# Microkernel vs Monolithic Kernels One-sentence definition: **Microkernel** keeps minimal services in kernel; **monolithic** includes many services—trade simplicity vs performance. ## Key Facts - Microkernel: small TCB, user-space drivers/servers; IPC overhead. - Monolithic: high performance; larger attack surface in kernel. - Hybrid designs common; module signing helps integrity. - Security posture benefits from smaller privileged code base. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose architecture with higher assurance potential. **Mnemonic:** “**Mini kernel**, minimal risk.” ## Mini Scenario Q: OS design for high assurance—kernel style? A: Microkernel to minimize TCB and improve verifiability. ## Revision Checklist - Compare attack surface implications. - Define TCB differences. - Note performance trade-off. ## Related [[Security Kernel and Protection Rings]] · [[Reference Monitor and TCB]] · [[Process Isolation and Privilege Modes]] · [[Memory Protection (DEP/NX, ASLR, W^X)]] · [[State Machine and Secure State]] · [[Domain 3 - Index]]