Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jun 2018 13:49:36 +0200
From: Ahmed Soliman <>
	Kernel Hardening <>,, 
	Kees Cook <>, Ard Biesheuvel <>, 
	Hossam Hassan <>, Ahmed Lotfy <>,,
Subject: Design Decision for KVM based anti rootkit

Following up on these threads:

I lost the original emails so I couldn't reply to them, and also sorry
for being late, it was the end of semester exams.

I was adviced on #qemu and #kernelnewbies IRCs to ask here as it will
help having better insights.

To wrap things up, the basic design will be a method for communication
between host and guest is guest can request certain pages to be read
only, and then host will force them to be read-only by guest until
next guest reboot, then it will impossible for guest OS to have them
as RW again. The choice of which pages to be set as read only is the
guest's. So this way mixed pages can still be mixed with R/W content
even if holds kernel code.

I was planning to use KVM as my hypervisor, until I found out that KVM
can't do that on its own so one will need a custom virtio driver to do
this kind of guest-host communication/coordination, I am still
sticking to KVM, and have no plans to do this for Xen at least for
now, this means that in order to get it to work there must be a QEMU
support our specific driver we are planning to write in order for
things to work properly.

The question is is this the right approach? or is there a simpler way
to achieve this goal?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.