The invention relates to systems and methods for protecting computer systems from malware.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
A particular class of malware attack targets a call stack of a running process, for instance by exploiting a buffer overflow vulnerability to inject malicious code into a memory page allocated to the stack, and then executing the respective code.
Hardware virtualization technology allows the creation of simulated computer environments commonly known as virtual machines, which behave in many ways as physical computer systems. In typical modern applications, such as server consolidation and infrastructure-as-a-service (IAAS), several virtual machines may run simultaneously on the same physical machine, sharing the hardware resources among them, thus reducing investment and operating costs. Each virtual machine may run its own operating system and/or software applications, separately from other virtual machines.
Due to the steady proliferation of malware, each such virtual machine potentially requires malware protection, including protection against exploits that use the stack for malicious purposes. There is considerable interest in developing efficient, robust, and scalable anti-malware solutions for hardware virtualization platforms.