首页>
外国专利>
System and method for kernel rootkit protection in a hypervisor environment
System and method for kernel rootkit protection in a hypervisor environment
展开▼
机译:在管理程序环境中用于内核rootkit保护的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system and method in one embodiment includes modules for creating a soft whitelist having entries corresponding to each guest kernel page in a guest operating system in a hypervisor environment, generating a page fault when an access attempt is made to a guest kernel page, fixing the page fault to allow access and execution if the guest kernel page corresponds to one of the entries in the soft whitelist, and denying execution if the guest kernel page does not correspond to any of the entries in the soft whitelist. If the page fault is an instruction page fault, and the guest kernel page corresponds to one of the entries in the soft whitelist, the method includes marking the guest kernel page as read-only and executable. The soft whitelist includes a hash of machine page frame numbers corresponding to virtual addresses of each guest kernel page.
展开▼