On 16/06/18 12:49, Ahmed Soliman wrote: > > To wrap things up, the basic design will be a method for communication > between host and guest is guest can request certain pages to be read > only, and then host will force them to be read-only by guest until > next guest reboot, then it will impossible for guest OS to have them > as RW again. The choice of which pages to be set as read only is the > guest's. So this way mixed pages can still be mixed with R/W content > even if holds kernel code. It's not clear how this increases security. What threats is this protecting again? As an attacker, modifying the sensitive pages (kernel text?) will require either: a) altering the existing mappings for these (to make them read-write or user-writable for example); or b) creating aliased mappings with suitable permissions. If the attacker can modify page tables in this way then it can also bypass the suggested hypervisor's read-only protection by changing the mappings to point to a unprotected page. David
