发明名称 |
MICRO-VIRTUALIZATION ARCHITECTURE FOR THREAT-AWARE MICROVISOR DEPLOYMENT IN A NODE OF A NETWORK ENVIRONMENT |
摘要 |
A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor. |
申请公布号 |
US2015199532(A1) |
申请公布日期 |
2015.07.16 |
申请号 |
US201414229626 |
申请日期 |
2014.03.28 |
申请人 |
FireEye, Inc. |
发明人 |
Ismael Osman Abdoul;Aziz Ashar |
分类号 |
G06F21/62;G06F9/455 |
主分类号 |
G06F21/62 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system comprising:
a central processing unit (CPU) adapted to execute a virtual machine monitor (VMM) and a microvisor; and a memory coupled to the CPU and organized to store the VMM and microvisor as a micro-virtualization architecture having a user space and a kernel space, wherein the VMM executes in the user space of the architecture and the microvisor executes in the kernel space of the architecture, the microvisor configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources of the system and the VMM configured to execute at a highest privilege level of the microvisor. |
地址 |
Milpitas CA US |