×

System and method for malware protection using virtualization

  • US 8,099,596 B1
  • Filed: 06/30/2011
  • Issued: 01/17/2012
  • Est. Priority Date: 06/30/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method for protecting applications deployed on a host computer, the method comprising:

  • intercepting, at kernel level of the host computer, system calls addressed to an object of a protected application deployed on the host computer;

    determining if there is a security rule associated with one or more of the intercepted system call, the object of the protected application, and the actions allowed on the object of the protected application, wherein the security rule indicates at least whether the system call is allowed to be executed or not allowed to be executed on the host computer;

    if there is a security rule indicating that the system call is allowed to be executed on the host computer, executing the system call on the host computer;

    if there is a security rule indicating that the system call is not allowed to be executed on the host computer, blocking execution of the system call on the host computer;

    if there is no security rule associated with the system call, executing the system call in a secure execution environment using a virtual copy of the object of the protected application;

    analyzing whether changes to the virtual copy of the object of the protected application present any security threat to the application, application data, or the host computer;

    if the changes to the virtual copy of the object do not present any security threat, applying the changes to the real object in the host computer; and

    if the changes to the virtual copy of the object present a security threat, blocking execution of the system call on the host computer.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×