×

System and method for securing an input/output path of an application against malware with a below-operating system security agent

  • US 8,966,624 B2
  • Filed: 03/31/2011
  • Issued: 02/24/2015
  • Est. Priority Date: 03/31/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method for securing an electronic device, the electronic device including one or more operating systems and an input/output (I/O) device, comprising:

  • trapping, at a level below all of the operating systems of the electronic device, an I/O operation to the I/O device by an application;

    in response to trapping the I/O operation, intercepting, at a level below all of the operating systems of the electronic device, original content of the I/O operation;

    modifying and replacing, at a level below all of the operating systems of the electronic device, the original content of the I/O operation with modified content for transmission via an application I/O path of the I/O operation;

    intercepting, at a level below all of the operating systems of the electronic device, the modified content after transmission via the application I/O path; and

    analyzing, at a level below all of the operating systems of the electronic device, the intercepted modified content to determine whether the modified content was affected by malware during transmission via the application I/O path, wherein determining whether the modified content was affected comprises;

    transmitting the original content in a different path in parallel with the modified content; and

    comparing the intercepted modified content with the modified content to determine whether any differences exist between the intercepted modified content and the modified content, such differences indicating that the modified content was affected by malware.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×