Method and system for preventing tampering with software agent in a virtual machine
US9037873B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2013 |
| Grant date | May 19, 2015 |
| Priority date | — |
| Expiry date | Sep 10, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2212/151
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent. By tracking writes to and execution of the respective pages, the monitoring process may determine whether the agent has been modified and whether the agent is still running.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.