Fine-Grained Kernel Memory Isolation Using Hardware Protection Keys and Capability Mapping

Authors

  • Hiroshi Nakamura Department of Computer Science, Kyoto University, Kyoto 606-8501, Japan Author
  • Yuki Matsumoto Department of Computer Science, Kyoto University, Kyoto 606-8501, Japan Author
  • Rina Takeda Department of Computer Science, Kyoto University, Kyoto 606-8501, Japan Author

DOI:

https://doi.org/10.71465/fapm711

Keywords:

PKS, memory protection, kernel isolation, capability mapping, hardware security

Abstract

Hardware protection keys (PKU/PKS) offer lightweight mechanisms for runtime memory access control, yet prior systems often apply them at coarse granularity. We introduce a capability-mapped isolation framework that partitions kernel subsystems into fine-grained memory regions with adaptive key assignments. Tested on Linux 6.1, the system enforces per-function memory boundaries with <3.5% performance overhead, blocking 94% of simulated invalid-write attacks. Stress tests using 22 historical CVE exploits demonstrate complete mitigation in 18 cases. Our results show that combining capability mapping with PKS significantly strengthens kernel memory integrity while remaining deployment-friendly.

Downloads

Download data is not yet available.

Downloads

Published

2026-02-25

Issue

Vol. 3 No. 2 (2026): Frontiers in Applied Physics and Mathematics

Section

Articles

License

Copyright (c) 2026 Hiroshi Nakamura, Yuki Matsumoto, Rina Takeda (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.