Title:
ハイパーバイザ環境でカーネル・ルートキットから保護するシステムおよび方法
Document Type and Number:
Japanese Patent JP5819535
Kind Code:
B2
Abstract:
A system and method for rootkit protection in a hypervisor environment includes modules for creating a soft whitelist having entries corresponding to each guest kernel page of a guest operating system in a hypervisor environment, wherein each entry is a duplicate page of the corresponding guest kernel page, generating a page fault when a process attempts to access a guest kernel page, and redirecting the process to the corresponding duplicate page. If the page fault is a data page fault, the method includes fixing the page fault, and marking a page table entry corresponding to the guest kernel page as non-executable and writeable. If the page fault is an instruction page fault, the method includes marking a page table entry corresponding to the guest kernel page as read-only. Redirecting changing a machine page frame number in a shadow page table of the hypervisor to point to the corresponding duplicate page.
Inventors:
Dawn, amit
Mohindel, Preto
Srivastava, Vivek
Mohindel, Preto
Srivastava, Vivek
Application Number:
JP2014535728A
Publication Date:
November 24, 2015
Filing Date:
September 15, 2012
Export Citation:
Assignee:
McAfee, Inc.
International Classes:
G06F21/57; G06F9/46; G06F12/10
Domestic Patent References:
| JP2008541214A | ||||
| JP2004234053A |
Foreign References:
| CN102194080A |
Attorney, Agent or Firm:
Tadashige Ito
Tadahiko Ito
Shinsuke Onuki
Tadahiko Ito
Shinsuke Onuki
Previous Patent: 有機電界発光素子用材料、有機電界発光素子、表示装置、及び照明装置
Next Patent: METHOD OF AND APPARATUS FOR MEASURING BULK DENSITY OF MOLDING
Next Patent: METHOD OF AND APPARATUS FOR MEASURING BULK DENSITY OF MOLDING