发明名称 |
Bare-metal computer security appliance |
摘要 |
Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. Such hardware components include, among others, a memory shadower configured to detect changes to a memory connected to the first processor, and a storage shadower configured to detect an attempt to write to a non-volatile storage device of the computer system. |
申请公布号 |
US9383934(B1) |
申请公布日期 |
2016.07.05 |
申请号 |
US201514661423 |
申请日期 |
2015.03.18 |
申请人 |
Bitdefender IPR Management Ltd. |
发明人 |
Lukacs Sandor;Colesa Adrian V. |
分类号 |
G06F12/14;G06F3/06 |
主分类号 |
G06F12/14 |
代理机构 |
Law Office of Andrei D Popovici, PC |
代理人 |
Law Office of Andrei D Popovici, PC |
主权项 |
1. A method comprising:
employing a first hardware processor of a computer system to execute a code sample loaded into a first memory of the computer system, the computer system further comprising a memory shadower and an interrupt generator, wherein the memory shadower includes a second memory and logic configured to take snapshots of the first memory, wherein each snapshot comprises a current content of a memory section of the first memory, wherein taking snapshots comprises copying the current content from the first memory to the second memory; employing the interrupt generator to inject a hardware interrupt into the first hardware processor, the hardware interrupt causing the computer system to transition into a sleeping state, wherein the sleeping state is a state wherein the first hardware processor is not executing instructions and the first memory is powered; in response to the computer system transitioning to the sleeping state, employing the memory shadower to take a first snapshot of the first memory; and in response to taking the first snapshot, employing the memory shadower to transmit at least a part of the first snapshot to a second hardware processor configured to determine according to the first snapshot whether the code sample poses a computer security threat. |
地址 |
Nicosia CY |