TRUSTED THREAT-AWARE MICROVISOR
First Claim
1. A system comprising:
- a central processing unit (CPU) adapted to execute a module and a trusted microvisor; and
a memory configured to store the trusted microvisor as a trusted computing base (TCB), the trusted microvisor configured to enforce a first security property that prevents alteration of a first state related to the first security property of the trusted microvisor by the module, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor, and wherein the trusted microvisor is configured to generate a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor such that the first instruction is prevented from execution by the microvisor.
7 Assignments
0 Petitions
Accused Products
Abstract
A trusted threat-aware microvisor may be deployed as a module of a trusted computing base (TCB) that also includes a root task module configured to cooperate with the microvisor to load and initialize one or more other modules executing on a node of a network environment. The root task may cooperate with the microvisor to allocate one or more kernel resources of the node to those other modules. As a trusted module of the TCB, the microvisor may be configured to enforce a security policy of the TCB that, e.g., prevents alteration of a state related to security of the microvisor by a module of or external to the TCB. The security policy of the TCB may be implemented by a plurality of security properties of the microvisor. Trusted (or trustedness) may therefore denote a predetermined level of confidence that the security property is demonstrated by the microvisor.
-
Citations
20 Claims
-
1. A system comprising:
-
a central processing unit (CPU) adapted to execute a module and a trusted microvisor; and a memory configured to store the trusted microvisor as a trusted computing base (TCB), the trusted microvisor configured to enforce a first security property that prevents alteration of a first state related to the first security property of the trusted microvisor by the module, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor, and wherein the trusted microvisor is configured to generate a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor such that the first instruction is prevented from execution by the microvisor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
enforcing, by a trusted microvisor executing on an endpoint of a network, a first security property that prevents alteration of a first state related to the first security property of the trusted microvisor by a module, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor; generating, by the trusted microvisor, a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor; and preventing, by the trusted microvisor, execution of the first instruction. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable medium including program instructions for execution on a processor of an endpoint on a network, the program instructions when executed operable to:
-
enforce a first security property that prevents alteration of a first state related to the first security property of a trusted microvisor of the endpoint by a module of the endpoint, wherein trustedness of the trusted microvisor provides a predetermined level of confidence that the first security property is implemented by the trusted microvisor; generate a capability violation in response to the module issuing a first instruction having an argument configured to alter the first state related to the first security property of the trusted microvisor; prevent execution of the first instruction; and spawn a micro-virtual machine (micro-VM) that executes the first instruction, the micro-VM configured to monitor a second instruction that attempts to alter a second state related to the first security property of the trusted microvisor to detect whether the module is classified in a group consisting of malware and exploit.
-
Specification