×

Systems and methods involving features of hardware virtualization such as separation kernel hypervisors, hypervisors, hypervisor guest context, hypervisor context, rootkit detection/prevention, and/or other features

  • US 9,607,151 B2
  • Filed: 12/26/2014
  • Issued: 03/28/2017
  • Est. Priority Date: 06/26/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method of processing information involving a separation kernel hypervisor, the method comprising:

  • partitioning hardware platform resources via a separation kernel hypervisor into a plurality of guest operating system virtual machine protection domains;

    isolating the domains in time and space from each other;

    hosting the plurality of quest operating system virtual machine protection domains by the separation kernel hypervisor;

    providing a dedicated virtualization assistance layer (VAL) including a virtual representation of the hardware platform in each of the quest operating system virtual machine protection domains such that the dedicated VAL security processing is not performed in the separation kernel hypervisor;

    hosting at least one malicious code defense mechanism that executes within the virtual hardware platform in each of the plurality of quest operating system virtual machine protection domains via the separation kernel hypervisor;

    triggering entry into the separation kernel hypervisor upon execution of code involving an I/O port access attempt in a suspect guest operating system;

    transitioning execution of the access attempt from the separation kernel hypervisor to the virtualization assistance layer in a manner isolated from the suspect guest operating system;

    transitioning execution of the access attempt from the virtualization assistance layer to a malicious code defense mechanism;

    analyzing by the malicious code defense mechanism behavior of the suspect guest operating system and determining a policy decision;

    passing the policy decision and transitioning execution of the access attempt from the malicious code defense mechanism to the virtualization assistance layer; and

    passing the policy decision and transitioning execution of the access attempt from the virtualization assistance layer to the separation kernel hypervisor, wherein the separation kernel hypervisor performs enforcement or executes an action based on the policy decision.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×