Abstract
This paper presents a study on the practicality of operating system (OS) kernel debloating---reducing kernel code that is not needed by the target applications---in real-world systems. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot times and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are seldom adopted in practice, especially in production systems. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, including both accidental and essential limitations. To understand these limitations, we build an advanced debloating framework named \tool which enables us to conduct a number of experiments on different types of OS kernels (including Linux and the L4 microkernel) with a wide variety of applications (including HTTPD, Memcached, MySQL, NGINX, PHP and Redis). Our experimental results reveal the challenges and opportunities towards making kernel debloating techniques practical for real-world systems. The main goal of this paper is to share these insights and our experiences to shed light on addressing the limitations of kernel debloating in future research and development efforts.
- Amazon Linux 2. https://aws.amazon.com/amazon-linux-2.Google Scholar
- Apache-Test. http://perl.apache.org/Apache-Test/.Google Scholar
- FIASCO : The L4Re Microkernel. http://os.inf.tu-dresden.de/fiasco.Google Scholar
- LAMP. http://ampps.com/lamp.Google Scholar
- Memcached Test. https://github.com/memcached/memcached/tree/master/t.Google Scholar
- nginx-tests. https://github.com/nginx/nginx-tests.Google Scholar
- PHP Test. https://github.com/php/php-src/tree/master/tests.Google Scholar
- QEMU - the FAST! processor emulator. https://www.qemu.org.Google Scholar
- Redis Test. https://github.com/antirez/redis/tree/unstable/tests.Google Scholar
- the cloud market. https://thecloudmarket.com/stats#/by_platform_definition.Google Scholar
- The MySQL Test Suite. https://dev.mysql.com/doc/refman/5.7/en/mysql-test-suite.html.Google Scholar
- Configuring the FreeBSD Kernel. https://www.freebsd.org/doc/en_US.ISO8859--1/books/handbook/kernelconfig-config.html, 2019.Google Scholar
- Iago Abal, Claus Brabrand, and Andrzej Wasowski. Variability Bugs in the Linux Kernel: a Qualitative Analysis. In ACM/IEEE International Conference on Automated Software Engineering (ASE'14), Vasteras, Sweden, 2014.Google Scholar
Digital Library
- Iago Abal, Jean Melo, Stefan Stnciulescu, Claus Brabrand, Márcio Ribeiro, and Andrzej Wasowski. Variability Bugs in Highly Configurable Systems: A Qualitative Analysis. In ACM Transactions on Software Engineering and Methodology (TOSEM'18), 2018.Google Scholar
- Mathieu Acher, Hugo Martin, Juliana Alves Pereira, Arnaud Blouin, Jean-Marc Jézéquel, Djamel Eddine Khelladi, Luc Lesoil, and Oliver Barais. Learning Very Large Configuration Spaces: What Matters for Linux Kernel Sizes. Technical Report hal-02314830, INRIA, October 2019.Google Scholar
- Mathieu Acher, Hugo Martin, Juliana Alves Pereira, Arnaud Blouin, Djamel Eddine Khelladi, and Jean-Marc Jézéquel. Learning From Thousands of Build Failures of Linux Kernel Configurations. Technical report, INRIA, June 2019.Google Scholar
- Mansour Alharthi, Hong Hu, Hyungon Moon, and Taesoo Kim. On the Effectiveness of Kernel Debloating via Compile-time Configuration. In Proceedings of the 1st Workshop on SoftwAre debLoating And Delayering, Amsterdam, Netherlands, July 2018.Google Scholar
- aobench. Ambient Occlusion Benchmark. https://github.com/gnzlbg/aobench, 2019.Google Scholar
- Armin Biere. Picosat essentials. JSAT, 4, 2008.Google Scholar
- Sol Boucher, Anuj Kalia, David G. Andersen, and Michael Kaminsky. Putting the "Micro" Back in Microservice. In Proceedings of the 2018 USENIX Annual Technical Conference (USENIX ATC '18), Boston, MA, USA, July 2018.Google Scholar
- Brendan Burns and David Oppenheimer. Design Patterns for Container-based Distributed Systems. In Proceedings of the 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud'16), Denver, CO, USA, June 2016.Google Scholar
- Cristian Cadar, Daniel Dunbar, and Dawson Engler. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI'08), San Diego, CA, USA, December 2008.Google Scholar
Digital Library
- Cristian Cadar and Koushik Sen. Symbolic Execution For Software Testing: Three Decades Later. Communications of the ACM, 56(2):82--90, February 2013.Google Scholar
Digital Library
