A New Proposal for Protecting Kernel Data Memory - Igor Stoppa, Huawei Forum 1 Speakers: Igor Stoppa This is a followup to the presentation "Protecting the Protection Mechanisms" from the Security Summit 2018. The revised proposal addresses various points that were not covered in the previous implementation. Primarily, the focus of the rewritten patch-set is to express the meta-data used to describe the properties of the various memory regions, while reducing the overhead of verifying them. This feat is achieved by segmenting the vmalloc address space and encoding specific properties in the actual address ranges used to map memory pages containing data with such properties. Such approach is also meant to pave the way toward the hardening of the page tables.
