System and method for providing a secured operating system execution environment
First Claim
1. A system, comprising:
- an electronic device comprising a processor and one or more operating systems;
a security agent configured to;
execute at a higher priority than all operating systems of the electronic device;
intercept, at a higher priority than all operating systems of the electronic device, a request to access a resource of the electronic device, the resource including one or more files associated with the security agent;
determine, at a higher priority than all operating systems of the electronic device, whether the request is indicative of malware, including;
utilizing a disk mapping bitmap containing metadata corresponding to the one or more files associated with the security agent to determine that the request is for the one or more files associated with the security agent, the metadata specifying a plurality of sectors on a storage device where each of the one or more files are stored;
determining that the requestor is unauthorized; and
based upon a determination that the request is for the sectors on the storage device specified in the disk mapping bitmap and upon a determination that the requestor is unauthorized, determining that the request is indicative of malware and denying the request;
anda launching module comprising;
a secured launching agent configured to launch the security agent; and
a boot manager configured to boot the secured launching agent before booting the one or more operating systems.
11 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a system for launching a security architecture includes an electronic device comprising a processor and one or more operating systems, a security agent, and a launching module. The launching module comprises a boot manager and a secured launching agent. The boot manager is configured to boot the secured launching agent before booting the operating systems, and the secured launching agent is configured to load a security agent. The security agent is configured to execute at a level below all operating systems of the electronic device, intercept a request to access a resource of the electronic device, the request originating from the operational level of one of one or more operating systems of the electronic device, and determine if a request is indicative of malware. In some embodiments, the secured launching agent may be configured to determine whether the security agent is infected with malware prior to loading the security agent.
-
Citations
54 Claims
-
1. A system, comprising:
-
an electronic device comprising a processor and one or more operating systems; a security agent configured to; execute at a higher priority than all operating systems of the electronic device; intercept, at a higher priority than all operating systems of the electronic device, a request to access a resource of the electronic device, the resource including one or more files associated with the security agent; determine, at a higher priority than all operating systems of the electronic device, whether the request is indicative of malware, including; utilizing a disk mapping bitmap containing metadata corresponding to the one or more files associated with the security agent to determine that the request is for the one or more files associated with the security agent, the metadata specifying a plurality of sectors on a storage device where each of the one or more files are stored; determining that the requestor is unauthorized; and based upon a determination that the request is for the sectors on the storage device specified in the disk mapping bitmap and upon a determination that the requestor is unauthorized, determining that the request is indicative of malware and denying the request; and a launching module comprising; a secured launching agent configured to launch the security agent; and a boot manager configured to boot the secured launching agent before booting the one or more operating systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 33, 51)
-
-
19. A method for electronic device security, comprising:
-
booting a secured launching agent before booting one or more operating systems of an electronic device; launching a security agent, wherein the security agent is configured to execute at a higher priority than all of the one or more operating systems of the electronic device; intercepting, by the security agent at a higher priority than all operating systems of the electronic device, a request to access a resource of the electronic device, the resource including one or more files associated with the security agent; and determine, at a higher priority than all operating systems of the electronic device, whether the request is indicative of malware, including; utilizing a disk mapping bitmap containing metadata corresponding to the one or more files associated with the security agent to determine that the request is for the one or more files associated with the security agent, the metadata specifying a plurality of sectors on a storage device where each of the one or more files are stored; determining that the requestor is unauthorized; and based upon a determination that the request is for the sectors on the storage device specified in the disk mapping bitmap and upon a determination that the requestor is unauthorized, determining that the request is indicative of malware and denying the request. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36)
-
-
37. A non-transitory computer-readable medium encoded with logic, the logic, when executed by a processor, configured to:
-
boot a secured launching agent before booting one or more operating systems of an electronic device; launch a security agent, wherein the security agent is configured to execute at a higher priority than all of the one or more operating systems of the electronic device; intercept, by the security agent at a higher priority than all operating systems of the electronic device, a request to access the resource of the electronic device, the resource including one or more files associated with the security agent; and determine, at a higher priority than all operating systems of the electronic device, whether the request is indicative of malware, including; utilizing a disk mapping bitmap containing metadata corresponding to one or more files associated with the security agent to determine that the request is for the one or more files associated with the security agent, the metadata specifying one or more sectors on a storage device where each of the one or more files are stored; determining that the requestor is unauthorized; and based upon a determination that the request is for the sectors on the storage device specified in the disk mapping bitmap and upon a determination that the requestor is unauthorized, determining that the request is indicative of malware and denying the request. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 52, 53, 54)
-
Specification