Kernel Address Space Isolation Is Still Being Explored For Better Security

Written by Michael Larabel in Linux Security on 2 November 2019 at 07:12 PM EDT. 1 Comment
LINUX SECURITY
IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated.

Mike Rapoport and James Bottomley presented at this week's Open-Source Summit Europe in France on Address Space Isolation within the kernel compared to the current structure of the kernel using a single address space. The still in-progress A.S.I. patches could allow for certain kernel contexts like the Kernel-based Virtual Machine (KVM) to have a separate address space to reduce the exposure of sensitive data.

Kernel Address Space Isolation was proposed earlier this year but its impact is still to be fully evaluated in terms of the impact on code complexity and overall security benefits as well as performance. As such, this functionality isn't coming to a near-term kernel release but those wanting to find out more can do so via this PDF slide deck from the presentation.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week