Patent · US Active

Method and apparatus for SYSRET monitoring of system interactions

US9733976B2 · kind B2 · utility

2Cited by

0References

20Claims

0Family size

Assignee

Barkly Protects, Inc. · US

Inventors

Kirk R. Swidowski · Manteca, US
Ryan Berg · Austin, US
Stephen C. Carlucci · Lunenburg, US
John J. Danahy · Bow, US

Key dates

Filing date	Oct 3, 2016
Grant date	Aug 15, 2017
Priority date	—
Expiry date	Oct 3, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2009/45591
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured. Sysret monitoring means intercepts calls to a sysret instruction, executes sysret monitoring operations, and subsequently returns execution to an application running on the computer.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.