System and method for securing access to system calls
First Claim
1. A system for securing access to system calls, comprising:
- a memory;
a first operating system configured to execute on an electronic device, the first operating system included in one or more operating systems on the electronic device;
a below-operating-system security agent configured to;
identify one or more resources associated with a system call for which attempted accesses will be trapped;
trap, at a level below all operating systems of the electronic device, an attempted access of the one or more resources that originates from an operational level of the first operating system;
access one or more security rules to determine, at a level below all operating systems of the electronic device, whether the attempted access is authorized; and
operate at a level below all operating systems of the electronic device;
wherein;
the trapped attempt is an attempted execution of a system call function of the first operating system, the system call function indexed by a system call table;
the below-operating system security agent is further configured to;
determine that the attempted execution of the system call function was made without accessing the indexing of the system call table; and
based upon a determination that the attempted execution of the system call function was made without accessing the indexing of the system call table, deny the attempted execution.
10 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a system for securing access to system calls includes a memory, an operating system configured to execute on an electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources associated with a system call for which attempted accesses will be trapped, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is authorized, and operate at a level below all of the operating systems of the electronic device accessing the one or more resources associated with a system call.
-
Citations
30 Claims
-
1. A system for securing access to system calls, comprising:
-
a memory; a first operating system configured to execute on an electronic device, the first operating system included in one or more operating systems on the electronic device; a below-operating-system security agent configured to; identify one or more resources associated with a system call for which attempted accesses will be trapped; trap, at a level below all operating systems of the electronic device, an attempted access of the one or more resources that originates from an operational level of the first operating system; access one or more security rules to determine, at a level below all operating systems of the electronic device, whether the attempted access is authorized; and operate at a level below all operating systems of the electronic device; wherein; the trapped attempt is an attempted execution of a system call function of the first operating system, the system call function indexed by a system call table; the below-operating system security agent is further configured to; determine that the attempted execution of the system call function was made without accessing the indexing of the system call table; and based upon a determination that the attempted execution of the system call function was made without accessing the indexing of the system call table, deny the attempted execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for securing access to system calls, comprising:
-
identifying one or more resources associated with a system call for which attempted accesses will be trapped; trapping an attempted access of the one or more resources that originates from an operational level of a first operating system executing on an electronic device, the first operating system included in one or more operating systems on the electronic device; and accessing one or more security rules to determine whether the attempted access is authorized; wherein; the trapping of the attempted access and determining whether the attempted access is authorized is conducted at a level below all operating systems of the electronic device; the trapped attempt is an attempted execution of a system call function of the first operating system, the system call function indexed by a system call table; the method further comprises; determining that the attempted execution of the system call function was made without accessing the indexing of the system call table; and based upon a determination that the attempted execution of the system call function was made without accessing the indexing of the system call table, denying the attempted execution. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An article of manufacture, comprising:
-
a non-transitory computer readable medium; and computer-executable instructions carried on the non-transitory computer readable medium, the instructions readable by a processor, the instructions, when read and executed, cause the processor to; identify one or more resources associated with a system call for which attempted accesses will be trapped; trap an attempted access of the one or more resources that originates from an operational level of a first operating system executing on an electronic device, the first operating system included in one or more operating systems on the electronic device; and access one or more security rules to determine whether the attempted access is authorized; wherein; the trapped attempt is an attempted execution of a system call function of the first operating system, the system call function indexed by a system call table; the processor is configured to; conduct the trapping of the attempted access and determining whether the attempted access is authorized at a level below all operating systems of the electronic device; determine that the attempted execution of the system call function was made without accessing the indexing of the system call table; and based upon a determination that the attempted execution of the system call function was made without accessing the indexing of the system call table, deny the attempted execution. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification