Integrity Assurance and Rebootless Updating During Runtime
First Claim
1. A computer-implemented method comprising:
- receiving a request associated with an update to a kernel-mode component of a computing device; and
without rebooting the computing device,unloading at least one component of the kernel-mode component, andfollowing the unloading, loading an updated version of that at least one component of the kernel-mode component.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described herein for, without rebooting a computing device, unloading at least a component of a kernel-mode component of the computing device and loading an updated version of the component of the kernel-mode component. The techniques may be performed by an integrity manager associated with the kernel-mode component. The integrity manager may also determine integrity of the kernel-mode component by causing the kernel-mode component to perform an action associated with a known reaction, determining whether the known reaction occurred, and in response, performing a remediation action or notifying a remote security service. Further, the integrity manager may determine whether any computing device lists include representations of components or connections associated with the kernel-mode component. The integrity manager may then remove the representations from the lists or remove the representations from responses to requests for contents of the computing device lists.
46 Citations
25 Claims
-
1. A computer-implemented method comprising:
-
receiving a request associated with an update to a kernel-mode component of a computing device; and without rebooting the computing device, unloading at least one component of the kernel-mode component, and following the unloading, loading an updated version of that at least one component of the kernel-mode component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computing device comprising:
-
a processor; a kernel-mode component configured to be operated by the processor to perform at least one of monitoring, analysis, reporting, or remediation; and an integrity manager configured to be operated by the processor to determine integrity of the kernel-mode component, the determining including determining whether a known reaction occurred responsive to an action of the kernel-mode component or the system, and in response to determining that the known reaction did not occur, performing at least one of a remediation action or notifying a remote security service. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. One or more computer storage media having stored thereon a plurality of executable instructions configured to program a computing device to perform operations comprising:
-
determining whether a computing device list includes a representation of a component or a connection associated with a kernel-mode component of the computing device; and in response to the determining, performing one of; removing the representation of the component or the connection from the computing device list, or removing the representation of the component or the connection from a response to a request for contents of the computing device list. - View Dependent Claims (22, 23, 24, 25)
-
Specification