| 发明名称 | System and method for securing access to system calls | ||
| 摘要 | In one embodiment, a system for securing access to system calls includes a memory, an operating system configured to execute on an electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources associated with a system call for which attempted accesses will be trapped, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is authorized, and operate at a level below all of the operating systems of the electronic device accessing the one or more resources associated with a system call. | ||
| 申请公布号 | US8863283(B2) | 申请公布日期 | 2014.10.14 |
| 申请号 | US201113077305 | 申请日期 | 2011.03.31 |
| 申请人 | McAfee, Inc. | 发明人 | Sallam Ahmed Said |
| 分类号 | G06F11/00;G06F21/52;G06F21/55 | 主分类号 | G06F11/00 |
| 代理机构 | Baker Botts L.L.P. | 代理人 | Baker Botts L.L.P. |
| 主权项 | 1. A system for securing access to system calls, comprising: a memory; a first operating system configured to execute on an electronic device, the first operating system included in one or more operating systems on the electronic device; a below-operating-system security agent configured to: identify one or more resources associated with a system call for which attempted accesses will be trapped;trap, at a level below all operating systems of the electronic device, an attempted access of the one or more resources that originates from an operational level of the first operating system;access one or more security rules to determine, at a level below all operating systems of the electronic device, whether the attempted access is authorized; andoperate at a level below all operating systems of the electronic device; wherein: the trapped attempt is an attempted execution of a system call function of the first operating system, the system call function indexed by a system call table;the below-operating system security agent is further configured to: determine that the attempted execution of the system call function was made without accessing the indexing of the system call table; andbased upon a determination that the attempted execution of the system call function was made without accessing the indexing of the system call table, deny the attempted execution. | ||
| 地址 | Santa Clara CA US | ||