AUTOMATED AND DYNAMIC SYSTEM CALL SEALING

AUTOMATED AND DYNAMIC SYSTEM CALL SEALING

Systems and methods for automatically generating a secure image with a reduced or minimal set of system calls (syscalls) required by an application to run. A method includes the steps of receiving as input a configuration file specifying one or more image parameters to vary; generating a set of one...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Santhanam, Sharan, Huici, Felipe
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Systems and methods for automatically generating a secure image with a reduced or minimal set of system calls (syscalls) required by an application to run. A method includes the steps of receiving as input a configuration file specifying one or more image parameters to vary; generating a set of one or more unikernel images, or experiment images, each unikernel image including a specification of how to build the image and how to run the image, each unikernel image based on one of the one or more image parameters; populating a run queue with the one or more unikernel images; and iteratively: executing each of the one or more unikernel images in a host virtual machine; and monitoring, at run-time, a usage of syscalls in the executing image to identify syscalls actually used at any point in time during the executing.