"Dangerous System Calls"


System call interface is rich enough to be called "attack surface"

This is not a new idea:

- take away system calls which a program won't need to call


The Problem

Commonplace library routines call a wide variety of system calls




But first, previous work by others...