METHOD AND APPARATUS FOR ENFORCING A MANDATORY SECURITY POLICY ON AN OPERATING SYSTEM (OS) INDEPENDENT ANTI-VIRUS (AV) SCANNER
First Claim
1. In a computing system having a loader and a fault handler, a method of enforcing a security policy on an operating system (OS) independent antivirus (AV) application running in a guest OS comprising:
- specifying, by the AV application, a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest;
verifying, by the loader, the fault handler code image and the fault handler manifest;
creating, by the loader, a first security domain having a first security level, copying the fault handler code image to memory associated with the first security domain, and initiating execution of the fault handler;
requesting, by the loader, to lock memory pages in the guest OS that are reserved for the AV application;
locking, by the fault handler, the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory pages;
measuring, by the loader, AV application memory and comparing the measurement to the AV application manifest; and
promoting, by the loader, the AV application to the first security domain when the AV application is successfully verified by the measuring and comparing step.
1 Assignment
0 Petitions
Accused Products
Abstract
An antivirus (AV) application specifies a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest. A loader verifies the fault handler code image and the fault handler manifest, creates a first security domain having a first security level, copies the fault handler code image to memory associated with the first security domain, and initiates execution of the fault handler. The loader requests the locking of memory pages in the guest OS that are reserved for the AV application. The fault handler locks the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory.
-
Citations
25 Claims
-
1. In a computing system having a loader and a fault handler, a method of enforcing a security policy on an operating system (OS) independent antivirus (AV) application running in a guest OS comprising:
-
specifying, by the AV application, a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest; verifying, by the loader, the fault handler code image and the fault handler manifest; creating, by the loader, a first security domain having a first security level, copying the fault handler code image to memory associated with the first security domain, and initiating execution of the fault handler; requesting, by the loader, to lock memory pages in the guest OS that are reserved for the AV application; locking, by the fault handler, the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory pages; measuring, by the loader, AV application memory and comparing the measurement to the AV application manifest; and promoting, by the loader, the AV application to the first security domain when the AV application is successfully verified by the measuring and comparing step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 24, 25)
-
-
10. A computer-readable medium comprising one or more instructions that when executed on a processor of a computing system having a loader and a fault handler configure the processor to perform one or more operations to
specify, by an antivirus (AV) application, a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest; -
verify, by the loader, the fault handler code image and the fault handler manifest; create, by the loader, a first security domain having a first security level, copying the fault handler code image to memory associated with the first security domain, and initiating execution of the fault handler; request, by the loader, to lock memory pages in the guest OS that are reserved for the AV application; lock, by the fault handler, the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory pages; measure, by the loader, AV application memory and comparing the measurement to the AV application manifest; and promote, by the loader, the AV application to the first security domain when the AV application is successfully verified by the measuring and comparing step. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computing system comprising:
-
a processor to execute instructions to enforce a security policy for the computing system, the processor including resource manager logic to control access to a plurality of security domains; an execution container including a loader and a fault handler; and a guest operating system (OS) including an antivirus (AV) application; wherein the AV application is to specify a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest; wherein the loader is to verify the fault handler code image and the fault handler manifest, to create a first security domain having a first security level, copy the fault handler code image to memory associated with the first security domain, initiate execution of the fault handler by the processor, and request to lock memory pages in the guest OS that are reserved for the AV application; wherein the fault handler is to lock the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory pages; and wherein the loader is to measure AV application memory, to compare the measurement to the AV application manifest, and to promote the AV application to the first security domain when the AV application is successfully verified by the measuring and comparing step. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification