| CPC G06F 21/44 (2013.01) [G06F 9/45558 (2013.01); G06F 2009/45587 (2013.01)] | 22 Claims |
|
1. A non-transitory machine-readable storage medium that stores instructions that, when executed by a processor, causes operations to be performed including:
registering, by a process credential protection module provided in a hypervisor in a virtualized system, in-guest process credentials of a guest operating system including binding the process credentials with values including: a guest address of a first structure that includes subjective credentials, a guest address of a second structure that includes a context in which the process credentials reside, and a plurality of data fields of the first structure that are not subject to change;
creating a first tag from at least the values bound with the process credentials;
storing the first tag in a tracking structure of the process credential protection module;
performing, by the process credential protection module, an integrity verification check at one or more verification points, wherein each verification point is triggered by a function or system call being called by the guest operating system, and wherein performing the integrity verification check includes creating a second tag from at least the values bound with the process credentials; and
determining that the second tag does not match the first tag thereby indicating that the integrity of the in-guest process credentials has been compromised, and responsive to this determination, taking one or more remedial actions.
|