Exploit detection system with threat-aware microvisor

1. 1
   Title

   What the patent document calls the invention.

2. 2
   Abstract

   A short plain-language summary of the technical disclosure.

3. 3
   Assignees and inventors

   Who owns or filed the patent and who is credited as inventor.

4. 4
   Key dates

   Filing, priority, publication, and grant dates set the timeline.

5. 5
   First independent claim

   The legal scope of protection — read this for what is actually claimed.

6. 6
   CPC / IPC classifications

   Technology tags used to group this patent with similar filings.

7. 7
   Citations and related patents

   Prior art links and similar publications in this corpus.

An exploit detection system deploys a threat-aware microvisor to facilitate real-time security analysis, including exploit detection and threat intelligence, of an operating system process executing on a node of a network environment. The microvisor may be organized as a main protection domain representative of the operating system process. In response to the process attempting to access a kernel resource for which it does not have permission, a capability violation may be generated at the main protection domain of the microvisor and a micro-virtual machine (VM) may be spawned as a container configured to encapsulate the process. The main protection domain may then be cloned to create a cloned protection domain that is representative of the process and that is bound to the spawned micro-VM. Capabilities of the cloned protection domain may be configured to be more restricted than the capabilities of the main protection domain with respect to access to the kernel resource. The restricted capabilities may be configured to generate more capability violations than those generated by the capabilities of the main protection domain and, in turn, enable further monitoring of the process as it attempts to access the kernel resource.

What is claimed is: 1. A system comprising: a central processing unit (CPU) of an exploit detection system; a memory coupled to the CPU and configured to store: a threat-aware microvisor executable by the CPU to generate a capability violation in response to a process executing in an operating system attempting to access a kernel resource for which the process does not have permission, the threat-aware microvisor having a main protection domain including one or more execution c…

• Fireeye Inc

• Ismael Osman Abdoul
• Aziz Ashar

View patent family 53521636

• Original source
• Google Patents

Request deeper analysis

What does patent US9507935B2 cover?

An exploit detection system deploys a threat-aware microvisor to facilitate real-time security analysis, including exploit detection and threat intelligence, of an operating system process executing on a node of a network environment. The microvisor may be organized as a main protection domain representative of the operating system process. In response to the process attempting to access a kern…

Who is the assignee on this patent?

Fireeye Inc

What technology area does this patent fall under?

Primary CPC classification G06F21/552. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).