Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ASPLOS
2015
ACM
2015
ACM
Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation
Monolithic operating system designs undermine the security of computing systems by allowing single exploits anywhere in the kernel to enjoy full supervisor privilege. The nested kernel operating system architecture addresses this problem by “nesting” a small isolated kernel within a traditional monolithic kernel. The “nested kernel” interposes on all updates to virtual memory translations to assert protections on physical memory, thus significantly reducing the trusted computing base for memory access control enforcement. We incorporated the nested kernel architecture into FreeBSD on x86-64 hardware while allowing the entire operating system, including untrusted components, to operate at the highest hardware privilege level by write-protecting MMU translations and de-privileging the untrusted part of the kernel. Our implementation inherently enforces kernel code integrity while still allowing dynamically loaded kernel modules, thus defending against code injection attacks. We...
Real-time Traffic| Added | 16 Apr 2016 |
| Updated | 16 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | ASPLOS |
| Authors | Nathan Dautenhahn, Theodoros Kasampalis, Will Dietz, John Criswell, Vikram S. Adve |
Comments (0)
Researcher Info
|
