| 发明名称 | Hypervisor driven embedded endpoint security monitoring | ||
| 摘要 | Aspects of the present disclosure are directed to methods and systems of hypervisor driven embedded endpoint security monitoring. A computer implemented method may include providing one or more computer processors configured to operate a bare-metal hypervisor; launching a user OS virtual machine operatively connected to the hypervisor; launching a security virtual machine operatively connected to the hypervisor and receiving data from the security virtual machine via the hypervisor; and receiving data representative of security information from the computer processor processed by the security virtual machine. The hypervisor may include using a virtual switch for providing communications between the user OS virtual machine and the security virtual machine. The method may include using the security virtual machine to monitor malware on the user OS virtual machine. | ||
| 申请公布号 | US9626205(B2) | 申请公布日期 | 2017.04.18 |
| 申请号 | US201313966729 | 申请日期 | 2013.08.14 |
| 申请人 | Bank of America Corporation | 发明人 | Yu Sounil |
| 分类号 | G06F9/455;G06F21/53;G06F21/56;H04L29/06;G06F21/57 | 主分类号 | G06F9/455 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. ;Springs Michael A. |
| 主权项 | 1. An apparatus, comprising: a computing device having: at least one processor; andat least one memory storing computer executable instructions that, when executed, cause the apparatus at least to: booting up a bare-metal hypervisor on the computing device; in response to booting up the bare-metal hypervisor, concurrently launching a user OS virtual machine and a security virtual machine (security VM) transparent to a user on the computing device, the security VM isolating malicious software occurring in the user OS virtual machine;abstracting an application programming interface (API) of the computing device into a virtual switch, the security virtual machine having full access to the virtual switch; mirroring data traffic to and from the user OS virtual machine;directing data from the user OS virtual machine to a network cloud, the mirrored data traffic being directed through the virtual switch of the hypervisor;routing the mirrored data traffic to the security VM; and monitoring the data traffic by the security VM by: observing all data traffic to and from the user OS virtual machine via the virtual switch; andsending data representative of security information to a network control center (NCC) server; andthe NCC server configured to: receive said data representative of security information;subsequently analyze the security information; andin response to analysis of the security information, deploy components to the bare-metal hypervisor. | ||
| 地址 | Charlotte NC US | ||