Threat-aware architecture
First Claim
1. A system comprising:
- a central processing unit (CPU);
a memory configured to store, for execution by the CPU, a process, an operating system kernel, a virtual machine monitor (VMM) and a virtualization module,wherein the virtualization module is configured to communicate with the VMM, the virtualization module being further configured to execute at a privilege level of the CPU to control access permissions to a plurality of kernel resources accessible by the process,wherein the VMM is configured to execute at a first privilege level of the virtualization module to expose one or more of the plurality of kernel resources to the operating system kernel, the operating system kernel being configured to execute at a second privilege level lower than the first privilege level of the virtualization module, the VMM being configured to instantiate a virtual machine including the operating system kernel, wherein access to the plurality of kernel resources is controlled by the VMM among the virtual machine.
5 Assignments
0 Petitions
Accused Products
Abstract
An architecture deployed to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system (OS) processes executed by a central processing unit (CPU). The architecture features memory configured to store a process, an OS kernel, a VMM and a virtualization module. The virtualization module is configured to communicate with the VMM and execute, at a privilege level of the CPU, to control access permissions to kernel resources accessible by the process. The VMM is configured to execute at a first privilege level of the virtualization module to expose the kernel resources to the OS kernel. The OS kernel is configured to execute at a second privilege level lower than the first privilege level of the virtualization module. The VMM is further configured to instantiate a virtual machine containing the OS kernel, where access to the kernel resources is controlled by the VMM and the virtual machine.
780 Citations
28 Claims
-
1. A system comprising:
-
a central processing unit (CPU); a memory configured to store, for execution by the CPU, a process, an operating system kernel, a virtual machine monitor (VMM) and a virtualization module, wherein the virtualization module is configured to communicate with the VMM, the virtualization module being further configured to execute at a privilege level of the CPU to control access permissions to a plurality of kernel resources accessible by the process, wherein the VMM is configured to execute at a first privilege level of the virtualization module to expose one or more of the plurality of kernel resources to the operating system kernel, the operating system kernel being configured to execute at a second privilege level lower than the first privilege level of the virtualization module, the VMM being configured to instantiate a virtual machine including the operating system kernel, wherein access to the plurality of kernel resources is controlled by the VMM among the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27, 28)
-
-
13. A method comprising:
-
storing a process, an instance of an operating system kernel, a virtual machine monitor (VMM) and a virtualization module in a memory coupled to a central processing unit (CPU); executing the virtualization module at a first privilege level of the CPU to control access permissions to a plurality of kernel resources accessible by the process; executing the VMM at a first level of the virtualization module to expose the plurality of kernel resources to the operating system kernel; executing the operating system kernel at a second privilege level lower than the first privilege level of the virtualization module; instantiating a first virtual machine containing the operating system kernel; instantiating a second virtual machine including the process; and controlling access to the plurality of kernel resources among the first virtual machine and the second virtual machine. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable media containing instructions that, when executed by a central processing unit (CPU), perform operations comprising:
-
storing a process, an instance of an operating system kernel, a virtual machine monitor (VMM) and a virtualization module in a memory coupled to the CPU, wherein the virtualization module being executed at a first privilege level of the CPU to control access permissions to a plurality of kernel resources accessible by the process, the VMM being executed at a first level of the virtualization module to expose the plurality of kernel resources to the operating system kernel, and the operating system kernel being executed at a second privilege level lower than the first privilege level of the virtualization module; instantiating a first virtual machine containing the operating system kernel; instantiating a second virtual machine including the process; and controlling access to the plurality of kernel resources among the first virtual machine and the second virtual machine. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
Specification