"NAX" Linux Security Being Worked On For Helping Fend Off Fileless Malware Attacks
The NAX Linux Security Module is around "no anonymous execution" of pages. The kernel security module prevents the creation of anonymous executable pages for processes by intercepting of mmap/mprotect system calls and handling them appropriately.
The NAX LSM has seen five rounds of review recently to help address the growing threat of file-less malware attacks. There still is more work to go on this security module and also some fundamental challenges like potential complications for existing JIT compilers on systems being broken by this module.
More details on the work being done around the NAX LSM can be found via the kernel mailing list.