Lightweight Capability Domains: Decomposing the Linux Kernel
نویسنده
چکیده
Even after decades of work to make monolithic kernels more secure, serious vulnerabilities in them are still reported every year. Because the entire monolithic kernel is in one address space, an attacker is just one vulnerability away from owning the entire machine. We argue that it is time to decompose monolithic kernels like Linux into smaller parts that run in isolated compartments and communicate using secure interfaces. We think this is timely due to recent trends in hardware that make it easier and efficient to isolate kernel components. In this work, we describe our initial steps toward this goal. We implemented a small microkernel module that is installed in Linux and manages Lightweight Capability Domains (LCDs) that are implemented using hardware virtual machines. We describe our implementation and the challenges we encountered in attempting to run unmodified kernel code in isolation.
منابع مشابه
A Performance Comparison of Linux and a Lightweight Kernel
In this paper, we compare running the Linux operating system on the compute nodes of ASCI Red hardware to running a specialized, highly-optimized lightweight kernel (LWK) operating system. We have ported Linux to the compute and service nodes of the ASCI Red supercomputer, and have run several benchmarks. We present performance and scalability results for Linux compared with the LWK environment...
متن کاملRecent Trends in Operating Systems and their Applicability to HPC∗†
In this paper we consider recent trends in operating systems and discuss their applicability to high performance computing systems. In particular, we will consider the relationship between lightweight kernels, hypervisors, microkernels, modular kernels, and approaches to building systems with a single system image. We then describe how the Catamount lightweight kernel can be extended to support...
متن کاملkIDL: Interface Definition Language for the Kernel
This project is part of a larger project whose goal is to decompose the Linux kernel. The Linux kernel is a sharedmemory environment, and decomposing the Linux kernel provides security by confining the effects of attacks. The Lightweight Capability Domains project [6] is decomposing the Linux kernel into a share-nothing environment. In this environment, subsystems which previously existed in a ...
متن کاملNano-kernel: a dynamically reconfigurable kernel for WSN
The Wireless Sensor Networks (WSN) have received considerable research attention in recent time. The sensor devices of a WSN are severely resource constrained having a very limited operational lifetime. Such sensor devices have to adapt to the changing environment at deployment site and need dynamic reconfiguration. The operating systems supporting the sensor devices should be capable of realiz...
متن کاملKVM for ARM
As ARM CPUs grow in performance and ubiquity across phones, netbooks, and embedded computers, providing virtualization support for ARM-based devices is increasingly important. We present KVM/ARM, a KVM-based virtualization solution for ARM-based devices that can run virtual machines with nearly unmodified operating systems. Because ARM is not virtualizable, KVM/ARM uses lightweight paravirtuali...
متن کامل