The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 19, 2015
Filed:
Jan. 30, 2013
Vmware, Inc., Palo Alto, CA (US);
Lionel Litty, Palo Alto, CA (US);
Marios Leventopoulos, Palo Alto, CA (US);
Joshua Schwartz, Saratoga, CA (US);
VMware, Inc., Palo Alto, CA (US);
Abstract
Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent. By tracking writes to and execution of the respective pages, the monitoring process may determine whether the agent has been modified and whether the agent is still running.