Efficient Kernel Partitioning

The operating system (OS) kernel forms the foundation of a system, and is often assumed to be the trusted computing base (TCB) for many higher level security mechanisms. Unfortunately, there have been attacks on OS kernel that compromise the security of the entire system. In the case of monolithic kernels, its lack of isolation results in a flat and wide attack surface, hence making it an attractive attack target. Attack surface reduction is one of the promising techniques for mitigating such attacks. In this work, we aim to harden the security of monolithic kernels by reducing its attack surface via kernel partitioning. Our goal is to implement a practical kernel partitioning technique that has reasonably low overhead. The research aims at investigating kernel partitioning techniques by leveraging the recent developments in hardware to strike a balance between overhead and accuracy/precision.

Who will benefit?

The inter-disciplinary doctoral graduates trained within the CDT will play a key role in addressing the acute shortage of highly skilled workers in this area, hence meeting industry and government needs. The research they will conduct in the CDT and their future work will strongly impact industry, government, academia and society. Industrial applications cover those involving large-scale, socio-technical infrastructures where resilience-at-scale is a fundamental need, such as, intelligent transportation, finance, digital healthcare, energy generation & distribution and advanced manufacturing. The globally unique capacity focusing on TIPS-at-Scale will position the UK as a world-leader, offering major economic benefits by ensuring that the UK is a safe place in which to do business, and social benefits in terms of security and privacy of the individual.

More specifically, the CDT's research and training programme will provide graduates with capabilities to address socio-technical challenges of TIPS-at-Scale, including understanding of user and adversarial behaviours. This is of major importance to digital infrastructure providers, government agencies and law enforcement agencies. This is in addition to the wider business and health sectors where the protection of data and the physical processes controlled by large-scale infrastructure is vital. Research on resilience in partially-trusted environments will lead to new architectures and new technologies to significantly enhance integrity and resilience, including new authentication methods and trust models. Research on empirically-grounded assurances for TIPS will break new ground by providing new interdisciplinary techniques and design principles to underpin infrastructures of the future. Last, but by no means least, by embedding Responsible Innovation into the programme throughout, the CDT ensures that TIPS-at-Scale approaches take a values-based view that considers TIPS across the full lifecycle of digital infrastructures: from conception to design, implementation and deployment through to maintenance, evolution and decommissioning. Such a Responsible Innovation approach will benefit society-at-large.

How will they benefit?

There is a critical need within the UK for a new breed of researchers and future leaders, equipped with a breadth of interdisciplinary skills to tackle TIPS issues at play in future infrastructures and a depth of knowledge, drawing upon interdisciplinary skills, to develop novel and innovative solutions to address TIPS-at-Scale. The CDT will produce a pipeline of such researchers and leaders trained to PhD level. It will build on very strong existing links with organisations such as Vodafone, Google, HP, Airbus , Thales, Symantec, IBM, Babcock, NCC Group, Altran, Wessex Water, Cybernetica and Embecosm, all of which have contributed to co-creation of the CDT and are committed to close engagement with it. Both universities will use their business development teams to further engage with these and other relevant organisations. Major opportunities for generating economic and societal benefits exist with the planned Temple Quarter Enterprise Campus of University of Bristol (due to open in 2021) - with a focus on co-creation of a suite of PG training programmes with industry - and the Bath Innovation Centre. The CDT will also leverage the various impact channels of the three EPSRC-NCSC Research Institutes, the PETRAS Hub and the CREST Centre in which the two Universities play a major role. Both universities already have research and PhD studentships directly funded by industry and agencies such as DSTL, NCSC and GCHQ as well as iCASE awards hence close relationships already exist to maximise impact. The CDT will also organise public debates and social media campaigns to encourage public participation and shaping of TIPS-at-scale discussions and solutions.