发明名称 |
Systems And Methods For Preventing Code Injection In Virtualized Environments |
摘要 |
Described systems and methods allow protecting a host system from malicious injection of code and/or data. A memory introspection engine operates below an operating system (OS), having higher processor privileges than the OS. The memory introspection engine is configured to selectively block the copying of memory between a source process and a destination process, thus preventing the injection of code and/or data, particularly from or into user-mode processes. To prevent inter-process memory copying, some embodiments hook a native OS function carrying out such copy operations. A subsequent call to the hooked function may either carry out or block the requested copy operation, according to a set of decision criteria based on the identity of the source process and/or the identity of the destination process. |
申请公布号 |
US2015379265(A1) |
申请公布日期 |
2015.12.31 |
申请号 |
US201414318719 |
申请日期 |
2014.06.30 |
申请人 |
Bitdefender IPR Management Ltd. |
发明人 |
LUTAS Andrei V.;LUKACS Sandor |
分类号 |
G06F21/56;G06F9/455 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A host system comprising a hardware processor configured to operate:
a virtual machine comprising a virtualized processor, the virtual machine configured to employ the virtualized processor to execute a source process and a destination process; and a memory introspection engine executing outside the virtual machine and configured to:
intercept an attempt to copy a content of memory from a virtual memory space of the source process to a virtual memory space of the destination process;identify the source and destination processes according to the attempt; andin response to identifying the source and destination process, selectively block the attempt according to a selection criterion determined according to at least one member of a group consisting of an identity of the source process and an identity of the destination process. |
地址 |
Nicosia CY |