Dynamic Driver Compartmentalization Using On-Demand Memory Domains

Jonas Müller; Hannah Weiss; Leon Schneider

doi:10.71465/mrcis216

Authors

Jonas Müller Department of Computer Science, Ludwig-Maximilians-Universität München (LMU Munich), 80538 Munich, Germany Author
Hannah Weiss Department of Computer Science, Ludwig-Maximilians-Universität München (LMU Munich), 80538 Munich, Germany Author
Leon Schneider Department of Computer Science, Ludwig-Maximilians-Universität München (LMU Munich), 80538 Munich, Germany Author

DOI:

https://doi.org/10.71465/mrcis216

Keywords:

driver security, memory domains, PKS protection, dynamic isolation, kernel reliability

Abstract

Device drivers contribute disproportionately to kernel vulnerabilities due to their large attack surface. This work proposes an on-demand driver compartmentalization mechanism that assigns temporary memory domains to active driver routines. Using lightweight memory remapping and PKS-controlled regions, the approach confines driver faults without interrupting global kernel execution. Evaluated across 14 commodity drivers, the system prevents privilege-escalation exploits in 11 CVEs and contains the impact of remaining attacks. Performance overhead stays within 4.1% on I/O-intensive workloads. This dynamic model demonstrates an effective balance between strong isolation and operational flexibility.

References

Jarkas, O., Ko, R., Dong, N., & Mahmud, R. (2025). A Container Security Survey: Exploits, Attacks, and Defenses. ACM Computing Surveys, 57(7), 1-36.

Mao, Y., Chen, Z., & Ma, X. (2026). Research on a Lightweight Full-Stack Edge Execution Optimization Framework Based on Serverless and WebAssembly.

Moghadam, V. E., Serra, G., Aromolo, F., Buttazzo, G., & Prinetto, P. (2024). Memory integrity techniques for memory-unsafe languages: A survey. IEEE Access, 12, 43201-43221.

Bai, W., Xuan, K., Huang, P., Wu, Q., Wen, J., Wu, J., & Lu, K. (2024). Apilot: Navigating large language models to generate secure code by sidestepping outdated api pitfalls. arXiv preprint arXiv:2409.16526.

Novković, B. (2025). Improving Monolithic Operating System Kernel Security and Robustness Through Kernel Subsystem Isolation (Doctoral dissertation, University of Zagreb. Faculty of Electrical Engineering and Computing. Department of Electronics, Microelectronics, Computer and Intelligent Systems).

Perez-Cerrolaza, J., Abella, J., Kosmidis, L., Calderon, A. J., Cazorla, F., & Flores, J. L. (2022). GPU devices for safety-critical systems: A survey. ACM Computing Surveys, 55(7), 1-37.

Mondal, S. K., Pan, R., Kabir, H. D., Tian, T., & Dai, H. N. (2022). Kubernetes in IT administration and serverless computing: An empirical study and research challenges. The Journal of Supercomputing, 78(2), 2937-2987.

Du, Y. (2025). Research on Deep Learning Models for Forecasting Cross-Border Trade Demand Driven by Multi-Source Time-Series Data. Journal of Science, Innovation & Social Impact, 1(2), 63-70.

Johnson, R. (2025). Kernel Concepts and Architecture: Definitive Reference for Developers and Engineers. HiTeX Press.

Hu, W. (2025, September). Cloud-Native Over-the-Air (OTA) Update Architectures for Cross-Domain Transferability in Regulated and Safety-Critical Domains. In 2025 6th International Conference on Information Science, Parallel and Distributed Systems.

Burtsev, A., Narayanan, V., Huang, Y., Huang, K., Tan, G., & Jaeger, T. (2023, June). Evolving operating system kernels towards secure kernel-driver interfaces. In Proceedings of the 19th Workshop on Hot Topics in Operating Systems (pp. 166-173).

Liu, S., Feng, H., & Liu, X. (2025). A Study on the Mechanism of Generative Design Tools' Impact on Visual Language Reconstruction: An Interactive Analysis of Semantic Mapping and User Cognition. Authorea Preprints.

Jarkas, O., Ko, R., Dong, N., & Mahmud, R. (2025). A Container Security Survey: Exploits, Attacks, and Defenses. ACM Computing Surveys, 57(7), 1-36.

Yang, M., Wang, Y., Shi, J., & Tong, L. (2025). Reinforcement Learning Based Multi-Stage Ad Sorting and Personalized Recommendation System Design.

Ait Messaoud, A., Ben Mokhtar, S., & Simonet-Boulogne, A. (2025). Tee-based key-value stores: a survey. The VLDB Journal, 34(1), 10.

Narayanan, V. (2023). Towards Fine-Grained Compartmentalization of Operating System Kernels (Doctoral dissertation, The University of Utah).

Peng, H., Jin, X., Huang, Q., & Liu, S. (2025). E-commerce Intelligent Recommendation Optimization and Personalized Marketing Strategy Based on Big Model.

Rugo, A., Ardagna, C. A., & Ioini, N. E. (2022). A security review in the UAVNet era: Threats, countermeasures, and gap analysis. ACM Computing Surveys (CSUR), 55(1), 1-35.

Boubakri, M., & Zouari, B. (2025). GATOR-V: Accelerating the RISC-V Confidential Computing Ecosystem With a Production-Grade TEE. IEEE Access, 13, 210892-210916.

Du, Y. (2025). Research on Digital Quality Traceability System for Temperature-Controlled Supply Chain of Foreign Trade Wine Driven by Blockchain and IoT. Business and Social Sciences Proceedings, 4, 57-65.

De Peuter, S., Oulasvirta, A., & Kaski, S. (2023). Toward AI assistants that let designers design. Ai Magazine, 44(1), 85-96.

Ramos, A., Martín, H., Cámara, C., & Peris-Lopez, P. (2025). FPGA Device Fingerprinting With On-Chip Sensor Signatures Under Hardware-Driven Workloads. IEEE Sensors Journal, 26(1), 1213-1231.

Mao, Y., Chang, K. M., & Chen, Z. (2026). Research on Frontend-Backend Collaboration and Performance Optimization for High-Concurrency Web Systems.

Le Provost, G., Schenk, N. V., Penone, C., Thiele, J., Westphal, C., Allan, E., ... & Manning, P. (2023). The supply of multiple ecosystem services requires biodiversity across spatial scales. Nature ecology & evolution, 7(2), 236-249.

Dynamic Driver Compartmentalization Using On-Demand Memory Domains

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

logo

Journal Information

Latest publications

Information

visitors