The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Nov. 14, 2023
Filed:
Jul. 26, 2020
Applicant:
Vmware, Inc., Pato Alto, CA (US);
Inventors:
Prasad Sharad Dabak, Pune, IN;
Leena Shuklendu Soman, Pune, IN;
Assignee:
VMWARE, INC., Palo Alto, CA (US);
Attorney:
Primary Examiner:
Int. Cl.
CPC ...
G06F 21/00 (2013.01); G06F 21/56 (2013.01); G06F 9/455 (2018.01); G06F 21/55 (2013.01); G06F 21/54 (2013.01);
U.S. Cl.
CPC ...
G06F 21/566 (2013.01); G06F 9/45545 (2013.01); G06F 9/45558 (2013.01); G06F 21/54 (2013.01); G06F 21/554 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45591 (2013.01); G06F 2221/034 (2013.01);
Abstract
Example methods are provided to use a guest monitoring mode (GMM) module in a hypervisor to monitor for attempts to maliciously modify operating system (OS) kernel objects in a virtualized computing environment. A created OS kernel object is migrated to a memory space where the GMM module can detect an attempt to modify the OS kernel object. The GMM module uses reference information to determine whether the modification is authorized by trusted OS kernel code or is being attempted by malicious code.