| 发明名称 | Secure virtualization system software | ||
| 摘要 | Systems and methods for protecting a virtualization environment against malware. The methods involve intercepting an event in a kernel mode of the virtualization environment, suspending execution of the event, and transmitting the event to a user mode security module that determines whether the event should be blocked, allowed, or redirected. Events may be intercepted from any level of the virtualization environment, including an interrupt request table, device driver, OS object manager, OS service dispatch table, Portable Execution (P/E) import/export table, or binary code, among others. In one embodiment, an event may trigger a chain of related events, such that interception of an event without first intercepting an expected antecedent event is one indication of malware. The method also involves securing a virtual storage device against unauthorized access and providing for secure communication between guest OS and virtualization environment security modules. | ||
| 申请公布号 | US9235705(B2) | 申请公布日期 | 2016.01.12 |
| 申请号 | US200912468341 | 申请日期 | 2009.05.19 |
| 申请人 | Wontok, Inc. | 发明人 | Freericks Helmuth;Kouznetsov Oleg |
| 分类号 | G06F12/14;G06F21/56;G06F21/54;G06F21/55;G06F21/62 | 主分类号 | G06F12/14 |
| 代理机构 | Fox Rothschild LLP | 代理人 | Sacco Robert J.;Thorstad-Forsyth Carol E.;Fox Rothschild LLP |
| 主权项 | 1. A method implemented on a computing device for securing a virtualization environment against malware, comprising: suspending an event in a kernel mode of a first guest operating system running on top of a first virtual machine created by virtualization platform software; making the event available to a user mode security module of the first guest operating system; performing, by the user mode security module, a security analysis of the event; performing the following operations if the security analysis indicates execution of the event is not secure, blocking execution of the event,communicating information specifying an existence of a malicious event from the first guest operating system to a security component of the virtualization environment,sending a communication alerting of the existence of the malicious event from the virtualization environment to a second guest operating system running on top of a second virtual machine created by the virtualization platform software, where the first and second virtual machines are separate and distinct virtual machines that are concurrently existing within the virtualization environment prior to, during, and subsequent to the time the security analysis is performed, andterminating execution of the first guest operating system; and resuming execution of the event if the security analysis indicates execution of the event is secure. | ||
| 地址 | Palm Beach Gardens FL US | ||