Simulated computer system for monitoring of software performance
First Claim
1. A simulated virtual computer system for testing the performance of a program, said virtual computer system executing on a real computer system, the virtual computer system comprising:
- a CPU emulation module;
a first plurality of software modules that simulate hardware devices in the virtual computer system;
a second plurality of software modules that simulate software executing in the CPU emulation module in the virtual computer system; and
a system kernel module that manages the virtual computer system environment, wherein the program to be tested is executed in the virtual computer system, and wherein the system kernel logs accesses to the resources simulated by the first and second plurality of software modules.
9 Assignments
0 Petitions
Accused Products
Abstract
A system S is defined which is capable of simulating a computer (virtual computer, VC) for the purpose of software performance monitoring. The system is implemented as a set of software modules (SM) that can be exchanged to change the behavior of the VC. The VC is driven by a CPU emulator, and can run any operating system (virtual operating system, VOS) that is supported by the available SM'"'"'s. The system is designed to log accesses to system resources and the nature of these accesses. The system is particularly useful for determining whether an executable or file contains an unknown virus, with a very low risk of false positives. Detected viruses include encrypted, polymorphic, metamorphic and other virus types.
-
Citations
15 Claims
-
1. A simulated virtual computer system for testing the performance of a program, said virtual computer system executing on a real computer system, the virtual computer system comprising:
-
a CPU emulation module;
a first plurality of software modules that simulate hardware devices in the virtual computer system;
a second plurality of software modules that simulate software executing in the CPU emulation module in the virtual computer system; and
a system kernel module that manages the virtual computer system environment, wherein the program to be tested is executed in the virtual computer system, and wherein the system kernel logs accesses to the resources simulated by the first and second plurality of software modules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of testing a program in a virtual environment to determine whether the program includes damaging software or a virus, the method comprising:
-
providing a virtual computer system in a real computer system, the virtual computer system including software modules for simulating resources including hardware devices and software;
executing a program under test, Ptest, in the virtual computer system until a stop condition occurs; and
determining whether a simulated resource has been written to or accessed, and if so, reassigning Ptest to be at least a portion of a simulated resource that was written to or accessed, and thereafter re-executing Ptest in the virtual computer system until a stop condition occurs; and
determining whether re-execution of Ptest causes a similar action or whether the virtual computer is unbootable, wherein if both steps of determining show the same or a similar result, the program under test is identified as including a virus, wherein if the virtual computer is unbootable upon re-execution, the program under test is identified as including damaging software, and wherein otherwise the program under test is identified as not containing damaging software or a virus. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification