发明名称 |
System and method for enforcing security policies in a virtual environment |
摘要 |
A method in one example implementation includes intercepting a request associated with an execution of an object (e.g., a kernel module or a binary) in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary. |
申请公布号 |
US8869265(B2) |
申请公布日期 |
2014.10.21 |
申请号 |
US201213723445 |
申请日期 |
2012.12.21 |
申请人 |
McAfee, Inc. |
发明人 |
Dang Amit;Mohinder Preet |
分类号 |
G06F21/12;G06F21/62;G06F21/55;G06F9/46;G06F9/455;G06F21/52 |
主分类号 |
G06F21/12 |
代理机构 |
Baker Botts L.L.P. |
代理人 |
Baker Botts L.L.P. |
主权项 |
1. A method, comprising:
intercepting, by a security layer, a request for an execution of an object in a computer wherein the request for the execution is from a user space of a privileged domain; verifying an authorization of the object by linking a particular module into a kernel space associated with the privileged domain, wherein the particular module is configured to compute a checksum for the object, access an inventory of a plurality of stored checksums in a memory element, and compare the checksum to the plurality of stored checksums; and denying the execution of the object if it is not authorized; wherein the security layer is in a kernel of a privileged domain of a computer configured to operate in a virtual machine environment, wherein the privileged domain of the computer manages a virtual machine monitor (VMM) and operates at a higher priority than one or more guest operating systems. |
地址 |
Santa Clara CA US |