Integrity assurance and rebootless updating during runtime
First Claim
1. A computer-implemented method comprising:
- registering, by an integrity manager associated with a kernel-mode component of a computing device, one or more hooks with an operating system of the computing device on behalf of the kernel-mode component;
receiving, by the integrity manager, a request associated with an update to the kernel-mode component of the computing device; and
without rebooting the computing device,initiating, by the integrity manager, unloading of at least one component of the kernel-mode component,following the unloading, logging, by the integrity manager, one or more events associated with the one or more hooks on the computing device,following the logging, initiating, by the integrity manager, loading of an updated version of that at least one component of the kernel-mode component, andfollowing the loading, delivering, by the integrity manager, the logged events to the updated kernel-mode component.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described herein for, without rebooting a computing device, unloading at least a component of a kernel-mode component of the computing device and loading an updated version of the component of the kernel-mode component. The techniques may be performed by an integrity manager associated with the kernel-mode component. The integrity manager may also determine integrity of the kernel-mode component by causing the kernel-mode component to perform an action associated with a known reaction, determining whether the known reaction occurred, and in response, performing a remediation action or notifying a remote security service. Further, the integrity manager may determine whether any computing device lists include representations of components or connections associated with the kernel-mode component. The integrity manager may then remove the representations from the lists or remove the representations from responses to requests for contents of the computing device lists.
107 Citations
22 Claims
-
1. A computer-implemented method comprising:
-
registering, by an integrity manager associated with a kernel-mode component of a computing device, one or more hooks with an operating system of the computing device on behalf of the kernel-mode component; receiving, by the integrity manager, a request associated with an update to the kernel-mode component of the computing device; and without rebooting the computing device, initiating, by the integrity manager, unloading of at least one component of the kernel-mode component, following the unloading, logging, by the integrity manager, one or more events associated with the one or more hooks on the computing device, following the logging, initiating, by the integrity manager, loading of an updated version of that at least one component of the kernel-mode component, and following the loading, delivering, by the integrity manager, the logged events to the updated kernel-mode component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computing device comprising:
-
a processor; and a memory communicatively coupled to the processor and storing a kernel-mode component and an integrity manager associated with the kernel-mode component, wherein the integrity manager is configured to be operated by the processor to perform operations including; registering one or more hooks with an operating system of the computing device on behalf of the kernel-mode component; receiving a request associated with an update to the kernel-mode component; and without rebooting the computing device, initiating unloading of at least one component of the kernel-mode component, following the unloading, logging one or more events associated with the one or more hooks on the computing device, following the logging, initiating loading of an updated version of that at least one component of the kernel-mode component, and following the loading, delivering the logged events to the updated kernel-mode component. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium having stored thereon an integrity manager associated with a kernel-mode component, wherein the integrity manager, when executed by a computing device, causes the computing device to perform operations comprising:
-
registering one or more hooks with an operating system of the computing device on behalf of the kernel-mode component; receiving a request associated with an update to the kernel-mode component; and without rebooting the computing device, initiating unloading of at least one component of the kernel-mode component, following the unloading, logging one or more events associated with the one or more hooks on the computing device, following the logging, initiating loading of an updated version of that at least one component of the kernel-mode component, and following the loading, delivering the logged events to the updated kernel-mode component. - View Dependent Claims (19, 20, 21, 22)
-
Specification