- Linux Stubdomains that can run the newest device models, allowing users to take advantage of one of Xen’s unique security features while still having the latest emulated hardware.
- Lightweight VM fork for fuzzing / introspection. Allows very fast introspection “experimentation”, for analyzing malware or finding bugs on systems with Intel EPT support.
- New livepatch features allow for a wider range of security fixes to be live patched while providing extra safety mechanisms to prevent users from applying patches in the wrong order.
- Control-flow Enforcement Technology (CET) Shadow Stack support. Control-flow Enforcement Technology (CET) is a set of features in hardware designed to combat Return-oriented Programming (ROP, also call/jump COP/¯JOP) attacks. Xen 4.14 can use these hardware features, if available, to protect itself from ROP attacks.
Részletek a bejelentésben.