

A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel [pdf] - adamnemecek
http://split.kernel.build/papers/ccs14.pdf

======
groupmonoid
Abstract from the pdf:

Software security practitioners are often torn between choosing performance or
security. In particular, OS kernels are sensitive to the smallest performance
regressions. This makes it difficult to develop innovative kernel hardening
mechanisms: they may inevitably incur some run-time performance overhead.
Here, we propose building kernel function with and without hardening, within a
single split kernel. In particular, this allows trusted processes to be run
under unmodified kernel code, while system calls of untrusted processes are
directed to the hardened kernel code. We show such trusted processes run with
no overhead when compared to an unmodified kernel. This allows deferring the
decision of making use of hardening to the run-time. This means kernel
distributors, system administrators and users can selectively enable hardening
according to their needs: we give examples of such cases. Although this
approach cannot be directly applied to arbitrary kernel hardening mechanisms,
we show cases where it can. Finally, our implementation in the Linux kernel
requires few changes to the kernel sources and no application source changes.
Thus, it is both maintainable and easy to use.

