首页>
外国专利>
System and method for kernel rootkit protection in a hypervisor environment
System and method for kernel rootkit protection in a hypervisor environment
展开▼
机译:在管理程序环境中用于内核rootkit保护的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system and method for rootkit protection in a hypervisor environment includes modules for creating a soft whitelist having entries corresponding to each guest kernel page of a guest operating system in a hypervisor environment, wherein each entry is a duplicate page of the corresponding guest kernel page, generating a page fault when a process attempts to access a guest kernel page, and redirecting the process to the corresponding duplicate page. If the page fault is a data page fault, the method includes fixing the page fault, and marking a page table entry corresponding to the guest kernel page as non-executable and writeable. If the page fault is an instruction page fault, the method includes marking a page table entry corresponding to the guest kernel page as read-only. Redirecting changing a machine page frame number in a shadow page table of the hypervisor to point to the corresponding duplicate page.
展开▼