Monolithic kernels are relatively quick, but one random obscure bug in some obscure option of some obscure entry point (ok, I know setsockopt isn't that obscure) and you're game over from a security point of view.
Microkernels are much better from a security standpoint, but context switches ain't cheap (and keep getting more expensive lately).
Exploit mitigation techniques can slow things down, but very seldom actually stop an attack, merely make it harder. And generally come with severe performance penalties themselves.
Are there any actual decent solutions?
I've been thinking recently about a microkernel optimized for many cores - that is, built around shared mailbox memory between processes, where most of the time the kernel isn't directly involved in IPC, and kernel communication is also mailboxed - but the concept rapidly runs into throughput limits once you get a chain of dependent processes larger than the number of cores. Also, NUMA throws a wrench in the works, as communicating between cores ain't cheap either.
Ah yes, the classic dilemma.
Monolithic kernels are relatively quick, but one random obscure bug in some obscure option of some obscure entry point (ok, I know setsockopt isn't that obscure) and you're game over from a security point of view.
Microkernels are much better from a security standpoint, but context switches ain't cheap (and keep getting more expensive lately).
Exploit mitigation techniques can slow things down, but very seldom actually stop an attack, merely make it harder. And generally come with severe performance penalties themselves.
Are there any actual decent solutions?
I've been thinking recently about a microkernel optimized for many cores - that is, built around shared mailbox memory between processes, where most of the time the kernel isn't directly involved in IPC, and kernel communication is also mailboxed - but the concept rapidly runs into throughput limits once you get a chain of dependent processes larger than the number of cores. Also, NUMA throws a wrench in the works, as communicating between cores ain't cheap either.