System, method, and computer program product for conditionally preventing use of hardware virtualization

US 9,128,741 B2
Filed: 10/05/2007
Issued: 09/08/2015
Est. Priority Date: 10/05/2007
Status: Active Grant

First Claim

Patent Images

1. In a hardware computer system, a method:

providing a hardware virtualization software layer comprising virtual machine guard software, wherein the virtual machine guard software has a dedicated purpose to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of a system;

recognizing, by the virtual machine guard software, an attempt to use hardware virtualization;

determining a source that initiated the attempt;

associating the source with an identifier; and

allowing the attempt if the identifier is on a list of predetermined identifiers that are allowed.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for conditionally preventing use of hardware virtualization. In use, an attempt to use hardware virtualization is identified. Further, the use of the hardware virtualization is conditionally prevented.

Citations

18 Claims

1. In a hardware computer system, a method:
- providing a hardware virtualization software layer comprising virtual machine guard software, wherein the virtual machine guard software has a dedicated purpose to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of a system;
  
  recognizing, by the virtual machine guard software, an attempt to use hardware virtualization;
  
  determining a source that initiated the attempt;
  
  associating the source with an identifier; and
  
  allowing the attempt if the identifier is on a list of predetermined identifiers that are allowed.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein, after recognizing the source, presenting information identifying the source.
  - 3. The method of claim 2, further comprising receiving a response to the presented information.
  - 4. The method of claim 3, further comprising adding the identifier to the list based upon the response.

5. A method comprising:
- running an operating system on a hardware platform;
  
  installing virtual machine guard software, the virtual machine guard software having the purpose to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of a system;
  
  creating a virtual machine;
  
  moving the operating system into the virtual machine such that the operating system runs within the virtual machine and the virtual machine runs above the virtual machine guard software;
  
  employing the virtual machine guard software to monitor attempts by the operating system to use hardware virtualization;
  
  assigning an identifier to any said attempts that are recognized, the identifier having an association with software running upon the operating system; and
  
  allowing an attempt at hardware virtualization if an assigned identifier has been pre-determined as allowed.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5 wherein the virtual machine guard software is comprised of a virtualization layer.
  - 7. The method of claim 5, wherein the virtual machine guard monitors attempts to use hardware virtualization by monitoring communication with a virtualization provider.

8. A method comprising:
- running virtual machine guard software having a dedicated purpose to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of a system;
  
  employing the virtual machine guard software to create a virtual machine running an operating system in the virtual machine, wherein the virtual machine executes upon the virtual machine guard software and the operating system executes within the virtual machine;
  
  identifying an attempt to use hardware virtualization by a first software program running upon the operating system, such identifying performed by the virtual machine guard software;
  
  associating the first software program with an identifier; and
  
  allowing the attempt to use hardware virtualization if the identifier is predetermined as allowed.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the operating system is running when it is moved into the virtual machine.
  - 10. The method of claim 9, wherein one or more software programs are running upon the operating system prior to moving.
  - 11. The method of claim 8, wherein the virtual machine guard software is initialized prior to the operating system being initialized.

12. A non-transitory machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a computer system to:
- provide a hardware virtualization software layer dedicated to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of the computer system;
  
  recognize an attempt to use hardware virtualization;
  
  determine a source that initiated the attempt;
  
  associate the source with an identifier; and
  
  allow the attempt if the identifier is on a predetermined list of allowed identifiers.
- View Dependent Claims (13, 14, 15)
- - 13. The machine-readable medium of claim 12, wherein the instructions further comprise instructions that when executed cause the computer system to:
    - present information identifying the source.
  - 14. The machine-readable medium of claim 13, wherein the instructions further comprise instructions that when executed cause the computer system to:
    - receive input responsive to the presented information.
  - 15. The machine-readable medium of claim 14, wherein the instructions further comprise instructions that when executed cause the computer system toadd the identifier to the list responsive to the input.

16. A non-transitory machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a computer system to:
- create a virtual machine above a virtual machine guard software having the purpose to prevent the operation of malware software, such malware software characterized by a purpose to circumvent the intended operation of the computer system;
  
  move an operating system into the virtual machine such that the operating system runs within the virtual machine;
  
  employ the virtual machine guard software to monitor attempts by the operating system to use hardware virtualization;
  
  assign to any recognized attempts an identifier associated with software running upon the operating system; and
  
  allow an attempt at hardware virtualization if the assigned identifier has been pre- determined as allowed.
- View Dependent Claims (17, 18)
- - 17. The machine-readable medium of claim 16 wherein the virtual machine guard software comprises a virtualization layer.
  - 18. The machine-readable medium of claim 16, wherein the virtual machine guard software monitors attempts to use hardware virtualization by monitoring communication with a virtualization provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Blaimschein, Peter, Steiner, Thomas C. H., Dalcher, Gregory William, Teddy, John Douglas
Primary Examiner(s)
Faherty, Corey S

Application Number

US11/867,987
Publication Number

US 20130275963A1
Time in Patent Office

2,895 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 2221/034   Test or assess a computer o...

G06F 9/45558   Hypervisor-specific managem...

System, method, and computer program product for conditionally preventing use of hardware virtualization

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for conditionally preventing use of hardware virtualization

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links