Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2008-03-19
2011-10-11
Pyzocha, Michael (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
C726S025000, C713S188000, C713S189000
Reexamination Certificate
active
08037529
ABSTRACT:
A computer-implemented method includes identifying a buffer overflow vulnerability in a vulnerable program including identifying a victim buffer creation site that created a victim buffer and identifying a vulnerability site that overflowed the victim buffer. A patch is created for the vulnerable program to prevent the vulnerability site from overflowing a potential victim buffer created by the victim buffer creation site. In this manner, the information obtained in identifying the buffer overflow vulnerability is used to automatically derive a patch that accurately seals the vulnerability, greatly reduces the false positive and negative rate, while at the same time shortens the response time to new threats.
REFERENCES:
patent: 2003/0182572 (2003-09-01), Cowan et al.
patent: 2005/0144471 (2005-06-01), Shupak et al.
patent: 2005/0229254 (2005-10-01), Singh et al.
patent: 2006/0021054 (2006-01-01), Costa et al.
patent: 2006/0156032 (2006-07-01), Panjwani
patent: 2006/0195745 (2006-08-01), Keromytis et al.
patent: 2006/0259974 (2006-11-01), Marinescu et al.
patent: 2006/0277539 (2006-12-01), Amarasinghe et al.
patent: 2009/0144827 (2009-06-01), Peinado et al.
patent: 2009/0282393 (2009-11-01), Costa et al.
“CPNI INFOSEC Advisory—045/07—Microsoft Security Advisory: Vulnerability in Windows Animated Cursor Handling (935423)”, pp. 1-3 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://archive.cert.uni-stuttgart.de/cpni/2007/03/msg00020.html>. No author provided.
Cui et al., “ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing”, pp. 1-15 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://research.microsoft.com/users/wdcui/papers/shieldgen-oakland07.pdf>.
Lhee et al., “Type-Assisted Dynamic Buffer Overflow Detection”, pp. 1-9 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://citeseer.ist.psu.edu/lhee02typeassisted.html>.
Liang et al., “Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models”, pp. 1-10 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://seclab.cs.sunysb.edu/seclab/pubs/papers/acsac05.pdf>.
“MS06-078: Vulnerability in Windows Media Format could allow remote code execution”, pp. 1-3 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://support.microsoft.com/kb/923689>. No author provided.
“MS07-002: Vulnerabilities in Microsoft Excel could allow remote code execution”, pp. 1-2 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://support.microsoft.com/kb/927198>. No author provided.
“PASAN: Automatic Patch and Signature Generation for Buffer-Overflow Attacks”, pp. 1-20 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://www.ecsl.cs.sunysb.edu/tr/TR213.pdf>. No author provided.
Pickard, “Buffer Overflow Detection”, Jun. 14, 2005, pp. 1-26 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://www.seas.gwu.edu/˜simhaweb/security/summer2005/Stuart2.ppt#258>.
Ruwase et al., “A Practical Dynamic Buffer Overflow Detector”, pp. 1-11 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://suif.stanford.edu/papers/tunji04.pdf>.
Sidiroglou et al., “Countering Network Worms Through Automatic Patch Generation”, pp. 1-11 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://www1.cs.columbia.edu/˜anelos/Papers/2005/wormpatch.pdf>.
Smirnov et al., “DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks”, pp. 1-17 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://www.isoc.org/isoc/conferences
dss/05/proceedings/papers/dira.pdf>.
“Yahoo! Messenger YVerInfo.DLL ActiveX Control Multiple Buffer Overflow Weaknesses”, pp. 1-5 [online]. Retrieved on Mar. 19, 2008 from the Internet: <URL:http://www.securityfocus.com/bid/25494>. No author provided.
Chiueh Tzi-cker
Griffin Kent “E”
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Pyzocha Michael
Symantec Corporation
LandOfFree
Buffer overflow vulnerability detection and patch generation... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Buffer overflow vulnerability detection and patch generation..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Buffer overflow vulnerability detection and patch generation... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4282781