CENTRALIZED KERNAL MODULE LOADING
First Claim
1. A method, implemented by a computing system programmed to perform the following, comprising:
- detecting a kernel module load event to load a kernel module into a kernel of a client;
upon detection of the kernel module load event, computing a cryptographic hash of the kernel module;
sending the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash;
receiving a response from the access control server to permit or deny the kernel module load event; and
permitting or denying the kernel module load event based on the response.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for centralized kernel module loading are described. In one embodiment, a computing system detects a kernel module load event to load a kernel module into a kernel of a client. Upon detection of the kernel module load event, the computing system computes a cryptographic hash of the kernel module, and sends the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash. The computing system receives a response from the access control server to permit or deny the kernel module load event, and permits or denies the kernel module load event based on the response.
39 Citations
25 Claims
-
1. A method, implemented by a computing system programmed to perform the following, comprising:
-
detecting a kernel module load event to load a kernel module into a kernel of a client; upon detection of the kernel module load event, computing a cryptographic hash of the kernel module; sending the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash; receiving a response from the access control server to permit or deny the kernel module load event; and permitting or denying the kernel module load event based on the response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium including instructions that, when executed by a computing system, cause the computing system to perform a method comprising:
-
detecting a kernel module load event to load a kernel module into a kernel of a client; upon detection of the kernel module load event, computing a cryptographic hash of the kernel module; sending the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash; receiving a response from the access control server to permit or deny the kernel module load event; and permitting or denying the kernel module load event based on the response. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computing system, comprising:
-
a data storage device; and a processing device, coupled to the data storage device, to; detect a kernel module load event to load a kernel module into a kernel of a client; compute a cryptographic hash of the kernel module upon detection of the kernel module load event; send the cryptographic hash to an access control server to verify whether the cryptographic hash is a permitted hash; receive a response from the access control server to permit or deny the kernel module load event; and permit or deny the kernel module load event based on the response. - View Dependent Claims (24, 25)
-
Specification