Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2005-02-23
2009-06-23
Moazzami, Nasser G (Department: 2436)
Information security
Monitoring or scanning of software or data including attack...
C710S260000
Reexamination Certificate
active
07552477
ABSTRACT:
A method makes use of the fact that call modules, such as APIS, making calls to a critical operating system (OS) function are typically called by a call instruction while, in contrast, a RLIBC attack typically uses call modules that are jumped to, returned to, or invoked by some means other than a call instruction. The method includes stalling a call to critical OS function and checking to ensure that the call module making the call to the critical OS function was called by a call instruction. If it is determined that the call module making the call to the critical OS function was not called by a call instruction, the method further includes taking protective action to protect a computer system.
REFERENCES:
patent: 6301699 (2001-10-01), Hollander et al.
patent: 2005/0102493 (2005-05-01), DeWitt et al.
Satish et al., “Detecting Buffer Overflows Using Frame Pointer Characteristics”, U.S. Appl. No. 11/095,276, filed Mar. 30, 2005.
Salinas et al., “Method to Identify Buffer Overflows and RLIBC Attacks”, U.S. Appl. No. 11/176,855, filed Jul. 6, 2005.
Conover Matthew
Satish Sourabh
Gunnison McKay & Hodgson, L.L.P.
Hoffman Brandon S
McKay Philip J.
Moazzami Nasser G
Symantec Corporation
LandOfFree
Detecting return-to-LIBC buffer overflows via dynamic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting return-to-LIBC buffer overflows via dynamic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting return-to-LIBC buffer overflows via dynamic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4147177