MICRO-VIRTUALIZATION ARCHITECTURE FOR THREAT-AWARE MICROVISOR DEPLOYMENT IN A NODE OF A NETWORK ENVIRONMENT
First Claim
1. A system comprising:
- a central processing unit (CPU) adapted to execute a virtual machine monitor (VMM) and a microvisor; and
a memory coupled to the CPU and organized to store the VMM and microvisor as a micro-virtualization architecture having a user space and a kernel space, wherein the VMM executes in the user space of the architecture and the microvisor executes in the kernel space of the architecture, the microvisor configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources of the system and the VMM configured to execute at a highest privilege level of the microvisor.
5 Assignments
0 Petitions
Accused Products
Abstract
A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.
172 Citations
24 Claims
-
1. A system comprising:
-
a central processing unit (CPU) adapted to execute a virtual machine monitor (VMM) and a microvisor; and a memory coupled to the CPU and organized to store the VMM and microvisor as a micro-virtualization architecture having a user space and a kernel space, wherein the VMM executes in the user space of the architecture and the microvisor executes in the kernel space of the architecture, the microvisor configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources of the system and the VMM configured to execute at a highest privilege level of the microvisor. - View Dependent Claims (2, 3)
-
-
4. A system comprising:
-
a central processing unit (CPU) adapted to execute a process, an operating system kernel, a virtual machine monitor (VMM) and a microvisor; a memory configured to store the process, the operating system kernel, the VMM and the microvisor as a micro-virtualization architecture that organizes the memory as a user space and a kernel space, wherein the process, the operating system kernel and the VMM execute in the user space of the architecture, and wherein the microvisor executes in the kernel space of the architecture, the microvisor disposed beneath the operating system kernel and configured to communicate with the VMM over a privileged interface, the microvisor further configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources accessible by the process, and the VMM configured to execute at a highest privilege level of the microvisor to expose the kernel resources to the operating system kernel, the operating system kernel configured to execute at a privilege level lower than the highest privilege level of the microvisor. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
storing a process, an operating system kernel, a virtual machine monitor (VMM) and a microvisor in a memory coupled to a central processing unit (CPU) of a node in a computer network; organizing the memory as a user space and a kernel space of a micro-virtualization rchitecture; executing the microvisor in the kernel space of the architecture and at a highest privilege level of the CPU to control access permissions to kernel resources accessible by the process; executing the VMM in the user space of the architecture and at a highest privilege level of the microvisor to expose the kernel resources to the operating system kernel; and executing the operating system kernel in the user space of the architecture and at a privilege level lower than the highest privilege level of the microvisor. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A system comprising:
-
a central processing unit (CPU) adapted to execute a user mode process, an operating system kernel, a type 0 virtual machine monitor (VMM 0) and a microvisor; a memory configured to store the user mode process, the operating system kernel, the VMM 0 and the microvisor as a micro-virtualization architecture that organizes the memory as a user space and a kernel space, wherein the user mode process, the operating system kernel and the VMM 0 execute in the user space of the architecture, and wherein the microvisor executes in the kernel space of the architecture, the microvisor disposed beneath the operating system kernel and configured to communicate with the VMM 0 over a privileged interface, the microvisor further configured to execute at a highest privilege level of the CPU to control access permissions to kernel resources accessible by the user mode process, the VMM 0 including instrumentation logic configured to analyze a system call issued by the process to invoke services of the operating system kernel that include accesses to the kernel resources, the VMM 0 configured to execute at a highest privilege level of the microvisor to expose the kernel resources to the operating system kernel, and the operating system kernel including an operating system specific VMM extension adapted to communicate with the VMM 0, the operating system kernel configured to execute at a privilege level lower than the highest privilege level of the microvisor.
-
-
24. A computer readable media containing instructions for execution on a processor for a method comprising:
-
storing a process, an operating system kernel, a virtual machine monitor (VMM) and a microvisor in a memory coupled to a central processing unit (CPU) of a node in a computer network; organizing the memory as a user space and a kernel space of a micro-virtualization architecture; executing the microvisor in the kernel space of the architecture and at a highest privilege level of the CPU to control access permissions to kernel resources accessible by the process; executing the VMM in the user space of the architecture and at a highest privilege level of the microvisor to expose the kernel resources to the operating system kernel; and executing the operating system kernel in the user space of the architecture and at a privilege level lower than the highest privilege level of the microvisor.
-
Specification