Hello Igor, > This is very interesting, because it seems a very good match to the work > I'm doing, for supporting the creation of more targets for protection: > > https://www.openwall.com/lists/kernel-hardening/2018/10/23/3 > > In my case the protection would extend also to write-rate type of data. > There is an open problem of identifying legitimate write-rare > operations, however it should be possible to provide at least a certain > degree of confidence. I have checked your patch set. In our work we were originally planning to do something similar to write_rare just so we can differentiate between memory chunks that may be modified and those that will be set once and never modify. I see you are planning to do a white paper too, actually we are doing an academic paper based on our work. If you would like to collaborate, so that ROE and write_rare would integrate well from the beginning, we will be glad to do so. Thanks, -- Ahmed Junior Researcher , IoT and Cyber Security lab, SmartCI , Alexandria University, & CIS @ VMI
