System and method for below-operating system trapping and securing loading of code into memory
First Claim
Patent Images
1. A system for electronic security, comprising:
- a memory;
a security agent configured to;
identify an attempted access of a resource of an electronic device, the attempted access comprising;
attempting to write instructions to the memory;
attempting to execute the instructions; and
attempting to access a memory page data structure entry for software;
determine that the malware status of the software is unknown;
trap the attempted access based upon identifications of the attempt to write instructions to the memory, attempt to execute the instructions, the attempt to access the memory page data structure entry for the software, and upon a determination that the malware status of the software is unknown; and
access one or more security rules to determine whether the attempted access is indicative of malware.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of a resource of the electronic device, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory. The attempted access includes attempting to write instructions to the memory and attempting to execute the instructions.
-
Citations
20 Claims
-
1. A system for electronic security, comprising:
-
a memory; a security agent configured to; identify an attempted access of a resource of an electronic device, the attempted access comprising; attempting to write instructions to the memory; attempting to execute the instructions; and attempting to access a memory page data structure entry for software; determine that the malware status of the software is unknown;
trap the attempted access based upon identifications of the attempt to write instructions to the memory, attempt to execute the instructions, the attempt to access the memory page data structure entry for the software, and upon a determination that the malware status of the software is unknown; andaccess one or more security rules to determine whether the attempted access is indicative of malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to; identify an attempted access of a resource of an electronic device, the attempted access comprising; attempting to write instructions to a memory of the electronic device, the memory comprising the resource; attempting to execute the instructions; attempting to access a memory page data structure entry for software; determine that the malware status of the software is unknown; trap the attempted access based upon identifications of the attempt to write instructions to the memory, the attempt to execute the instructions, the attempt to access the memory page data structure entry for the software, and upon a determination that the malware status of the software is unknown; and
access one or more security rules to determine whether the attempted access is indicative of malware. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for protecting an electronic device against malware, comprising:
-
identifying an attempted access of a resource of an electronic device, the attempted access comprising; attempting to write instructions to a memory of the electronic device, the memory comprising the resource; attempting to execute the instructions; and attempting to access a memory page data structure entry for software; determine that the malware status of the software is unknown; trap the attempted access based upon identifications of the attempt to write instructions to the memory, the attempt to execute the instructions, the attempt to access the memory page data structure entry for the software, and upon a determination that the malware status of the software is unknown; and access one or more security rules to determine whether the attempted access is indicative of malware. - View Dependent Claims (20)
-
Specification