Efficient Kernel Partitioning

The operating system (OS) kernel forms the foundation of a system, and is often assumed to be the trusted computing base (TCB) for many higher level security mechanisms. Unfortunately, there have been attacks on OS kernel that compromise the security of the entire system. In the case of monolithic kernels, its lack of isolation results in a flat and wide attack surface, hence making it an attractive attack target. Attack surface reduction is one of the promising techniques for mitigating such attacks. In this work, we aim to harden the security of monolithic kernels by reducing its attack surface via kernel partitioning. Our goal is to implement a practical kernel partitioning technique that has reasonably low overhead. The research aims at investigating kernel partitioning techniques by leveraging the recent developments in hardware to strike a balance between overhead and accuracy/precision.