Lifetime-Aware Kernel Object Isolation Using Temporal Protection Windows

Emily C. Rogers
Daniel K. Foster
Sarah L. Chen
Michael J. Turner

Read the full article

Discuss this preprint

Start a discussion What are Sciety discussions?

Listed in

This article is not in any list yet, why not save it to one of your lists.

Abstract

Memory objects in the kernel often remain accessible long after their safe lifetime, leading to use-after-free exploits. We present a lifetime-aware isolation model that assigns temporal protection windows to kernel objects. PKS permissions are revoked when objects exit valid lifetime states. Applied to six kernel allocators (SLUB, SLOB, SLAB), the technique eliminates 67% of UAF exploitability cases** and shortens exposure windows by 72%. Benchmarking shows ≤4% overhead across memory-intensive workloads. This temporal model adds a new dimension to kernel compartmentalization by aligning memory protection with object lifecycles.

Version published to 10.20944/preprints202602.0445.v1
Feb 5, 2026

Three Modes of Database-Kernel Integration via eBPF: Observability, Policy Injection, and Kernel-Resident State

This article has 2 authors:
1. Sheriff Adefolarin Adepoju
2. Mildred Aiwanno-Ose Adepoju
This article has no evaluationsLatest version Feb 12, 2026
Implementation and Evaluation of MemGuard in the Bao Hypervisor

This article has 2 authors:
1. Everaldo Gomes
2. Giovani Gracioli
This article has no evaluationsLatest version Jan 19, 2026
In-Network Memory Access: Bridging SmartNIC and Host Memory

This article has 3 authors:
1. Mohammed Zain Farooqi
2. Masoud Hemmatpour
3. Tore Heide Larsen
This article has no evaluationsLatest version Feb 2, 2026

Discuss this preprint

Listed in

Abstract

Article activity feed

Related articles

Three Modes of Database-Kernel Integration via eBPF: Observability, Policy Injection, and Kernel-Resident State

Implementation and Evaluation of MemGuard in the Bao Hypervisor

In-Network Memory Access: Bridging SmartNIC and Host Memory