{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,11]],"date-time":"2025-11-11T22:31:26Z","timestamp":1762900286932,"version":"3.41.0"},"reference-count":23,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2022,4,1]],"date-time":"2022-04-01T00:00:00Z","timestamp":1648771200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CCF-1816615, CCF-2029049, CNF-1956007"],"award-info":[{"award-number":["CCF-1816615, CCF-2029049, CNF-1956007"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ONS","award":["N00014-17-S-B010"],"award-info":[{"award-number":["N00014-17-S-B010"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2022,4]]},"abstract":"<jats:p>This paper presents a study on the practicality of operating system (OS) kernel debloating, that is, reducing kernel code that is not needed by the target applications. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot time and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are not widely adopted in practice, especially in production environments. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, such as both accidental and essential ones. To understand these limitations, we build an advanced debloating framework named Cozart that enables us to conduct a number of experiments on different types of OS kernels (such as Linux and the L4 microkernel) with a wide variety of applications (such as HTTPD, Memcached, MySQL, NGINX, PHP, and Redis). Our experimental results reveal the challenges and opportunities in making OS kernel debloating practical. We share these insights and our experience to shed light on addressing the limitations of kernel debloating techniques in future research and development efforts.<\/jats:p>","DOI":"10.1145\/3524301","type":"journal-article","created":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T16:42:04Z","timestamp":1650904924000},"page":"101-109","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Set the configuration for the heart of the OS"],"prefix":"10.1145","volume":"65","author":[{"given":"Hsuan-Chi","family":"Kuo","sequence":"first","affiliation":[{"name":"University of Illinois, Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianyan","family":"Chen","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sibin","family":"Mohan","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianyin","family":"Xu","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,4,25]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"FIASCO\n  : The L4Re microkernel. http:\/\/os.inf.tu-dresden.de\/fiasco. Retrieved on October 2019.  FIASCO: The L4Re microkernel. http:\/\/os.inf.tu-dresden.de\/fiasco. Retrieved on October 2019."},{"key":"e_1_2_1_2_1","volume-title":"Secure and fast microVMs for serverless computing. https:\/\/firecracker-microvm.github.io\/. Retrieved on","author":"Firecracker","year":"2019","unstructured":"Firecracker : Secure and fast microVMs for serverless computing. https:\/\/firecracker-microvm.github.io\/. Retrieved on October 2019 . Firecracker: Secure and fast microVMs for serverless computing. https:\/\/firecracker-microvm.github.io\/. Retrieved on October 2019."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20)","author":"Agache A.","year":"2020","unstructured":"Agache , A. , Brooker , M. , Iordache , A. , Liguori , A. , Neugebauer , R. , Piwonka , P. , Popa , D.-M. Firecracker : lightweight virtualization for serverless applications . In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20) (Santa Clara, CA , February 2020 ). Agache, A., Brooker, M., Iordache, A., Liguori, A., Neugebauer, R., Piwonka, P., Popa, D.-M. Firecracker: lightweight virtualization for serverless applications. In Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20) (Santa Clara, CA, February 2020)."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the 1st Workshop on SoftwAre debLoating And Delayering","author":"Alharthi M.","year":"2018","unstructured":"Alharthi , M. , Hu , H. , Moon , H. , Kim , T. On the effectiveness of kernel debloating via compile-time configuration . In Proceedings of the 1st Workshop on SoftwAre debLoating And Delayering ( Amsterdam, Netherlands , July 2018 ). Alharthi, M., Hu, H., Moon, H., Kim, T. On the effectiveness of kernel debloating via compile-time configuration. In Proceedings of the 1st Workshop on SoftwAre debLoating And Delayering (Amsterdam, Netherlands, July 2018)."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.3233\/SAT190039"},{"key":"e_1_2_1_6_1","volume-title":"A different approach to kernel configuration","author":"Corbet J.","year":"2016","unstructured":"Corbet , J. A different approach to kernel configuration , 2016 . https:\/\/lwn.net\/Articles\/733405\/. Corbet, J. A different approach to kernel configuration, 2016. https:\/\/lwn.net\/Articles\/733405\/."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2362536.2362544"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 24th Symposium on Operating System Principles (SOSP'13)","author":"Elphinstone K.","year":"2013","unstructured":"Elphinstone , K. , Heiser , G. From L3 to seL4 what have we learnt in 20 years of L4 microkernels? In Proceedings of the 24th Symposium on Operating System Principles (SOSP'13) (Farmington, PA, November 2013 ). Elphinstone, K., Heiser, G. From L3 to seL4 what have we learnt in 20 years of L4 microkernels? In Proceedings of the 24th Symposium on Operating System Principles (SOSP'13) (Farmington, PA, November 2013)."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110147.2110164"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3340459"},{"key":"e_1_2_1_12_1","volume-title":"CA","author":"Kang J.","year":"2017","unstructured":"Kang , J. A practical approach of tailoring Linux kernel. In The Linux Foundation Open Source Summit North America (Los Angeles , CA , September 2017 ). Kang, J. A practical approach of tailoring Linux kernel. In The Linux Foundation Open Source Summit North America (Los Angeles, CA, September 2017)."},{"key":"e_1_2_1_13_1","volume-title":"BC","author":"Kang J.","year":"2018","unstructured":"Kang , J. An empirical study of an advanced kernel tailoring framework. In The Linux Foundation Open Source Summit (Vancouver , BC , Canada , August 2018 ). Kang, J. An empirical study of an advanced kernel tailoring framework. In The Linux Foundation Open Source Summit (Vancouver, BC, Canada, August 2018)."},{"key":"e_1_2_1_14_1","unstructured":"kernel.org. Kconfig 2018. https:\/\/www.kernel.org\/doc\/Documentation\/kbuild\/kconfig-language.txt.  kernel.org. Kconfig 2018. https:\/\/www.kernel.org\/doc\/Documentation\/kbuild\/kconfig-language.txt."},{"key":"e_1_2_1_15_1","volume-title":"MultiK: A framework for orchestrating multiple specialized kernels. arXiv:1903.06889","author":"Kuo H.","year":"2019","unstructured":"Kuo , H. , Gunasekaran , A. , Jang , Y. , Mohan , S. , Bobba , R.B. , Lie , D. , Walker , J. MultiK: A framework for orchestrating multiple specialized kernels. arXiv:1903.06889 ( 2019 ). Kuo, H., Gunasekaran, A., Jang, Y., Mohan, S., Bobba, R.B., Lie, D., Walker, J. MultiK: A framework for orchestrating multiple specialized kernels. arXiv:1903.06889 (2019)."},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13)","author":"Kurmus A.","year":"2013","unstructured":"Kurmus , A. , Tartler , R. , Dorneanu , D. , Heinloth , B. , Rothberg , V. , Ruprecht , A. , Schr\u00f6der-Preikschat , W. , Lohmann , D. , Kapitza , R. Attack surface metrics and automated compile-time os kernel tailoring . In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13) (San Diego, CA, USA , February 2013 ). Kurmus, A., Tartler, R., Dorneanu, D., Heinloth, B., Rothberg, V., Ruprecht, A., Schr\u00f6der-Preikschat, W., Lohmann, D., Kapitza, R. Attack surface metrics and automated compile-time os kernel tailoring. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS'13) (San Diego, CA, USA, February 2013)."},{"key":"e_1_2_1_17_1","first-page":"6","article-title":"An application-oriented Linux kernel customization for embedded systems","volume":"20","author":"Lee C.-T.","year":"2004","unstructured":"Lee , C.-T. , Lin , J.-M. , Hong , Z.-W. , Lee , W.-T . An application-oriented Linux kernel customization for embedded systems . J. Inf. Sci. Eng. 20 , 6 ( 2004 ), 1093--1107. Lee, C.-T., Lin, J.-M., Hong, Z.-W., Lee, W.-T. An application-oriented Linux kernel customization for embedded systems. J. Inf. Sci. Eng. 20, 6 (2004), 1093--1107.","journal-title":"J. Inf. Sci. Eng."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132763"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2884911"},{"key":"e_1_2_1_20_1","volume-title":"Shrinking the kernel with an axe","author":"Pitre N.","year":"2018","unstructured":"Pitre , N. Shrinking the kernel with an axe , 2018 . https:\/\/lwn.net\/Articles\/746780\/. Pitre, N. Shrinking the kernel with an axe, 2018. https:\/\/lwn.net\/Articles\/746780\/."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541583.2541587"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901318.2901341"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786852"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517349.2522727"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3524301","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3524301","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3524301","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:56Z","timestamp":1750188656000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3524301"}},"subtitle":["on the practicality of operating system kernel debloating"],"short-title":[],"issued":{"date-parts":[[2022,4]]},"references-count":23,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["10.1145\/3524301"],"URL":"https:\/\/doi.org\/10.1145\/3524301","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"type":"print","value":"0001-0782"},{"type":"electronic","value":"1557-7317"}],"subject":[],"published":{"date-parts":[[2022,4]]},"assertion":[{"value":"2022-04-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}