VMware, Inc.
PROTECTING OPERATING SYSTEM KERNEL OBJECTS USING A HYPERVISOR

Abstract:

Example methods are provided to use a guest monitoring mode (GMM) module in a hypervisor to monitor for attempts to maliciously modify operating system (OS) kernel objects in a virtualized computing environment. A created OS kernel object is migrated to a memory space where the GMM module can detect an attempt to modify the OS kernel object. The GMM module uses reference information to determine whether the modification is authorized by trusted OS kernel code or is being attempted by malicious code.