Armored Monolithic Kernel

Attempts to isolate critical components like device drivers within an existing kernel use interceptor techniques like wrapping the driver code into a protective shell which controls access to and from kernel functions or data. This wrapper can implement transactional guarantees when accessing shared global kernal data structures. This is done by creating a temporary copy of the data, perform the modification and then copy back.

A disadvantage of those approaches is that the driver can still directly use dangerous CPU functions because it runs in privileged (kernel) mode. And building those wrappers is a tedious task. Example taken from Tanenbaum, Can we build secure and reliable operating systems