Invention Grant
- Patent Title: Method and apparatus for hypervisor based monitoring of system interactions
-
Application No.: US15069253Application Date: 2016-03-14
-
Publication No.: US10198280B2Publication Date: 2019-02-05
- Inventor: Kirk R. Swidowski , Ryan J. Berg , Stephen C. Carlucci , John J. Danahy
- Applicant: Barkly Protects, Inc.
- Applicant Address: US MA Boston
- Assignee: Barkly Protects, Inc.
- Current Assignee: Barkly Protects, Inc.
- Current Assignee Address: US MA Boston
- Agency: Davis, Malm & D'Agostine, P.C.
- Agent Richard L. Sampson
- Main IPC: G06F9/455
- IPC: G06F9/455 ; G06F21/00 ; G06F11/34
Abstract:
A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.
Public/Granted literature
- US20170168865A1 Method and Apparatus for Hypervisor Based Monitoring of System Interactions Public/Granted day:2017-06-15
Information query
