Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-01-11
2011-01-11
Zand, Kambiz (Department: 2434)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S025000
Reexamination Certificate
active
07870610
ABSTRACT:
Various approaches for detecting unauthorized actions on a computing platform are disclosed. In one approach, a memory region is designated as tainted if data is received from an untrusted source (such as the network) and written to that region. Thereafter, destination regions may be designated as tainted based on an operation having source and destination parameters in which at least a portion of an address range of the source overlaps an address range of a tainted memory region, and data from the source is used to update the destination. If an argument in an invocation of a function call references a tainted memory region, the call is determined to be unauthorized and data is output indicative of the unauthorized call.
REFERENCES:
patent: 7284273 (2007-10-01), Szor
patent: 7308648 (2007-12-01), Buchthal et al.
patent: 2004/0158725 (2004-08-01), Szor
patent: 2004/0196486 (2004-10-01), Uchino
patent: 2005/0193429 (2005-09-01), Demopoulos et al.
patent: 2005/0273861 (2005-12-01), Chess et al.
patent: 2006/0036746 (2006-02-01), Davis
patent: 2006/0277604 (2006-12-01), Pandit et al.
patent: 2007/0130620 (2007-06-01), Pietraszek et al.
patent: 2008/0184208 (2008-07-01), Sreedhar et al.
2005, James Newsome et al., “Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software,” http://www.ece.cmu.edu/˜dawnsong/papers/taintcheck.pdf.
Oct. 2004, Weidong Cui et al., “BINDER: An Extrusion-based Break-in Detector for Personal Computers,” http://digitalassets.lib.berkeley.edu/techreports/ucb/text/CSD-04-1352.pdf.
Aug. 2005, Adam Turoff, “Defensive CGI Programming with Taint Mode and CGI::UNTAINT,” http://www.usenix.org/publications/login/2005-08/pdfs/turoff.pdf.
2006, Author Unknown, “perlsec,” http://perldoc.perl.org/perlsec.html.
2001, Dave Thomas, with Chad Fowler and Andy Hunt, “Locking Ruby in the Safe (from the book “Programming Ruby—The Pragmatic Programmer's Guide”),” http://www.rubycentral.com/book/taint.html.
Aug. 2006, Engin Kirda et al., “Behavior-based Spyware Detection,” http://www.seclab.tuwien.ac.at/papers/spyware.pdf.
2004, Jim Chow et al., “Understanding Data Lifetime via Whole System Simulation,” http://www.stanford.edu/˜talg/papers/USENIX04/taint-usenix04.pdf.
1996, Stephanie Forrest et al., “A Sense of Self for Unix Processes,” http://www.cs.unm.edu/˜forrest/publications/ieee-sp-96-unix.pdf.
Mitchell John C.
Stinson Elizabeth A.
Crawford & Maunu PLLC
Guirguis Michael
The Board of Directors of the Leland Stanford Junior University
Zand Kambiz
LandOfFree
Detection of malicious programs does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detection of malicious programs, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection of malicious programs will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2733536