Microsoft released the first technical details today about a new security feature that will soon be part of Windows 10. Named Kernel Data Protection (KDP), Microsoft says that this feature will prevent malicious agents from modifying / destroying it. operating system memory.
According to Microsoft, the KDP works by giving developers access to APIs through programming that will allow them to define sections of the Windows kernel as read-only sections.
"For example, we've seen intruders use signed but vulnerable drivers to attack policy data structures and install a malicious unsigned driver," said Microsoft's Base Kernel team. "The KDP mitigates such attacks by ensuring that policy data structures cannot be altered."
Microsoft says that this new technology has been developed with security in mind, but that it has other applications, such as anti-cheat software and digital rights management (DRM).
In addition to improving its security operating system, KDP has other benefits, such as:
- Performance Improvements - KDP reduces the burden on "attestation components", which will no longer need to periodically verify data-protected data variables
- Reliability improvements - KDP facilitates diagnosis errors memory corruption that does not necessarily represent vulnerabilities
- Provide incentive for driver developers and suppliers to improve virtualization-based security compatibility by improving the adoption of these technologies in the ecosystem
Redmond says KDP is working on a new technology that the company is working on to add to Windows 10. The technology, known as virtualization-based security (VBS), uses the subject hardware to isolate a secure memory area from the normal operating system in a "virtual safe mode".
The KDP works by receiving its memory signal core as read-only and moves it to a virtual secure VBS mode where it cannot be altered, even by the operating system itself.
Microsoft says VBS support is the only requirement for using KDP along with an application in Windows 10.
Any computer that supports VBS will also natively support KDP. Currently, VBS is supported on anyone computer which supports:
- Intel, AMD or ARM virtualization extensions
- Second level address translation: NPT for AMD, EPT for Intel, 2nd stage address translation for ARM
- Optionally, MBEC hardware, which reduces HVCI-related performance costs
- Microsoft's upcoming Secured-core PC series also inherently supports VBS. In fact, the Micrsoft showed the KDP feature for the first time in the official Secured-core PCs announcement earlier this March.
Currently, KDP is already included in the latest Windows 10 Insider Build. There is no timeline for when it will be included in the main fixed version of Windows 10.