SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM PROTECTION OF AN OPERATING SYSTEM KERNEL
First Claim
1. A method for securing an electronic device, comprising:
- trapping, at a level below all of the operating systems of an electronic device accessing components of an operating system and a set of drivers, attempted accesses to the components of the operating system and the set of drivers executing on the electronic device;
in response to trapping an attempted access, comparing contextual information associated with the attempted access to the access map; and
determining if the attempted access is trusted based on the comparison;
wherein, the access map is generated by;
trapping, at a level below all of the operating systems of a second electronic device accessing the components of a second operating system and a second set of drivers, accesses to the components of the second operating system and the second set of drivers executing on the second electronic device, wherein the second operating system and the second set of drivers are substantially free of malware; and
in response to trapping the accesses, recording contextual information regarding the accesses to an access map.
10 Assignments
0 Petitions
Accused Products
Abstract
A below-operating system security agent may be configured to: (i) trap attempted accesses to the components of the operating system and the set of drivers executing on the electronic device; (ii) in response to trapping an attempted access, compare contextual information associated with the attempted access to an access map; and (iii) determine if the attempted access is trusted based on the comparison. The access map may be generated by: (i) trapping, at a level below all of the operating systems of a second electronic device accessing components of the second operating system and the second set of drivers executing on the second electronic device and each substantially free of malware, accesses to components of the second operating system and the second set of drivers executing on the second electronic device; and (ii) in response to trapping the accesses, recording contextual information regarding the accesses to the access map.
-
Citations
21 Claims
-
1. A method for securing an electronic device, comprising:
-
trapping, at a level below all of the operating systems of an electronic device accessing components of an operating system and a set of drivers, attempted accesses to the components of the operating system and the set of drivers executing on the electronic device; in response to trapping an attempted access, comparing contextual information associated with the attempted access to the access map; and determining if the attempted access is trusted based on the comparison; wherein, the access map is generated by; trapping, at a level below all of the operating systems of a second electronic device accessing the components of a second operating system and a second set of drivers, accesses to the components of the second operating system and the second set of drivers executing on the second electronic device, wherein the second operating system and the second set of drivers are substantially free of malware; and in response to trapping the accesses, recording contextual information regarding the accesses to an access map. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securing an electronic device, comprising:
-
a memory; a processor; one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing components of an operating system and a set of drivers, and further configured to; trap attempted accesses to the components of the operating system and the set of drivers executing on the electronic device; in response to trapping an attempted access, compare contextual information associated with the attempted access to an access map; and determine if the attempted access is trusted based on the comparison; wherein, the access map is generated by; trapping, at a level below all of the operating systems of a second electronic device accessing components of the second operating system and the second set of drivers executing on the second electronic device, accesses to components of the second operating system and the second set of drivers executing on the second electronic device, wherein the second operating system and the second set of drivers are substantially free of malware; and in response to trapping the accesses, recording contextual information regarding the accesses to the access map. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture, comprising:
-
a computer readable medium; computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when executed, for causing the processor to, at a level below all of the operating systems of an electronic device accessing components of an operating system and a set of drivers executing on the electronic device; trap attempted accesses to the components of an operating system and the set of drivers executing on the electronic device; in response to trapping an attempted access, compare contextual information associated with the attempted access to an access map; and determine if the attempted access is trusted based on the comparison; wherein, the access map is generated by; trapping, at a level below all of the operating systems of a second electronic device accessing components of a second operating system and a second set of drivers executing on the second electronic device, accesses to components of the second operating system and the second set of drivers executing on the second electronic device, wherein the second operating system and the second set of drivers are substantially free of malware; and in response to trapping the accesses, recording contextual information regarding the accesses to the access map. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification