Monolithic kernels, like linux, did not provide a hardening mechanism on the kernel modules’ memory access. Modules in Linux could do almost everything. Arbitary write and read may cause system crash, information leak, and even rootkit injection. There is a great need to implement a memory hardening mechanism to limit the behavior of a kernel module.

This projects will enhance the ‘Baggy Bounds with Accurate Checking’ (BBAC). By adding information to the memory object’s padding area, we can perform various safety checks with limited overhead. I will mainly focus on providing runtime access policy hardening. This work will prevent most of illegal memory accesses efficiently.


Zhengyang Liu


  • John Criswell