iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support

The users of today's operating systems demand high re-liability and security. However, faults introduced outside of the core operating system by buggy and malicious de-vice drivers can significantly impact these dependability attributes. To help improve driver isolation, the authors propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. They present the implementation of a low-overhead virtual-machine based frame-work which allows reuse of existing drivers.