Invention Grant
- Patent Title: Systems and methods for secure in-VM monitoring
- Patent Title (中): 安全的虚拟机内监控系统和方法
-
Application No.: US13508314Application Date: 2010-11-04
-
Publication No.: US09129106B2Publication Date: 2015-09-08
- Inventor: Monirul Islam Sharif , Wenke Lee
- Applicant: Monirul Islam Sharif , Wenke Lee
- Applicant Address: US GA Atlanta
- Assignee: GEORGIA TECH RESEARCH CORPORATION
- Current Assignee: GEORGIA TECH RESEARCH CORPORATION
- Current Assignee Address: US GA Atlanta
- Agency: Troutman Sanders LLP
- Agent Ryan A. Schneider; Christopher Close, Jr.
- International Application: PCT/US2010/055507 WO 20101104
- International Announcement: WO2012/039726 WO 20120329
- Main IPC: G06F21/50
- IPC: G06F21/50 ; G06F9/455 ; G06F21/62
Abstract:
Security systems can provide secure and efficient in-VM monitoring. An exemplary security system can be built upon hardware virtualization features and can comprise a virtual machine having a plurality of standard virtual address spaces, as well as a hidden virtual address space. While the standard virtual address spaces can be directly accessible by a kernel in the virtual machine, the hidden virtual address space can be hidden from the kernel, which can be absent a virtual page table corresponding to the hidden virtual address space. A security monitor can reside in the hidden address space, monitoring the kernel without being modifiable by the kernel. A processor can transfer focus from the standard virtual address spaces to the hidden virtual address space only through predetermined entry gates, and the processor can transfer focus from the hidden virtual address space to the standard virtual address spaces only through predetermined exit gates.
Public/Granted literature
- US20130091568A1 SYSTEMS AND METHODS FOR SECURE IN-VM MONITORING Public/Granted day:2013-04-11
Information query
