Re: [PATCH V5 0/5] KVM: X86: Introducing ROE Protection Kernel Hardening
From: Igor Stoppa
Date: Mon Oct 29 2018 - 14:01:49 EST
On 26/10/2018 16:12, Ahmed Abd El Mawgood wrote:
This is the 5th version which is 4th version with minor fixes. ROE is a
hypercall that enables host operating system to restrict guest's access to its
own memory. This will provide a hardening mechanism that can be used to stop
rootkits from manipulating kernel static data structures and code. Once a memory
region is protected the guest kernel can't even request undoing the protection.
This is very interesting, because it seems a very good match to the work
I'm doing, for supporting the creation of more targets for protection:
In my case the protection would extend also to write-rate type of data.
There is an open problem of identifying legitimate write-rare
operations, however it should be possible to provide at least a certain
degree of confidence.