Secure virtualization system software
US9235705B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 19, 2009 |
| Grant date | Jan 12, 2016 |
| Priority date | — |
| Expiry date | Sep 6, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods for protecting a virtualization environment against malware. The methods involve intercepting an event in a kernel mode of the virtualization environment, suspending execution of the event, and transmitting the event to a user mode security module that determines whether the event should be blocked, allowed, or redirected. Events may be intercepted from any level of the virtualization environment, including an interrupt request table, device driver, OS object manager, OS service dispatch table, Portable Execution (P/E) import/export table, or binary code, among others. In one embodiment, an event may trigger a chain of related events, such that interception of an event without first intercepting an expected antecedent event is one indication of malware. The method also involves securing a virtual storage device against unauthorized access and providing for secure communication between guest OS and virtualization environment security modules.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.