| 发明名称 |
Systems and Methods Involving Aspects of Hardware Virtualization Such as Hypervisor, Detection and Interception of Code or Instruction Execution Including API Calls, and/or Other Features |
| 摘要 |
Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or memory access. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a instruction execution detection/interception mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it). The instruction execution detection/interception mechanism may perform processing, inter alia, for detection and/or notification of, and actions upon by a monitoring guest, code execution by a monitored guest involving predetermined physical memory locations, such as API calls. Such actions may include interception of API calls within the monitored guest and simulation thereof by the monitoring guest or another authorized guest. |
| 申请公布号 |
US2015334126(A1) |
申请公布日期 |
2015.11.19 |
| 申请号 |
US201514714241 |
申请日期 |
2015.05.15 |
| 申请人 |
Lynx Software Technologies, Inc. |
发明人 |
Mooring Edward T.;HOWARD Craig |
| 分类号 |
H04L29/06;G06F9/455 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for processing information securely, the method comprising:
partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains; providing a dedicated virtualization assistance layer (dedicated VAL) including a virtual representation of the hardware platform that is a virtual machine in each of the guest operating system virtual machine protection domains such that the dedicated VAL security processing is not performed in the separation kernel hypervisor; processing the virtual machine via another guest; hosting at least one detection mechanism that executes within the virtual hardware platform in each of the plurality of guest operating system virtual machine protection domains via the separation kernel hypervisor; upon detection of suspect behavior, securely transitioning execution to the detection mechanism within the dedicated VAL in a manner isolated from the guest operating system; securely determining, via the detection mechanism, a policy decision regarding the suspect behavior; and transitioning execution back to the separation kernel hypervisor to continue processing regarding enforcement of or taking action in connection with the policy decision. |
| 地址 |
San Jose CA US |
