Abstract: A method in one example implementation includes intercepting a request associated with an execution of an object (e.g., a kernel module or a binary) in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary.

Abstract: A method in one example implementation includes identifying an address space in a memory element of a system configured to operate in a virtual environment. The address space includes at least one system address, and the address space is provided to a virtual machine monitor. The method also includes generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process. The page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. In more specific embodiments, the method may include evaluating a page fault to determine access to the address space, where access to a writeable area of the memory element is denied.

Abstract: A method in one example implementation includes intercepting a request associated with an execution of an object (e.g., a kernel module or a binary) in a computer configured to operate in a virtual machine environment. The request is associated with a privileged domain of the computer that operates logically below one or more operating systems. The method also includes verifying an authorization of the object by computing a checksum for the object and comparing the checksum to a plurality of stored checksums in a memory element. The execution of the object is denied if it is not authorized. In other embodiments, the method can include evaluating a plurality of entries within the memory element of the computer, wherein the entries include authorized binaries and kernel modules. In other embodiments, the method can include intercepting an attempt from a remote computer to execute code from a previously authorized binary.

Abstract: A method in one example implementation includes identifying an address space in a memory element of a system configured to operate in a virtual environment. The address space includes at least one system address, and the address space is provided to a virtual machine monitor. The method also includes generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process. The page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. In more specific embodiments, the method may include evaluating a page fault to determine access to the address space, where access to a writeable area of the memory element is denied.