kShield - Protecting the core

A kShield is a commercial Linux Kernel Hardened product with high-quality code, high stability, low-performance impact, and low crash rate protects Cloud-Native Infrastructure, Servers, Embedded Systems, Industrial Control Systems, and more.

At the beginning of the design, we made performance and stability an essential part of our consideration based on experience and practice in cloud infrastructure security over the past 10+ years. We also built a robust threat model for protecting the kernel. And decouple the additional overhead of security through multiple implementations. For example, without kernel patchset, but detects security risks in the Kernel with LKM(Linux Kernel Module) implement. We also protect with GCC plug-ins, and a small number of modified kernel patches and more implementations are not described. Finally, customers can deeply customize the product to get the best service and experience.

Features

  • No more than 5% of performance impact
  • Anti exploitation technologies
  • Anti vulnerability classes
  • Anti mitigations bypass
  • Improving the security of default upstream kernel mitigation measures
  • Support ~5.x upstream kernel
  • It was working on cloud infrastructure very well over the past 5+ years
  • Best practices applied to different scenarios solutions via machine learning that data include the history of CVEs, the natural world case uses to attack kernel technologies, and some data from the data center
  • Smart Mode: According to the default environment security level to auto-deploy the most suitable product form
  • etc.
essential