×

System and method for enforcing security policies in a virtual environment

  • US 8,381,284 B2
  • Filed: 08/21/2009
  • Issued: 02/19/2013
  • Est. Priority Date: 08/21/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • inserting a security layer in a kernel of a privileged domain of a computer configured to operate in a virtual machine environment, wherein the privileged domain of the computer manages a virtual machine monitor (VMM) and operates logically below one or more guest operating systems;

    storing a snapshot of authorized objects in a user space of the privileged domain;

    intercepting, by the security layer, a request for an execution of an object in the computer wherein the request for the execution is from a user space of the privileged domain;

    verifying an authorization of the object by linking a particular module into a kernel space associated with the privileged domain, wherein the particular module is configured to compute a checksum for the object, access an inventory of a plurality of stored checksums in a memory element, and compare the checksum to the plurality of stored checksums; and

    denying the execution of the object if it is not authorized.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×