- Yurong Chen, Shaowen Sun, Tian Lan, and Guru Venkataramani. TOSS: Tailoring Online Server Systems through Binary Feature Customization. In Proceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation (FEAST'18), Toronto, Canada, October 2018.Google Scholar
Digital Library
- Jonathan Corbet. A different approach to kernel configuration. https://lwn.net/Articles/733405/, September 2016.Google Scholar
- Christian Dietrich, Reinhard Tartler, Wolfgang Schröder-Preikschat, and Daniel Lohmann. A Robust Approach for Variability Extraction from the Linux Build System. In Proceedings of the 16th International Software Product Line Conference (SPLC'12), Salvador, Brazil, 2012.Google Scholar
Digital Library
- Alexia Emmanoulopoulou. infographic: How many people use Ubuntu? https://blog.ubuntu.com/2016/04/07/ubuntu-is-everywhere, April 2016.Google Scholar
- Dawson R. Engler, M. Frans Kaashoek, and James O'Toole Jr. Exokernel: An Operating System Architecture for Application-level Resource Management. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP'95), Copper Mountain, Colorado, USA, 1995.Google Scholar
- Kai Germaschewski and Sam Ravnborg. Kernel configuration and building in Linux 2.5. In Proceedings of the 2003 Linux Symposium, Ottawa, Ontario, Canada, July 2003.Google Scholar
- Patrice Godefroid, Nils Klarlund, and Koushik Sen. DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'05), Chicago, IL, USA, June 2005.Google Scholar
- Joseph M. Hellerstein, Jose Faleiro, Joseph E. Gonzalez, Johann Schleier-Smith, Vikram Sreekanti, Alexey Tumanov, and Chenggang Wu. Serverless Computing: One Step Forward, Two Steps Back. In Proceedings of the 8th Biennial Conference on Innovative Data Systems Research (CIDR'19), Asilomar, California, USA, January 2019.Google Scholar
- Kihong Heo, Woosuk Lee, Pardis Pashakhanloo, and Mayur Naik. Effective Program Debloating via Reinforcement Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS'18), Toronto, Canada, 2018.Google Scholar
Digital Library
- Arnaud Hubaux, Yingfei Xiong, and Krzysztof Czarnecki. A User Survey of Configuration Challenges in Linux and eCos. In Proceedings of 6th International Workshop on Variability Modeling of Software-intensive Systems (VaMoS'12), Leipzig, Germany, January 2012.Google Scholar
Digital Library
- Marko Ivankoviç, Goran Petroviç, René Just, and Gordon Fraser. Code Coverage at Google. In Proceedings of the 2019 12th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2019), Tallinn, Estonia, 2019.Google Scholar
Digital Library
- MSV Janakiram. 10 Reasons Why Ubuntu Is Killing It In The Cloud. https://www.forbes.com/sites/janakirammsv/2016/01/12/10-reasons-why-ubuntu-is-killing-it-in-the-cloud, January 2016.Google Scholar
- Yufei Jiang, Dinghao Wu, and Peng Liu. JRed: Program Customization and Bloatware Mitigation Based on Static Analysis. In 2016 IEEE 40th Annual Computer Software and Applications Conference, 2016.Google Scholar
- Eric Jonas, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, Joao Menezes Carreira, Karl Krauth, Neeraja Yadwadkar, Joseph Gonzalez, Raluca Ada Popa, Ion Stoica, and David A. Patterson. Cloud Programming Simplified: A Berkeley View on Serverless Computing. Technical Report UCB/EECS-2019--3, EECS Department, University of California, Berkeley, Feb 2019.Google Scholar
- Junghwan Kang. A Practical Approach of Tailoring Linux Kernel. In The Linux Foundation Open Source Summit North America, Los Angeles, CA, September 2017.Google Scholar
- Junghwan Kang. An Empirical Study of an Advanced Kernel Tailoring Framework. In The Linux Foundation Open Source Summit, Vancouver, BC, Canada, August 2018.Google Scholar
- Junghwan Kang. Linux Kernel Tailoring Framework. https://github.com/ultract/linux-kernel-tailoring-framework, August 2018.Google Scholar
- Antti Kantee and Justin Cormack. Rump Kernels: No OS? No Problem! ;login:, 39(5):11--17, 2014.Google Scholar
- kernel.org. Kconfig. https://www.kernel.org/doc/Documentation/kbuild/kconfig-language.txt, 2018.Google Scholar
- Avi Kivity, Dor Laor, Glauber Costa, Pekka Enberg, Nadav Har'El, Don Marti, and Vlad Zolotarov. OSV -- Optimizing the Operating System for Virtual Machines. In Proceedings of the 2014 USENIX Annual Technical Conference (USENIX ATC'14), Philadelphia, PA, USA, June 2014.Google Scholar
- George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks. Evaluating Fuzz Testing. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS'18), Toronto, Canada, 2018.Google Scholar
