Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2008-01-14
2011-12-06
Smithers, Matthew (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S187000, C713S188000
Reexamination Certificate
active
08074281
ABSTRACT:
Malware may be identified based on attempts to use tainted data in certain ways, such as by attempting to execute the tainted data, by attempting to modify execution control based on tainted data, or by attempting to apply an existing function to the tainted data. A data's taint is determined based on the location from which the data originates. When data from a tainted source is moved to an otherwise non-tainted destination, the taint may be propagated from the source to the destination, to indicate that the destination is now of unknown safety. A component may be used to observe the operation of a process, in order to determine what data is being moved with respect to the process, and how that data is being used.
REFERENCES:
patent: 7788235 (2010-08-01), Yeo
patent: 2002/0073323 (2002-06-01), Jordan
patent: 2003/0105973 (2003-06-01), Liang et al.
patent: 2003/0120951 (2003-06-01), Gartside et al.
patent: 2004/0030913 (2004-02-01), Liang et al.
patent: 2004/0034794 (2004-02-01), Mayer et al.
patent: 2004/0230827 (2004-11-01), Franczek et al.
patent: 2005/0188215 (2005-08-01), Shulman et al.
patent: 2005/0216956 (2005-09-01), Orr et al.
patent: 2005/0229254 (2005-10-01), Singh et al.
patent: 2006/0026682 (2006-02-01), Zakas
patent: 2006/0026683 (2006-02-01), Lim
patent: 2006/0037075 (2006-02-01), Frattura et al.
patent: 2006/0085857 (2006-04-01), Omote et al.
patent: 2007/0079378 (2007-04-01), Itoh
patent: 2007/0240215 (2007-10-01), Flores et al.
patent: 2008/0216175 (2008-09-01), Pike
patent: 2009/0172815 (2009-07-01), Gu et al.
patent: WO 2006/107712 (2006-10-01), None
Yin et al., “Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis”, Nov. 2, 2007, ACM, pp. 116-127.
Nanda et al., “Dynamic Multi-Process Information Flow Tracking for Web Application Security”, Nov. 2007, ACM, pp. 1-20.
Ho et al., “Pratical Taint-Based Protection using Demand Emulation”, Apr. 21, 2006, ACM, pp. 29-41.
Kong et al., “Improving Software Security via Runtime Instruction-Level Taint Checking”, Oct. 21, 2006, ACM, pp. 18-24.
Erlingsson, et al., “XFI: software guards for system address spaces” In Proceedings of the 7th Conference on USENIX Symposium on Operating Systems Design and Implementation—vol. 7 (Seattle, WA, Nov. 6-8, 2006). USENIX Ass., Berkeley, CA, 6-6.
Castro, et al., “Securing software by enforcing data-flow integrity”. In Symposium on Operating System Design and Implementation (OSDI), Seattle, WA, Nov. 2006.
Wikipedia, “Data Execution Prevention” http://en.wikipedia.org/wiki/Data—Execution—Prevention, Dec. 23, 2007.
Liron, “Adding Software Exceptions in Data Execution Prevention (DEP)”. Windows XP Update. Initially retrieved on Jun. 8, 2006; current version (submitted) retrieved on Jan. 3, 2008 from (http://www.updatexp.com/dep-exceptions.html).
Shacham, et al., “On the Effectiveness of Address-Space Randomization”, Proceedings of 11th ACM conference on Computer and communications security, pp. 298-307, 2004.
Wikipedia, “Address Space Layout Randomization”, http://en.wikipedia.org/wiki/Address—space—layout—randomization, Jan. 1, 2008.
Costa, et al., “Vigilante: End-to-End Containment of Internet Worms”, Proc. of 20th ACM Symposium on Operating Systems Principles (SOSP'05), Brighton, UK, Oct. 2005.
“Clavister IDP System”, date: 1998-2007, pp. 1-4.
Corman, “Defining the Rules for Preemptive Host Protection: Internet Security Systems' Multi Layered Strategy”, Date: 2005, pp. 1-12.
“MailFrontier Enterprise Gateway”, date: Apr. 7, 2004, pp. 1-2.
International Search Report and Written Opinion Received for PCT Application No. PCT/US2008/088346, mailed on Sep. 1, 2009, 11 pages.
Irun-Briz Luis
Livic Nikola
Niehaus Mark L.
Peinado Marcus
Visconti Laurent S.
Microsoft Corporation
Smithers Matthew
LandOfFree
Malware detection with taint tracking does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Malware detection with taint tracking, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Malware detection with taint tracking will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4308815