Invention Grant
US09465700B2 System and method for kernel rootkit protection in a hypervisor environment
有权
管理程序环境中的内核rootkit保护的系统和方法
- Patent Title: System and method for kernel rootkit protection in a hypervisor environment
- Patent Title (中): 管理程序环境中的内核rootkit保护的系统和方法
-
Application No.: US14629574Application Date: 2015-02-24
-
Publication No.: US09465700B2Publication Date: 2016-10-11
- Inventor: Amit Dang , Preet Mohinder , Vivek Srivastava
- Applicant: McAfee, Inc.
- Applicant Address: US CA Santa Clara
- Assignee: McAfee, Inc.
- Current Assignee: McAfee, Inc.
- Current Assignee Address: US CA Santa Clara
- Agency: Patent Capital Group
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F9/455 ; G06F11/14 ; G06F12/10 ; G06F12/12
Abstract:
A system and method in one embodiment includes modules for creating a soft whitelist having entries corresponding to each guest kernel page in a guest operating system in a hypervisor environment, generating a page fault when an access attempt is made to a guest kernel page, fixing the page fault to allow access and execution if the guest kernel page corresponds to one of the entries in the soft whitelist, and denying execution if the guest kernel page does not correspond to any of the entries in the soft whitelist. If the page fault is an instruction page fault, and the guest kernel page corresponds to one of the entries in the soft whitelist, the method includes marking the guest kernel page as read-only and executable. The soft whitelist includes a hash of machine page frame numbers corresponding to virtual addresses of each guest kernel page.
Public/Granted literature
- US20150234718A1 SYSTEM AND METHOD FOR KERNEL ROOTKIT PROTECTION IN A HYPERVISOR ENVIRONMENT Public/Granted day:2015-08-20
Information query
