MICRO-VIRTUALIZATION ARCHITECTURE FOR THREAT-AWARE MICROVISOR DEPLOYMENT IN A NODE OF A NETWORK ENVIRONMENT

摘要

A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

主权项

1. A system comprising:
a central processing unit (CPU) adapted to execute a virtual machine monitor (VMM) and a microvisor; and a memory coupled to the CPU and organized to store the VMM and microvisor as a micro-virtualization architecture having a user space and a kernel space, wherein the VMM executes in the user space of the architecture and the microvisor executes in the kernel space of the architecture, the microvisor configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources of the system and the VMM configured to execute at a highest privilege level of the microvisor.