English

Securing Operating Systems Through Fine-grained Kernel Access Limitation for IoT Systems

Cryptography and Security 2025-10-07 v1

Abstract

With the development of Internet of Things (IoT), it is gaining a lot of attention. It is important to secure the embedded systems with low overhead. The Linux Seccomp is widely used by developers to secure the kernels by blocking the access of unused syscalls, which introduces less overhead. However, there are no systematic Seccomp configuration approaches for IoT applications without the help of developers. In addition, the existing Seccomp configuration approaches are coarse-grained, which cannot analyze and limit the syscall arguments. In this paper, a novel static dependent syscall analysis approach for embedded applications is proposed, which can obtain all of the possible dependent syscalls and the corresponding arguments of the target applications. So, a fine-grained kernel access limitation can be performed for the IoT applications. To this end, the mappings between dynamic library APIs and syscalls according with their arguments are built, by analyzing the control flow graphs and the data dependency relationships of the dynamic libraries. To the best of our knowledge, this is the first work to generate the fine-grained Seccomp profile for embedded applications.

Keywords

Cite

@article{arxiv.2510.03737,
  title  = {Securing Operating Systems Through Fine-grained Kernel Access Limitation for IoT Systems},
  author = {Dongyang Zhan and Zhaofeng Yu and Xiangzhan Yu and Hongli Zhang and Lin Ye and Likun Liu},
  journal= {arXiv preprint arXiv:2510.03737},
  year   = {2025}
}

Comments

14 pages, 3 figures. Accepted for publication in IEEE Internet of Things Journal (IOTJ), 2023

R2 v1 2026-07-01T06:16:57.154Z