Mandiant, Inc.
System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer

Abstract:

A computing device features one or more hardware processors and a memory that is coupled to the one or more processors. The memory comprises software that is implemented with a security mechanism to protect the availability of a software component operating within a virtual machine, which is controlled by a guest operating system (OS) kernel. The software comprises a virtualization layer operating in a host mode, where the virtualization layer, when executed by the one or more hardware processors, is configured to send one or more virtual interrupts to the guest OS kernel of the virtual machine. A virtual interrupt causes an interrupt service routine within the guest OS kernel to perform a particular service that prevents a protected process (or protected software data structures) from being effected by malware.