Thunderlane

AIS proposes the Thunderlane effort to define a new operating system model that radically dissolves the boundary between hypervisor and operating system, and leverages state-of-the-art software diversity techniques. In concert, these capabilities provide unparalleled resistance against reverse-engineering, and ensure the reliability and security of application and system software. The Thunderlane effort will achieve this goal by leveraging hardware-based virtualization to define a new operating system architecture: the hyperkernel. Similar to a microkernel, each major component in the hyperkernel system executes in isolation, and communicates via well-defined channels that can be tested and verified. Unlike a microkernel, however, the hyperkernel can leverage existing software (both applications and device drivers) designed for monolithic kernels like Microsoft Windows and Linux providing both the reliability and security of a microkernel, with access to existing software. Furthermore, Thunderlane will use compile-, load- and run-time software diversity techniques to protect the hyperkernel. Via a defensive-in-depth approach, Thunderlane is able to both reduce the probability of a successful attack through diversification while reducing the significance and severity of a successful attack through isolation. This diversified hyperkernel architecture is a much needed step towards significantly improving security and reliability of the systems protecting our nations most valuable assets.