One kernel services in separate address space whereas,

One of the vital aspects of computer systems is to
store and protect highly sensitive data. At the same time attackers resources
and determination have also been amplified significantly. According to recent
studies about very sophisticated and targeted attacks as well as broad
nation-wide surveillance programs, the effectiveness of currently deployed
security systems is in question. Hence, systems capable of providing securities
to critical application and information must assure the quality in order to
function correctly. A solution to security threat would be to compartmentalize
data and its application. An example can be the usage of a dedicated computer
for each task and is only connected to the Internet when needed. However, this solution
does not fit well. Also expecting high assurance for security from today’s
monolithic Operating Systems (OS) is extremely hard because of their large size
and complex functionalities. OS vendors regularly highlight this fact in their
security updates. Thus, they are a weak foundation for building secure systems

However at other side, microkernels are good
resource for system which has strict demands on robustness and security. These
are small in size compare to monolithic kernels, which is also a precondition
for formal verification. Microkernel
keeps user services and kernel services in separate address space whereas, in monolithic
kernel user services and kernel services both are kept in the same address
space as shown in Figure 1. As in monolithic kernel the entire OS is placed in
kernel space and runs in privileged mode it gives higher performance but there
is a high chance of system crash as well. However, due to separation of the
services i.e. user and kernel, in different address space in microkernels, both
types of services are isolated from each other so if any user service fails it
does not affect the kernel services and hence OS remains unaffected. Monolithic
kernels are faster in comparison
to microkernels, as the communication between application and hardware is
established using the system call in monolithic kernel. On the other hand, in
microkernels the communication between application and hardware of the system
is established through message passing.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
Writers Experience
Recommended Service
From $13.90 per page
4,6 / 5
Writers Experience
From $20.00 per page
4,5 / 5
Writers Experience
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team

A separation kernel (SK) is a special form of
microkernel that creates an environment for execution of multiple components
that can communicate strictly according to a given policy only and are
otherwise isolated to each other. SK came into picture in 1981 and was
introduced by John Rushby 6. According to his concept of SK, secure systems
should be envisioned as distributed systems where security is achieved by
partitioning of resources and by decoupling the verification of the trusted
functions implemented in several components, from the verification of SK. The
concept of SK also initiated the model of Multiple Independent Levels of
Security/Safety (MILS) 7. It’s an architecture that provides high-assurance,
and based on the spatial and temporal partitioning and information control
flow. Partitioning should include both trusted and untrusted separations and
the complete security solution must ensure NEAT 8, 9 which is an acronym for well
known four characteristics explained below:

No components are allowed to bypass the security monitor also can’t use another
communication path, including lower level mechanisms.

A trusted component must be modular, well designed, specified and, implemented,
should be small in size, so that the evaluation of component can be done.

Security monitors will check the access/message every time it occurs.

Tamperproof: The system takes care
of unauthorized changes and controls the modifications takes place in the

Along with NEAT some other traditional critical
properties are also there like safety, security, real-time, and fault tolerance
10, 11. NEAT characteristics are not easy to prove and formalize that is why;
separation kernels are generally verified formally that shows the correctness
of the functionalities of the system. General verification of separation
kernels with MILS system includes following critical properties 12, 13, 14.


Separation: Also known as “Data Isolation”, used to create multiple partitions
and each partition is deployed as a separated resource. These partitions can
communicate strictly according to a given policy or it does remain isolated
from each other. Applications and private data in one partition can’t get
modified by other partitions applications.

Flow Security: Also known as “Control of
Information Flow”, used to control the flow of information between partitions
which is authenticated, to a set of receivers and defined from a source

Separation: It is used to share physical
resources across different time periods among several partitions. A component
get a resource for a slice of time, then assigned to another component.

Limitation: Damage occurs due to the failures in
propagating from one partition to others is controlled.