Microsoft creates a new security technology termed as Kernel Data Protection(KDP) to fight Data Corruption
To mitigate Data Corruption attacks by which attackers are gaining access to device security by tampering with the Security Policy and Security Attestation of the system, escalating themselves with more privileges and corrupting data structures, user files Microsoft created Kernel Data Protection(KDP) a new technology which uses virtualization-based-security(VBS) to secure Windows drivers and kernel.
As Code Integrity and Control Flow Guard becoming more persistent to exploit, Most attackers are in turn using Data corruption to exploit systems. KDP mitigates exploitation by making some of the kernel modules as read-only which makes impossible to tamper data providing maximum security to the kernel which in succession increases the security of the device. As the company made Kernel Data Protection to work by using API’s, Microsoft not only enhanced the Security but simultaneously increased the Performance and Reliability.
Microsoft states that
The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software. On top of the important security and tamper protection applications of this technology, other benefits include:
- Performance improvements – KDP lessens the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected
- Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
- Providing an incentive for driver developers and vendors to improve compatibility with virtualization-based security, improving adoption of these technologies in the ecosystem
KDP is available for beta testing in the pre-release Windows 10 Insider Build. The technology requires the user’s machine to support VBS , as well as pair of other features known as second-level address translation and virtualization extensions.
Complete Blog Post and Technical details can be found at Microsoft