TY - GEN
T1 - Evaluating the Effect of Improved Indirect Call Resolution on System Call Debloating
AU - Rajagopalan, Vidya Lakshmi
AU - Portokalidis, Georgios
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s).
PY - 2024/11/19
Y1 - 2024/11/19
N2 - Applications use only a small set of the system calls made available by the operating system. Modifying programs to debloat or disallow unused system calls is a mitigation technique that can both reduce kernel attack surface and attacker capabilities for when an application gets compromised. To achieve this, existing systems generate a sound function call graph of the application and its dependent libraries and based on that, determine the minimum set of system calls used. Techniques that refine the call graph by determining the possible targets of indirect function calls have, in theory, the potential to also improve system-call debloating. In this paper, we evaluate the effects of state-of-the-art indirect calls refinement technique and we find that even though it improves the application call graph, it does not have any significant effect on system call policies. In contrast, we find that standard C library (libc) being used plays a more important role on restricting system calls. Context-sensitive and path-sensitive call graph refinement on libc could bring benefits to system call debloating.
AB - Applications use only a small set of the system calls made available by the operating system. Modifying programs to debloat or disallow unused system calls is a mitigation technique that can both reduce kernel attack surface and attacker capabilities for when an application gets compromised. To achieve this, existing systems generate a sound function call graph of the application and its dependent libraries and based on that, determine the minimum set of system calls used. Techniques that refine the call graph by determining the possible targets of indirect function calls have, in theory, the potential to also improve system-call debloating. In this paper, we evaluate the effects of state-of-the-art indirect calls refinement technique and we find that even though it improves the application call graph, it does not have any significant effect on system call policies. In contrast, we find that standard C library (libc) being used plays a more important role on restricting system calls. Context-sensitive and path-sensitive call graph refinement on libc could bring benefits to system call debloating.
KW - call graph
KW - System call debloating
UR - http://www.scopus.com/inward/record.url?scp=85214084790&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85214084790&partnerID=8YFLogxK
U2 - 10.1145/3689937.3695791
DO - 10.1145/3689937.3695791
M3 - Conference contribution
AN - SCOPUS:85214084790
T3 - FEAST 2024 - Proceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation, Co-Located with: CCS 2024
SP - 1
EP - 6
BT - FEAST 2024 - Proceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation, Co-Located with
T2 - 6th Workshop on Forming an Ecosystem Around Software Transformation, FEAST 2024
Y2 - 14 October 2024 through 18 October 2024
ER -