System and method for malware protection using virtualization
Disclosed are systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An exemplary malware protection system may include a kernel-level driver configured to intercept system calls addressed to an object of a protected...
Saved in:
Main Authors | , |
---|---|
Format | Patent |
Language | English |
Published |
17.01.2012
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Disclosed are systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An exemplary malware protection system may include a kernel-level driver configured to intercept system calls addressed to an object of a protected application. The system also includes an analysis engine configured to determine if there are security rules associated with one or more of the intercepted system call, the object of the protected application, and the actions allowed on the object of the protected application. The security rules indicate whether the system call is allowed or not allowed to be executed on the host computer. If there is no security rule associated with the system call, the system call is executed in a secure execution environment of the host computer using a virtual copy of the object of the protected application. |
---|---|
AbstractList | Disclosed are systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An exemplary malware protection system may include a kernel-level driver configured to intercept system calls addressed to an object of a protected application. The system also includes an analysis engine configured to determine if there are security rules associated with one or more of the intercepted system call, the object of the protected application, and the actions allowed on the object of the protected application. The security rules indicate whether the system call is allowed or not allowed to be executed on the host computer. If there is no security rule associated with the system call, the system call is executed in a secure execution environment of the host computer using a virtual copy of the object of the protected application. |
Author | RUSAKOV VYACHESLAV E SHIRYAEV ALEXANDER V |
Author_xml | – fullname: SHIRYAEV ALEXANDER V – fullname: RUSAKOV VYACHESLAV E |
BookMark | eNrjYmDJy89L5WSwDa4sLknNVUjMS1HITS3JyE9RSMsvUshNzClPLEpVKCjKL0lNLsnMz1MoLc7MS1coyywqKU3MyaxKBAnyMLCmJeYUp_JCaW4GBTfXEGcP3dSC_PjU4oLE5NS81JL40GALA0tLU0szJ0NjIpQAABhTMok |
ContentType | Patent |
DBID | EVB |
DatabaseName | esp@cenet |
DatabaseTitleList | |
Database_xml | – sequence: 1 dbid: EVB name: esp@cenet url: http://worldwide.espacenet.com/singleLineSearch?locale=en_EP sourceTypes: Open Access Repository |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Medicine Chemistry Sciences Physics |
ExternalDocumentID | US8099596B1 |
GroupedDBID | EVB |
ID | FETCH-epo_espacenet_US8099596B13 |
IEDL.DBID | EVB |
IngestDate | Fri Jul 19 15:10:41 EDT 2024 |
IsOpenAccess | true |
IsPeerReviewed | false |
IsScholarly | false |
Language | English |
LinkModel | DirectLink |
MergedId | FETCHMERGED-epo_espacenet_US8099596B13 |
Notes | Application Number: US201113174247 |
OpenAccessLink | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20120117&DB=EPODOC&CC=US&NR=8099596B1 |
ParticipantIDs | epo_espacenet_US8099596B1 |
PublicationCentury | 2000 |
PublicationDate | 20120117 |
PublicationDateYYYYMMDD | 2012-01-17 |
PublicationDate_xml | – month: 01 year: 2012 text: 20120117 day: 17 |
PublicationDecade | 2010 |
PublicationYear | 2012 |
RelatedCompanies | RUSAKOV VYACHESLAV E SHIRYAEV ALEXANDER V KASPERSKY LAB ZAO |
RelatedCompanies_xml | – name: RUSAKOV VYACHESLAV E – name: KASPERSKY LAB ZAO – name: SHIRYAEV ALEXANDER V |
Score | 2.8404744 |
Snippet | Disclosed are systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An... |
SourceID | epo |
SourceType | Open Access Repository |
SubjectTerms | CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS |
Title | System and method for malware protection using virtualization |
URI | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20120117&DB=EPODOC&locale=&CC=US&NR=8099596B1 |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1bS8MwFD6MeX3Tqjhv5EH6VmxrzepDEXpjCLvgVtnbSGI6CtqNtrq_70nXTV_0NYFwEnJyzpec7wvA7aOkKaOcGozZCFA4bmOOaYfBBEfwLCnnpiIn9we0lzjP04dpC7INF6bWCV3V4ojoUQL9varP6-XPJVZY11aWdzzDpsVTPPFCvUHHlgpnXT30vWg0DIeBHgReMtYHL55rKmEt6iNQ2lFZtJLZj159RUpZ_o4o8RHsjnCwvDqGlsw1OAg2H69psN9v3rs12KsLNEWJjY0TlifgrVXGCcvfyPoDaIKZJ_lg7ytWSNIoL-AUiCpqn5OvrFAkkYZweQokjiZBz0CLZtvZz5Lx1vb7M2jni1yeA7GUkl9qmylGIcQcNqfSEa7rSEs4qTRFBzp_DnPxT98lHKplVJcMVvcK2lXxKa8x7Fb8pl6wb9WkiIc |
link.rule.ids | 230,309,786,891,25594,76906 |
linkProvider | European Patent Office |
linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3PT8IwFH4h-ANvihrxZw9mt8UNZ4eHxWQbZCoMIsxwW9rRGRIdZEz5930tA73otU2a16av733t-74CXN8LmjLKqc5YEwEKx23MMe3QWcIRPAvKuSHJyb2QBpH1NL4bV2C65sIondClEkdEj0rQ3wt1Xs9_LrF8VVu5uOFTbJo9dEaOr5Xo2JThzNZ812kP-n7f0zzPiYZa-OK0DCmsRV0ESlu2FOeVmdOrK0kp898RpbMP2wMcLCsOoCKyOtS89cdrddjtle_dddhRBZrJAhtLJ1wcgrNSGScsm5DVB9AEM0_ywd6XLBekVF7AKRBZ1P5Gvqa5JImUhMsjIJ32yAt0tCjezD6Ohhvbb4-hms0ycQLElEp-adNIMQoh5mhyKqyk1bKEmVipMJIGNP4c5vSfviuoBaNeN-4-hs9nsCeXVF44mPY5VIv8U1xgCC74pVq8b2Ehi3Q |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=System+and+method+for+malware+protection+using+virtualization&rft.inventor=SHIRYAEV+ALEXANDER+V&rft.inventor=RUSAKOV+VYACHESLAV+E&rft.date=2012-01-17&rft.externalDBID=B1&rft.externalDocID=US8099596B1 |