中文摘要：

宏内核操作系统提供对第3方模块和驱动程序等载入模块的支持,允许载入模块运行在内核态特权级.由于运行在最高特权级,载入模块对内核的核心服务的关键对象的访问难以得到系统的有效控制.考虑对被监控系统的性能影响控制在很小的范围,基于内嵌式的监控机制HybridHP,提出了一种宏内核架构下的载入模块权能隔离方案KCapISO,为内核和载入模块维护各自的页表,从权能上将两者隔离,确保载入模块无法修改内核的数据,并且无法以任何方式直接调用或跳转到内核中执行,这些动作都需经过KCapISO的监控和检查.实验结果表明,KCapISO能有效地将内核与载入模块在权能上相互隔离,同时获得较好的系统性能.

英文摘要：

The monolithic kernel operating systems provide support for the loaded modules, such as third-party modules and drivers. Due to that the loaded modules run on the privilege level, the access to the key objects of core services within the kernel is difficult to be controlled effectively. Considering little influence on the performance of the monitored system, based on the embeddedstyle monitoring system HybridHP, we propose a capability isolation method of loaded modules on the monolithic kernel operating system, named KCapISO. KCapISO maintains the respective page tables for the kernel and loaded modules, which are isolated from the aspect of the capability. KCaplSO ensures that the loaded modules cannot modify the kernel data, and cannot directly call or jump into the kernel in any way. And these behaviors are required to pass through monitoring and inspection by KCapISO. The experiment result shows that KCapISO effectively isolates the kernel and loaded modules from the aspect of the capability, and achieves good system performance.