| CPC G06F 21/572 (2013.01) [G06F 21/54 (2013.01)] | 23 Claims |
|
1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for dynamically securing kernel-level system functions, the operations comprising:
hot patching of a kernel by a kernel module loaded into the kernel, the hot patching including at least one of modifying a code segment in the kernel or inserting a code segment into the kernel by the kernel module;
identifying a kernel function initiated by a system call associated with a user-level application;
intercepting the kernel function by the kernel module, the intercepting occurring as a result of the hot patching when the system call is initiated;
making available, to a security agent, an indication of at least one operation associated with the kernel function;
receiving, from the security agent, a determination of whether the at least one operation associated with the kernel function violates at least one security policy; and
based on the determination indicating the at least one operation does not violate the at least one security policy, allowing the system call to the kernel; or
based on the determination indicating the at least one operation violates the at least one security policy, performing at least one control action.
|