LXDs - Towards Isolation of Kernel Subsystems

Explore a conference talk from USENIX ATC '19 that delves into Lightweight Execution Domains (LXDs) as a solution for isolating kernel subsystems. Learn about the security challenges faced by modern monolithic operating systems and how LXDs aim to confine the effects of exploits to individual kernel subsystems. Discover the difficulties in introducing isolation to kernels, including hardware limitations and kernel complexity. Examine the implementation of LXDs in performance-critical device drivers within the Linux kernel, and understand their potential to enhance kernel security with minimal modifications and overhead. Gain insights into the development of more secure operating system architectures and the ongoing efforts to mitigate kernel vulnerabilities.

Introduction
Why are kernels vulnerable
Challenges
Ideal
Asynchronous
Asynchronous Runtime
Device Drivers
Hardware Drivers
Limitations