conclusion.tex

\section{Conclusion}
\label{sec.conclusion}

In this paper, we proposed a new security metric based on quantitative measures
of kernel code execution when running user applications.
Our metric evaluates if the lines of kernel code executed have the potential to
trigger zero-day bugs.
Our key discovery is that popular kernel paths contain significantly fewer bugs
than other paths.
Based on this insight, we devise a new design for a secure virtual machine called \lip.
As the name implies, the design scheme locks away access to all
kernel code except that found in paths frequently used by
popular programs. We test the \lip idea by implementing a prototype virtual machine
called Lind, which features a minimized TCB and prevents direct access to application
calls from less-used, riskier paths.
Instead, Lind supports complex system calls by securely re-creating
essential OS functionality inside a sandbox.
In tests against Docker, LXC, and Graphene, Lind emerged as the most effective
system in preventing zero-day Linux kernel bugs.

So that other researchers may replicate our results, we make all of the kernel
trace data, benchmark data, and source code for this paper available \cite{Lind}.