Patent · US Active

Method and apparatus for hypervisor based monitoring of system interactions

US9589132B2 · kind B2 · utility

2Cited by

0References

12Claims

0Family size

Assignee

Barkly Protects, Inc. · US

Inventors

Kirk R. Swidowski · Manteca, US
Ryan Berg · Austin, US
Stephen C. Carlucci · Lunenburg, US
John J. Danahy · Bow, US

Key dates

Filing date	Apr 11, 2016
Grant date	Mar 7, 2017
Priority date	—
Expiry date	Apr 11, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.