System and method for critical address space protection in a hypervisor environment
First Claim
1. A method comprising:
- detecting an access attempt to a critical address space (CAS) of a guest operating system (OS) in a hypervisor environment comprising a hypervisor, wherein address space layout randomization (ASLR) is implemented by the guest OS;
identifying a process attempting the access; and
taking an action if the process is not permitted to access the CAS.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method in one embodiment includes modules for detecting an access attempt to a critical address space (CAS) of a guest operating system (OS) that has implemented address space layout randomization in a hypervisor environment, identifying a process attempting the access, and taking an action if the process is not permitted to access the CAS. The action can be selected from: reporting the access to a management console of the hypervisor, providing a recommendation to the guest OS, and automatically taking an action within the guest OS. Other embodiments include identifying a machine address corresponding to the CAS by forcing a page fault in the guest OS, resolving a guest physical address from a guest virtual address corresponding to the CAS, and mapping the machine address to the guest physical address.
273 Citations
20 Claims
-
1. A method comprising:
-
detecting an access attempt to a critical address space (CAS) of a guest operating system (OS) in a hypervisor environment comprising a hypervisor, wherein address space layout randomization (ASLR) is implemented by the guest OS; identifying a process attempting the access; and taking an action if the process is not permitted to access the CAS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a memory element configured to store data; and a computing processor operable to execute instructions associated with the data; a hypervisor; and an agent residing in a guest operating system (OS), such that the apparatus is configured for; detecting an access attempt to a critical address space (CAS) of the guest OS in a hypervisor environment comprising the hypervisor, wherein address space layout randomization (ASLR) is implemented by the guest OS; identifying a process attempting the access; and taking an action if the process is not permitted to access the CAS. - View Dependent Claims (11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
detecting an access attempt to a critical address space (CAS) of a guest operating system (OS) in a hypervisor environment comprising a hypervisor, wherein address space layout randomization (ASLR) is implemented by the guest OS; identifying a process attempting the access; and taking an action if the process is not permitted to access the CAS. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification