Securing Monolithic Kernels using Compartmentalization
Soo Yee Lim, Sidhartha Agrawal, Xueyuan Han, David Eyers, Dan O'Keeffe, Thomas Pasquier
TL;DR
This work addresses the security gaps in monolithic kernels by proposing kernel compartmentalization as a practical path forward. It introduces a two-architecture taxonomy—sandbox and safebox—and a framework for identifying boundaries and enforcing isolation, along with a synthesis of two decades of related research. The authors critique current evaluation methodologies and advocate standardized benchmarks to enable meaningful comparisons, while highlighting emerging hardware (e.g., CHERI, CET) that could substantially reduce overhead. The findings suggest that incremental, hardware-assisted compartmentalization can make existing kernels safer with manageable engineering effort, guiding future research toward more rigorous, comparable assessments and adoption in production systems.
Abstract
Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device drivers), can cause the entire operating system to fall under an attacker's control. Kernel hardening techniques might prevent certain types of vulnerabilities, but they fail to address a fundamental weakness: the lack of intra-kernel security that safely isolates different parts of the kernel. We survey kernel compartmentalization techniques that define and enforce intra-kernel boundaries and propose a taxonomy that allows the community to compare and discuss future work. We also identify factors that complicate comparisons among compartmentalized systems, suggest new ways to compare future approaches with existing work meaningfully, and discuss emerging research directions.