What mitigations Genode already implements or plan to implement?
Any of below ones are relevant to Genode’s design?
HVCI (Hypervisor-protected code integrity)
MBEC (Mode based execution control)
CFI (Control Flow Integrity)
ACG (Arbitrary code Guard)
Credential Guard
DPAPI (Data Protection API)
ASLR (Address space layout randomization)
TPM backed boot encryption
Patchguard (Kernel patch protection)
SYN flood
MTE (Memory Tagging Extension)
…
I’m a beginner- so take this with a lot of salt, but I believe HVCI or something like it is very core to Genode- the NOVA kernel is itself a microhypervisor that everything, including drivers, runs on, and the base-hw kernel is very similar.
I believe there is support for Trusted Boot as well, though I haven’t tried it
I’m afraid that your question is overly broad and therefore not conductive to a fruitful discussion. Instead of asking for an expensive answer to a cheap question, you may consider introducing your motivation, presenting a tangible attacker model you wish to be protected from, and inquiry for the application of specific techniques while speaking of a concrete kernel.
That said, I don’t want to leave your question unanswered. A few years ago, I did a survey of CVEs and common mitigation techniques, and put those findings in relation to Genode. You can find the document here. Note that the document is a few years old but the gist of it still applies.
For framing the discussion about security in the context of Genode, let me point you a prior Genodians article “Speaking of Security” of mine.
These are excellent resources, that I forgot about - thanks for posting this!
I really need to resurrect Genode Corner, and create a section for this sort of thing…
While at it, could you please add RSS to Genode Corner?
Interesting that you mention that - I need to rework how the site is generated, but after that, it should be pretty simple.
But on a similar note, I was thinking of trying to generate an RSS feed on Genode Corner for Genodians.org, which would be even more useful. All the raw data are publicly accessible, and the file formats are simple, so this shouldn’t be hard either.
Having said that, if someone wants to steal my idea, feel free. 
(I’m extremely time-constrained at the moment.)