Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2006-12-26
2006-12-26
Louis-Jacques, Jacques (Department: 2134)
Information security
Monitoring or scanning of software or data including attack...
Reexamination Certificate
active
07155741
ABSTRACT:
Buffer overflow attacks are prevented by altering the load locations of commonly used executable code modules. A monitor layer (210) is associated with an operating system (220) and controls the load locations for predetermined modules containing executable code that can be used in the execution of buffer overflow attacks. The monitor layer (210) applies predetermined criteria to determine whether a module (280) presents a high risk for enabling a buffer overflow attack. If the monitor layer (210) determines that the module (280) presents a high risk, the monitor layer (210) may force the module (280) to load in an alternate location (290) by reserving sections of memory (295) into which the module normally loads. Alternatively, the monitor layer (210) may alter the area of the module that directs the operating system (220) to load it into a particular location (295), thus causing the operation system to load the module to an alternate location (290).
REFERENCES:
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5949973 (1999-09-01), Yarom
patent: 6088803 (2000-07-01), Tso et al.
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6941473 (2005-09-01), Etoh et al.
patent: WO 01/37095 (2001-05-01), None
Randustack web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet <URL: http://pageexec.virtualave.net/docs/randustack.txt>.
Randkstack web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virtualave.net/docs/randkstack.txt>.
Randmap web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virtualave.net/docs/randmmap.txt>.
Randexec web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virtualave.net/docs/randexec.txt>.
VMA mirroring web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virtualave.net/docs/vmmirror.txt>.
Chew, Monica and Song, Dawn, “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2000, pp. 1-9, U.C. Berkeley, Berkeley, California, U.S.A.
Choi, Yang-Seo, et al., “A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation”,Lecture Notes in Computer Science 2288,2002, pp. 146-159, Springer Verlag, Berlin and Heidelberg, Germany.
Parkhouse, Jayne, “Pelican SafeTNet 2.0” [online], Jun. 2000, SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Szor, P. and Ferrie, P., “Hunting for Metamorphic”, Virus Bulletin Conference Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 123-144.
Aho, Alfred V., et al. Compilers, Addison-Wesly Publishing Company, USA, revised edition 1988.
Periot, Frederic, “Defeating Polymorphism Through Code Optimization”, Paper given at the Virus Bulletin conference, Sep. 26-27 Oct. 2003 pp. 142-159, Toronto, Canada, published by Virus Bulletin Ltd., The pentagon, Abington, Oxfordshire, England.
McCorkendale Bruce
Sobel William E
Fenwick & West LLP
Lipman Jacob
Louis-Jacques Jacques
Symantec Corporation
LandOfFree
Alteration of module load locations does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Alteration of module load locations, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Alteration of module load locations will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3657875