HyperKRP: A Kernel Runtime Security Architecture with A Tiny Hypervisor on Commodity Hardware

The large body of kernel code provides broad attack surfaces to exploitable bugs or misconfigurations. Current mitigations are difficult to be integrated together or have a non-trivial performance or code size impact. Thus, systematical protection for the kernel is of critical importance and is required. In this paper, we propose a kernel runtime security architecture, called HyperKRP, to provide systematical protection for kernel code, critical kernel data, and efficient kernel page tables. We have implemented a fully working prototype for a recent Linux kernel running on the Intel x86 processor. Our prototype is compromised of three protection engines based on a small size hypervisor. The evaluation shows that HyperKRP effectively ensures kernel runtime security with acceptable overhead.