- Hsuan-Chi Kuo, Akshith Gunasekaran, Yeongjin Jang, Sibin Mohan, Rakesh B. Bobba, David Lie, and Jesse Walker. MultiK: A Framework for Orchestrating Multiple Specialized Kernels. arXiv:1903.06889, March 2019.Google Scholar
- Anil Kurmus, Reinhard Tartler, Daniela Dorneanu, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Wolfgang Schrö der-Preikschat, Daniel Lohmann, and Rü diger Kapitza. Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13), San Diego, CA, USA, February 2013.Google Scholar
- Che-Tai Lee, Zeng-Wei Hong, and Jim-Min Lin. Linux Kernel Customization for Embedded Systems By Using Call Graph Approach. In Proceedings of the 2003 Asia and South Pacific Design Automation Conference (ASP-DAC'03), Kitakyushu, Japan, January 2003.Google Scholar
- Chi-Tai Lee, Jim-Min Lin, Zeng-Wei Hong, and Wei-Tsong Lee. An Application-Oriented Linux Kernel Customization for Embedded Systems. Journal of Information Science and Engineering, 20(6), 2004.Google Scholar
- Anil Madhavapeddy, Richard Mortier, Charalampos Rotsos, David Scott, Balraj Singh, Thomas Gazagnaire, Steven Smith, Steven Hand, and Jon Crowcroft. Unikernels: Library Operating Systems for the Cloud. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'13), Houston, Texas, USA, 2013.Google Scholar
Digital Library
- Anil Madhavapeddy and David J. Scott. Unikernels: Rise of the Virtual Library Operating System. Communications of the ACM, 57(1):61--69, 2014.Google Scholar
Digital Library
- Linux man page. addr2line(1). https://linux.die.net/man/1/addr2line, 2019.Google Scholar
- Filipe Manco, Costin Lupu, Florian Schmidt, Jose Mendes, Simon Kuenzer, Sumit Sati, Kenichi Yasukata, Costin Raiciu, and Felipe Huici. My VM is Lighter (and Safer) Than Your Container. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP'17), Shanghai, China, October 2017.Google Scholar
Digital Library
- Valentin J.M. Manés, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. The Art, Science, and Engineering of Fuzzing: A Survey. arXiv:1812.00140, April 2019.Google Scholar
- Sarah Nadi, Thorsten Berger, Christian K"astner, and Krzysztof Czarnecki. Mining Configuration Constraints: Static Analyses and Empirical Results. In Proceedings of the 36th International Conference on Software Engineering (ICSE'14), Hyderabad, India, 2014.Google Scholar
- Pierre Olivier, Daniel Chiba, Stefan Lankes, Changwoo Min, and Binoy Ravindran. A Binary-Compatible Unikernel. In Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE'19), Providence, Rhode Island, USA, April 2019.Google Scholar
- Leonardo Passos, Rodrigo Queiroz, Mukelabai Mukelabai, Thorsten Berger, Sven Apel, Krzysztof Czarnecki, and Jesus Padilla. A Study of Feature Scattering in the Linux Kernel. In IEEE Transactions on Software Engineering (TSE), 2018.Google Scholar
- Nicolas Pitre. LWN: Shrinking the kernel with a hammer. https://lwn.net/Articles/748198/, 2018.Google Scholar
- Nicolas Pitre. LWN: Shrinking the kernel with an axe. https://lwn.net/Articles/746780/, 2018.Google Scholar
- Nicolas Pitre. LWN: Shrinking the kernel with link-time garbage collection. https://lwn.net/Articles/741494/, 2018.Google Scholar
- Nicolas Pitre. LWN: Shrinking the kernel with link-time optimization. https://lwn.net/Articles/744507/, 2018.Google Scholar
- Chenxiong Qian, Hong Hu, Mansour Alharthi, Pak Ho Chung, Taesoo Kim, and Wenke Lee. RAZOR: A Framework for Post-deployment Software Debloating. In Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, USA, August 2019.Google Scholar
- Anh Quach, Aravind Prakash, and Lok Yan. Debloating Software through Piece-Wise Compilation and Loading. In Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA, August 2018.Google Scholar
Digital Library
- Vaibhav Rastogi, Drew Davidson, Lorenzo De Carli, Somesh Jha, and Patrick McDaniel. Cimplifier: Automatically Debloating Containers. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017), Paderborn, Germany, 2017.Google Scholar
- Neil Savage. Going Serverless. Communications of the ACM, 61(2), February 2018.Google Scholar
- Alberto Savoia. Code coverage goal: 80% and no less! https://testing.googleblog.com/2010/07/code-coverage-goal-80-and-no-less.html, July 2010.Google Scholar
- Koushik Sen, Darko Marinov, and Gul Agha. CUTE: A Concolic Unit Testing Engine for C. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE'05), Lisbon, Portugal, September 2005.Google Scholar
Cross Ref
- Hashim Sharif, Muhammad Abubakar, Ashish Gehani, and Fareed Zaffar. TRIMMER: Application Specialization for Code Debloating. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE '18), Montpellier, France, September 2018.Google Scholar
