SYSTEM AND METHOD FOR SECURING AN INPUT/OUTPUT PATH OF AN APPLICATION AGAINST MALWARE WITH A BELOW-OPERATING SYSTEM SECURITY AGENT
First Claim
1. A method for securing an electronic device, comprising:
- trapping, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an I/O operation to the I/O device by an application;
in response to trapping the I/O operation, intercepting, at a level below all of the operating systems of the electronic device accessing the I/O device, original content of the I/O operation;
modifying and replacing, at a level below all of the operating systems of the electronic device accessing the I/O device, the original content of the I/O operation with modified content for transmission via an application I/O path of the I/O operation;
intercepting, at a level below all of the operating systems of the electronic device accessing the I/O device, the modified content after transmission via the application I/O path; and
analyzing, at a level below all of the operating systems of the electronic device accessing the I/O device, the intercepted modified content to determine if the modified content was affected by malware during transmission via the application I/O path.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for securing an electronic device may include a memory, a processor, one or more operating systems residing in the memory for execution by the processor, an input-output (I/O) device of the electronic device coupled to the operating system; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the I/O device. The security agent may be further configured to: (i) trap, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an attempted access of a facility for I/O operation with the I/O device; and (ii) using one or more security rules, analyze the attempted access to determine whether the attempted access is indicative of malware.
-
Citations
30 Claims
-
1. A method for securing an electronic device, comprising:
-
trapping, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an I/O operation to the I/O device by an application; in response to trapping the I/O operation, intercepting, at a level below all of the operating systems of the electronic device accessing the I/O device, original content of the I/O operation; modifying and replacing, at a level below all of the operating systems of the electronic device accessing the I/O device, the original content of the I/O operation with modified content for transmission via an application I/O path of the I/O operation; intercepting, at a level below all of the operating systems of the electronic device accessing the I/O device, the modified content after transmission via the application I/O path; and analyzing, at a level below all of the operating systems of the electronic device accessing the I/O device, the intercepted modified content to determine if the modified content was affected by malware during transmission via the application I/O path. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securing an electronic device, comprising:
-
a memory; a processor; one or more operating systems residing in the memory for execution by the processor; an input-output (I/O) device of the electronic device coupled to the operating system; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the I/O device, the security agent further configured to; trap an I/O operation to a device by an application; in response to trapping the I/O operation, intercept original content of the I/O operation; modify and replace the original content of the I/O operation with modified content for transmission via an application I/O path of the I/O operation; intercept the modified content after transmission via the application I/O path; and analyze the intercepted modified content to determine if the modified content was affected by malware during transmission via the application I/O path. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device; trap an I/O operation to the I/O device by an application; in response to trapping the I/O operation, intercept original content of the I/O operation; modify and replace the original content of the I/O operation with modified content for transmission via an application I/O path of the I/O operation; intercept the modified content after transmission via the application I/O path; and analyze the intercepted modified content to determine if the modified content was affected by malware during transmission via the application I/O path. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for securing an electronic device, comprising:
-
trapping, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an attempted access of a facility for I/O operation with the I/O device; and using one or more security rules, analyzing the attempted access to determine whether the attempted access is indicative of malware. - View Dependent Claims (23, 24)
-
-
25. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device; trap, at a level below all of the operating systems of the electronic device accessing the input/output (I/O) device, an attempted access of a facility for I/O operation with the I/O device; and using one or more security rules, analyze the attempted access to determine whether the attempted access is indicative of malware. - View Dependent Claims (26, 27)
-
-
28. A system for securing an electronic device, comprising:
-
a memory; a processor; one or more operating systems residing in the memory for execution by the processor; an input-output (I/O) device of the electronic device coupled to the operating system; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the I/O device, the security agent further configured to; trap, at a level below all of the operating systems of the electronic device accessing an input/output (I/O) device, an attempted access of a facility for I/O operation with the I/O device; and using one or more security rules, analyze the attempted access to determine whether the attempted access is indicative of malware. - View Dependent Claims (29, 30)
-
Specification