Saved in:
Bibliographic Details
Main Authors: Zhan, Dongyang, Yu, Zhaofeng, Yu, Xiangzhan, Zhang, Hongli, Ye, Lin, Liu, Likun
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.03737
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914075279097856
author Zhan, Dongyang
Yu, Zhaofeng
Yu, Xiangzhan
Zhang, Hongli
Ye, Lin
Liu, Likun
author_facet Zhan, Dongyang
Yu, Zhaofeng
Yu, Xiangzhan
Zhang, Hongli
Ye, Lin
Liu, Likun
contents With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the access of unused syscalls, which introduces less overhead. However, there are no systematic Seccomp configuration approaches for IoT applications without the help of developers. In addition, the existing Seccomp configuration approaches are coarse-grained, which cannot analyze and limit the syscall arguments. In this paper, a novel static dependent syscall analysis approach for embedded applications is proposed, which can obtain all of the possible dependent syscalls and the corresponding arguments of the target applications. So, a fine-grained kernel access limitation can be performed for the IoT applications. To this end, the mappings between dynamic library APIs and syscalls according with their arguments are built, by analyzing the control flow graphs and the data dependency relationships of the dynamic libraries. To the best of our knowledge, this is the first work to generate the fine-grained Seccomp profile for embedded applications.
format Preprint
id arxiv_https___arxiv_org_abs_2510_03737
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Securing Operating Systems Through Fine-grained Kernel Access Limitation for IoT Systems
Zhan, Dongyang
Yu, Zhaofeng
Yu, Xiangzhan
Zhang, Hongli
Ye, Lin
Liu, Likun
Cryptography and Security
With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the access of unused syscalls, which introduces less overhead. However, there are no systematic Seccomp configuration approaches for IoT applications without the help of developers. In addition, the existing Seccomp configuration approaches are coarse-grained, which cannot analyze and limit the syscall arguments. In this paper, a novel static dependent syscall analysis approach for embedded applications is proposed, which can obtain all of the possible dependent syscalls and the corresponding arguments of the target applications. So, a fine-grained kernel access limitation can be performed for the IoT applications. To this end, the mappings between dynamic library APIs and syscalls according with their arguments are built, by analyzing the control flow graphs and the data dependency relationships of the dynamic libraries. To the best of our knowledge, this is the first work to generate the fine-grained Seccomp profile for embedded applications.
title Securing Operating Systems Through Fine-grained Kernel Access Limitation for IoT Systems
topic Cryptography and Security
url https://arxiv.org/abs/2510.03737