- Steven She and Thorsten Berger. Formal Semantics of the Kconfig Language. Technical report, Electrical and Computer Engineering, University of Waterloo, Canada, January 2010. Technical Note.Google Scholar
- Klaus Stengel, Florian Schmaus, and Rü diger Kapitza. EsseOS: Haskell-based Tailored Services for the Cloud. In Proceedings of the 12th International Workshop on Adaptive and Reflective Middleware (ARM'13), Beijing, China, December 2013.Google Scholar
- Chengnian Sun, Yuanbo Li, Qirun Zhang, Tianxiao Gu, and Zhendong Su. Perses: Syntax-guided Program Reduction. In In Proceedings of the 40th International Conference on Software Engineering (ASE'18), 2018.Google Scholar
- Reinhard Tartler, Anil Kurmus, Bernhard Heinloth, Valentin Rothberg, Andreas Ruprecht, Daniela Dorneanu, Rüdiger Kapitza, Wolfgang Schröder-Preikschat, and Daniel Lohmann. Automatic OS Kernel TCB Reduction by Leveraging Compile-time Configurability. In Proceedings of the 8th USENIX Conference on Hot Topics in System Dependability (HotDep'12), Hollywood, CA, 2012.Google Scholar
- Reinhard Tartler, Daniel Lohmann, Julio Sincero, and Wolfgang Schröder-Preikschat. Feature Consistency in Compile-time-configurable System Software: Facing the Linux 10,000 Feature Problem. In Proceedings of the Sixth Conference on Computer Systems (Eurosys'11), Salzburg, Austria, April 2011.Google Scholar
Digital Library
- Chia-Che Tsai, Kumar Saurabh Arora, Nehal Bandi, Bhushan Jain, William Jannen, Jitin John, Harry A. Kalodner, Vrushali Kulkarni, Daniela Oliveira, and Donald E. Porter. Cooperation and Security Isolation of Library OSes for Multi-process Applications. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys'14), Amsterdam, The Netherlands, 2014.Google Scholar
Digital Library
- Chia-Che Tsai, Bhushan Jain, Nafees Ahmed Abdul, and Donald E. Porter. A Study of Modern Linux API Usage and Compatibility: What to Support When You're Supporting. In Proceedings of the 11th European Conference on Computer Systems (EuroSys'16), London, UK, 2016.Google Scholar
Digital Library
- Bart Veer and John Dallaway. The eCos component writer's guide. Available: ecos. sourceware. org/ecos/docs-latest/cdl-guide/cdlguide. html, 2000.Google Scholar
- Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, and Rukma Talwadker. Hey, You Have Given Me Too Many Knobs! Understanding and Dealing with Over-Designed Configuration in System Software. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'15), Bergamo, Italy, August 2015.Google Scholar
Digital Library
- Tianyin Xu, Vineet Pandey, and Scott Klemmer. An HCI View of Configuration Problems. arXiv:1601.01747, January 2016.Google Scholar
- Tianyin Xu and Yuanyuan Zhou. Systems Approaches to Tackling Configuration Errors: A Survey. ACM Computing Surveys (CSUR), 47(4), July 2015.Google Scholar
- Lamia M. Youseff, Richard Wolski, and Chandra Krintz. Linux Kernel Specialization for Scientific Application Performance. Technical Report 2005--29, University of California Santa Barbara, 2005.Google Scholar
Index Terms
Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating
Recommendations
Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating
SIGMETRICS '20: Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer SystemsThis paper presents a study on the practicality of operating system (OS) kernel debloating---reducing kernel code that is not needed by the target applications---in real-world systems. Despite their significant benefits regarding security (attack ...
Adapting Linux for mobile platforms: An empirical study of Android
ICSM '12: Proceedings of the 2012 IEEE International Conference on Software Maintenance (ICSM)To deliver a high quality software system in a short release cycle time, many software organizations chose to reuse existing mature software systems. Google has adapted one of the most reused computer operating systems (i.e., Linux) into an operating ...
FusedOS: Fusing LWK Performance with FWK Functionality in a Heterogeneous Environment
SBAC-PAD '12: Proceedings of the 2012 IEEE 24th International Symposium on Computer Architecture and High Performance ComputingTraditionally, there have been two approaches to providing an operating environment for high performance computing (HPC). A Full-Weight Kernel(FWK) approach starts with a general-purpose operating system and strips it down to better scale up across more ...






Comments