems, autonomous and IoT-style systems
resiliency via code debloating for operating systems and container-style applications
resilient networks,
security for V2X systems and understanding the behavior of UAV swarms.