Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Microkernel
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security == The security benefits of microkernels have been frequently discussed.<ref>{{cite web | author-link = Andrew S. Tanenbaum | last = Tanenbaum | first = Andrew S. | url = http://www.cs.vu.nl/~ast/reliable-os/ | title = Tanenbaum-Torvalds debate, part II }}</ref><ref>Tanenbaum, A., Herder, J. and Bos, H. (May 2006).</ref> In the context of security the minimality principle of microkernels is, some have argued, a direct consequence of the [[principle of least privilege]], according to which all code should have only the privileges needed to provide required functionality. Minimality requires that a system's [[trusted computing base]] (TCB) should be kept minimal. As the kernel (the code that executes in the privileged mode of the hardware) has unvetted access to any data and can thus violate its integrity or confidentiality, the kernel is always part of the TCB. Minimizing it is natural in a security-driven design. Consequently, microkernel designs have been used for systems designed for high-security applications, including [[KeyKOS]], [[Extremely Reliable Operating System|EROS]] and military systems. In fact [[common criteria]] (CC) at the highest assurance level ([[Evaluation Assurance Level]] (EAL) 7) has an explicit requirement that the target of evaluation be "simple", an acknowledgment of the practical impossibility of establishing true trustworthiness for a complex system. Again, the term "simple" is misleading and ill-defined. At least the Department of Defense Trusted Computer System Evaluation Criteria introduced somewhat more precise verbiage at the B3/A1 classes: {{Blockquote|text="The TCB shall [implement] complete, conceptually simple protection mechanisms with precisely defined semantics. Significant system engineering shall be directed toward minimizing the complexity of the TCB, as well as excluding from the TCB those modules that are not protection-critical."|sign=|source=Department of Defense Trusted Computer System Evaluation Criteria}} In 2018, a paper presented at the Asia-Pacific Systems Conference claimed that microkernels were demonstrably safer than monolithic kernels by investigating all published critical [[Common Vulnerabilities and Exposures|CVE]]s for the [[Linux]] kernel at the time. The study concluded that 40% of the issues could not occur at all in a formally verified microkernel, and only 4% of the issues would remain entirely unmitigated in such a system.<ref>{{cite conference |url=https://dl.acm.org/doi/abs/10.1145/3265723.3265733 |title=The Jury Is In: Monolithic OS Design Is Flawed: Microkernel-based Designs Improve Security |last1=Biggs |first1=Simon |last2=Lee |first2=Damon |last3=Heiser |first3=Gernot |date=2018 |publisher=Association for Computing Machinery |book-title=Proceedings of the 9th Asia-Pacific Workshop on Systems |pages=1β7 |location=Jeju Island, Republic of Korea|doi=10.1145/3265723.3265733 |url-access=subscription }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)