System and method for handling an event in a computer system
First Claim
1. A system for handling an event in a computer system which has a kernel-mode and a user-mode, the system comprising:
- at least one computing device configured to(a) run a user-mode software application operative to issue a request for a suspension of an occurrence of the event in the kernel-mode,(b) run a first kernel-mode software module operable to use the request in order to activate a second kernel-mode software module operable to effect suspension of a class of events that comprises the event,(c) suspend an occurrence of the event in the kernel-mode of an operating system running on said computing device,(d) cause the event to occur in the user-mode of the operating system,(e) determine if an occurrence of the event in the kernel-mode will compromise the computer system by analyzing the occurrence of the event in the user-mode, and(f) execute at least one security measure if it is determined that the occurrence of the event in the kernel-mode will compromise the computer system;
wherein the first kernel-mode software module is further operable to issue an indication that the suspension has been effected, and the user-mode software application is further operable to use the indication in effecting the occurrence of the event in the user-mode.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems for handling an event in a computer system which has a kernel-mode and a user-mode. The systems comprise at least one computing device. The computing device is configured to suspend an occurrence of the event in the kernel-mode of an operating system running thereon. The computing device is also configured to cause the event to occur in the user-mode of the operating system. The computing device is further configured to determine if an occurrence of the event in the kernel-mode will compromise the computer system by analyzing the occurrence of the event in the user-mode. If it is determined that the occurrence of the event in the kernel-mode will compromise the computer system, then the computing device executes at least one security measure.
35 Citations
13 Claims
-
1. A system for handling an event in a computer system which has a kernel-mode and a user-mode, the system comprising:
-
at least one computing device configured to (a) run a user-mode software application operative to issue a request for a suspension of an occurrence of the event in the kernel-mode, (b) run a first kernel-mode software module operable to use the request in order to activate a second kernel-mode software module operable to effect suspension of a class of events that comprises the event, (c) suspend an occurrence of the event in the kernel-mode of an operating system running on said computing device, (d) cause the event to occur in the user-mode of the operating system, (e) determine if an occurrence of the event in the kernel-mode will compromise the computer system by analyzing the occurrence of the event in the user-mode, and (f) execute at least one security measure if it is determined that the occurrence of the event in the kernel-mode will compromise the computer system; wherein the first kernel-mode software module is further operable to issue an indication that the suspension has been effected, and the user-mode software application is further operable to use the indication in effecting the occurrence of the event in the user-mode. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of handling an event in a computer system which has a kernel-mode and a user-mode, the method comprising the following steps performed by at least one computing device:
-
issuing a request for a suspension of an occurrence of the event in the kernel-mode; using the request in order to activate a kernel-mode software module that is operable to effect suspension of a class of events that comprises the event; effecting the suspension of the occurrence of the event in the kernel-mode of the operating system running on the computer system; issuing an indication that the suspension has been effected; effecting the occurrence of the event in the user-mode of the operating, system using the indication; determining if an occurrence of the event in the kernel-mode will compromise the computer system by analyzing the occurrence of the event in the user-mode; and executing at least one security measure if it is determined that the occurrence of the event in the kernel-mode will compromise the computer system; wherein the step of executing at least one security measure further comprises influencing an operation of the computer system based on the occurrence of the event in the user-mode; and wherein the operation of the computer system is influenced by preventing the event from occurring in the kernel-mode. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification