Date Added: Sep 2012
The Linux kernel can be a threat to the dependability of systems because of its sheer size. A simple approach to produce smaller kernels is to manually configure the Linux kernel. However, the more than 11;000 configuration options available in recent Linux versions render this a demanding task. The authors report on designing and implementing the first automated generation of a workload-tailored kernel configuration and discuss the security gains such an approach offers in terms of reduction of the Trusted Computing Base (TCB) size. Their results show that the approach prevents the inclusion of 10% of functions known to be vulnerable in the past.