The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9311248 B1

Date of Patent:

Apr. 12, 2016

Filed:

May. 07, 2013

Methods and apparatuses for monitoring activities of virtual machines

Applicant:

Raytheon Company, Waltham, MA (US);

Inventor:

John R. Wagner, Melbourne, FL (US);

Assignee:

Raytheon Cyber Products, LLC, Herndon, VA (US);

Attorney:

Primary Examiner:

Adam M Queler

Assistant Examiner:

Trang Ta

Int. Cl.

CPC ...

G06F 12/00 (2006.01); G06F 12/10 (2006.01); G06F 11/36 (2006.01); G06F 9/455 (2006.01);

U.S. Cl.

CPC ...

G06F 12/10 (2013.01); G06F 9/45541 (2013.01); G06F 11/362 (2013.01); G06F 9/45533 (2013.01); G06F 12/1009 (2013.01); G06F 2212/151 (2013.01);

Abstract

Embodiments of a method and apparatus for monitoring activity on a virtual machine are generally described herein. The activity may be monitored by a first hypervisor and the virtual machine may be controlled by a second hypervisor. In some embodiments, the method includes setting a breakpoint in a kernel function of the virtual machine. The method may further include generating a page fault, responsive to the virtual machine halting execution at the breakpoint, to cause the second hypervisor to page in contents of a memory location accessed by the kernel function. The method may further include inspecting the contents of the memory location to detect activity in the virtual machine.

Find Patent Forward Citations