Hypervisor-Enforced Kernel Integrity for Linux with KVM

Explore a conference talk on Heki, a hypervisor-enforced kernel integrity solution for Linux using KVM. Delve into the challenges of kernel vulnerabilities and their exploitation in common operating systems. Learn about existing kernel self-protection mechanisms, including control-register pinning and memory page protection restrictions, and understand their limitations. Discover how virtualization can enhance defense by moving protection mechanisms out of the kernel. Examine the implementation based on the Kernel-based Virtual Machine (KVM) hypervisor, designed for integration with the mainline project. Compare this approach to other private implementations like Windows's Virtual Secure Mode, and understand how it is tailored specifically for Linux. Gain insights into advanced kernel security techniques and their potential impact on system integrity.

Heki: Hypervisor-Enforced Kernel Integrity for Linux with KVM - Mickaël Salaün, Microsoft