Sign in with OpenID or Register

Introducing KMux - The Kernel Multiplexer

Kernel Multiplexer or KMux is a kernel extension framework that intercepts the communciation between user and kernel space in order to extend, enhance or replace kernel interfaces. It has very low overhead and can be configured to achieve fine grained control over individual processes in a system.

For the last 8 months I've been working with Dr. Gabriel Parmer at The George Washington University Computer Science department to develop the KMux framework. It allows:

  • Extension, enhancement or replacement of any kernel interface provided by general purpose operating systems
  • Extremely low overhead through utilization of x86 interface to intercept user - kernel communciation
  • Creation of individual restriction profiles for userland processes
  • Multiplexing system calls from different processes among multiple kernels (using KMux, it's possible to use mulitple kernels in the same operating system environment!)
  • Multiplexing of CPUs and dedicating them to specific kernels
  • Creation of sandboxes or isolation environments for untrusted processes
KMux works with most Linux distributions and has been tested with Ubuntu 10.04 LTS w/ Kernel v2.6.33. Installing and using KMux requires the kernel source to be avaialble and dynamic module loading enabled in the kernel configuration. The abstract for the thesis is provided below:

General-purpose operating system kernels are often incapable of validating communication over interfaces between its trusted code base and the untrusted application space. Context aware configurable modules loaded into kernel space can be used to validate or monitor such communication to improve security, create protection domains or analyze trends to apply heuristics against potentially harmful exchanges. In this paper we present KMux or Kernel Multiplexer, a general-purpose framework consisting of kernel modules or subkernels that utilizes x86 hardware interface to establish control over the primary kernel and enhances operating system interfaces available to user level processes. Each subkernel specializes in a limited, cohesive set of interfaces and used in conjunction with each other to exercise different granularity of control. We also discuss sample implementation of the KMux framework to create protection domains, compartmentalize resource usage and multiplex among self- sufficient kernels.

I successfully defended my thesis on the 27th of April, 2011. The thesis presentation covers the fundamentals of KMux:

Download the thesis paper

The complete codebase for the KMux project is available on Github

Posted by tarequeh on 11 May 2011

Please sign in using your OpenID to comment.

0 Comments