Hi,
On 26/10/2018 16:12, Ahmed Abd El Mawgood wrote:
This is the 5th version which is 4th version with minor fixes. ROE is a
hypercall that enables host operating system to restrict guest's access to its
own memory. This will provide a hardening mechanism that can be used to stop
rootkits from manipulating kernel static data structures and code. Once a memory
region is protected the guest kernel can't even request undoing the protection.
This is very interesting, because it seems a very good match to the work
I'm doing, for supporting the creation of more targets for protection:
https://www.openwall.com/lists/kernel-hardening/2018/10/23/3
In my case the protection would extend also to write-rate type of data.
There is an open problem of identifying legitimate write-rare
operations, however it should be possible to provide at least a certain
degree of confidence.
--
igor
