System and Method for Enforcing Security Policies in a Virtual Environment
First Claim
1. A method, comprising:
- intercepting a request associated with an execution of an object in a computer configured to operate in a virtual machine environment, wherein the request for the execution is associated with a privileged domain of the computer that operates logically below one or more operating systems;
verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element; and
denying the execution of the object if it is not authorized.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example implementation includes intercepting a request associated with an execution of an object (e.g., a kernel module or a binary) in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary.
196 Citations
20 Claims
-
1. A method, comprising:
-
intercepting a request associated with an execution of an object in a computer configured to operate in a virtual machine environment, wherein the request for the execution is associated with a privileged domain of the computer that operates logically below one or more operating systems; verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element; and denying the execution of the object if it is not authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Logic encoded in one or more tangible media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
intercepting a request associated with an execution of an object in a computer configured to operate in a virtual machine environment, wherein the request for the execution is associated with a privileged domain of the computer that operates logically below one or more operating systems; verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element; and denying the execution of the object if it is not authorized. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a virtual machine element; a memory element configured to store data; and a processor operable to execute instructions associated with the data, wherein the virtual machine element is configured to; intercept a request associated with an execution of an object in a computer configured to operate in a virtual machine environment, wherein the request for the execution is associated with a privileged domain of the computer that operates logically below one or more operating systems; verify an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in the memory element; and deny the execution of the object if it is not authorized. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification