DeMISTIfying Infosec: Kernel

March 1, 2016
By Katherine Teitler


A kernel is the central module, or "seed," of an operating system (OS). At boot, the kernel loads first into a protected area of the main memory (which cannot be overwritten), and remains there until the session terminates. The kernel is a critical component of the OS because it mediates access to system resources; the kernel interfaces with hardware on the system and allows multiple applications to use the hardware when necessary. In short, it is a bridge between applications and data processing, managing input/output requests and translating them into data, ultimately determining what programs and applications can do. For speed and efficiency, it is important that kernels remain small while providing essential services of the OS and applications.

The main functions of the kernel are managing:
• Memory
• Processes/systems calls and interrupts
• Devices
• Disk space

To accomplish these tasks, the kernel includes:
Scheduler: How processes share processing time
Supervisor: Grants use of computer to each process after it's scheduled
Interrupt handler: Determines how competing requests are handled
Memory Manager: Allocates the systems' address spaces

There are four main categories of kernels:

Monolithic kernels: In this type, the kernel contains all core functions: system services and device drivers. All of the functions outlined above are run in one address space. Monolithic kernels can load modules at runtime and for this reason are seen as an easy extension of the OS's capabilities. Monolithic kernels were "improved upon" because the original monolithic kernels grew quite large and processes were slowed. Today, monolithic kernels can be made small and efficient.

Microkernel: In a microkernel, the core functionality is isolated from system services and device drivers, leaving as little as possible in kernel space and moving it to user space. (In most systems, user space is separate from the kernel to prevent disruption or even a system crash.) The microkernel reduces kernel code size and increases security and stability of the OS.

Hybrid kernels: These are similar to a microkernel but include additional code that helps increase performance. One disadvantage of a hybrid kernel is that they are unable to load modules at runtime. Hybrid kernels were developed as an alternative to microkernels before microkernels were able to achieve high performance.

Exokernels: Exokernels allocate physical hardware resources to other programs, and as such, functionality is limited. Hardware abstractions are not possible in an exokernel and they are therefore accompanied by library operating systems.


prestitial ad