Patent · US Active

Method and apparatus for hypervisor based monitoring of system interactions

US10198280B2 · kind B2 · utility

0Cited by

2References

10Claims

0Family size

Assignee

Barkly Protects, Inc. · US

Inventors

Kirk R. Swidowski · Manteca, US
Ryan Berg · Austin, US
Stephen C. Carlucci · Lunenburg, US
John J. Danahy · Bow, US

Key dates

Filing date	Mar 14, 2016
Grant date	Feb 5, 2019
Priority date	—
Expiry date	Apr 28, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2009/45591
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.