Research Article
Secure Virtualization Environment Based on Advanced Memory Introspection
Rule 1 task_struct.mm > 0xbfffffff | Rule 2 (task_struct.pid >= 0) and (task_struct.tgid >= 0) | Rule 3 (task_struct.parent >= 0xbfffffff) and (task_struct.real_parent >= 0xbfffffff) | Rule 4 (task_struct.fs == 0) or (task_struct.real_fs >= 0xbfffffff) | Rule 5 (task_struct.files == 0) or (task_struct.real_ files >= 0xbfffffff) |
|