Networked PCs are critical to the success of data-driven missions, and the complex software they execute is both the source of their power and their primary vulnerability. Applications and services are often composed of multiple software components developed by different vendors or open source communities—any of which may introduce a vulnerability. To help minimize the damage of potential exploitation of such vulnerabilities, data must not be allowed to flow freely between all components running on a system. To improve application security and minimize damage done by malicious or faulty code, we propose to design and develop a multikernel OS, which will provide a hardware-based memory isolation scheme that allows fine-grained control over data flow between OS components. Our lightweight virtualization solution provides component isolation and fault recovery without the overhead associated with more traditional heavyweight virtualization approaches. The multikernel will distribute components among sandboxed kernels with an efficient heuristic algorithm that balances isolation and performance. Faulty sandboxed kernels will be dynamically recoverable without a full system reboot. Finally, we will design techniques to proactively detect components at risk of fault, so they can be highlighted for extra attention.
Benefit: We expect the full-scope multikernel OS to have immediate and tangible benefit for a number of military computing systems. In particular, the framework will help networked systems fight through cyber attacks. The technologies developed under this effort will enhance the effectiveness of existing secure OS tools by incorporating the component-based isolation techniques. The multikernel OS will also be the basis for a secure and predictable next-generation OS with commercial and military applications.
Keywords: Fault Isolation, Fault Prediction, Fault Recovery, Multikernel, Multicore, Cyber Defense
