System and method for performing protection against kernel rootkits in a hypervisor environment

摘要

A method includes creating a soft whitelist having an entry corresponding to a first guest kernel page in a guest operating system (OS) in a hypervisor environment including a hypervisor. The method also includes receiving an access attempt to a second guest kernel page, and generating a page fault when the access attempt is made to the second guest kernel page. In addition, the method includes determining that the second guest kernel page does not correspond to the entry in the soft whitelist, and denying an execution of the second guest kernel page if the second guest kernel page does not correspond to the entry in the soft whitelist.