In order to solve the problem caused by untrusted kernel, the trusted base architecture at the same privilege of the kernel has been proposed by a lot of works. It provides the only one protection domain to deploy security mechanism at the same hardware privilege level of the kernel. However, in practice, it is often faced with diversified security requirements. Moreover, it is high risk to make multiple corresponding security mechanisms concentrated into a single protection domain. All other security mechanisms in the same protection domain may be maliciously tampered or destructed, as long as any one of the security mechanisms is compromised by the attacker. To address this problem, a kernel-level multi-domain isolation model isproposed in this study, which constructs multiple protection domains at the same hardware privilege level with the kernel to achieve internal isolation of different security mechanisms, and it will alleviate the security risks of traditional method which bind all security mechanisms into a single protection domain. This study has implemented the decentralized-KPD prototype system of the kernel-level multi-domain isolation model, which uses hardware virtualization technology and address remapping technology to deploy different security mechanisms in multiple protection domains at the kernel privilege level and it will not cause a large performance overhead. Overall, the experimental results demonstrate the security and utility of the kernel-level multi-domain isolation model.