Re: [PATCH V5 0/5] KVM: X86: Introducing ROE Protection Kernel Hardening

From: Igor Stoppa
Date: Mon Oct 29 2018 - 14:01:49 EST


On 26/10/2018 16:12, Ahmed Abd El Mawgood wrote:

This is the 5th version which is 4th version with minor fixes. ROE is a
hypercall that enables host operating system to restrict guest's access to its
own memory. This will provide a hardening mechanism that can be used to stop
rootkits from manipulating kernel static data structures and code. Once a memory
region is protected the guest kernel can't even request undoing the protection.

This is very interesting, because it seems a very good match to the work I'm doing, for supporting the creation of more targets for protection:

In my case the protection would extend also to write-rate type of data.
There is an open problem of identifying legitimate write-rare operations, however it should be possible to provide at least a certain degree of confidence.