Method to identify buffer overflows and RLIBC attacks

Information security – Monitoring or scanning of software or data including attack...

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Method to identify buffer overflows and RLIBC attacks Method to identify buffer overflows and RLIBC attacks

: 2011-05-17
: 2011-05-17
: Srivastava, Vivek (Department: 2433)
: Information security
: Monitoring or scanning of software or data including attack...

: C726S023000, C726S024000, C726S025000
: Reexamination Certificate
: active
: 07945953
: ABSTRACT:
A method and system detect buffer overflows and RLIBC attacks by determining if a critical call initiating function is a “potential threat”. In one embodiment, a critical call initiating function is considered a potential threat if the value of the return address of the critical call initiating function points to a location in memory between the location of the highest Thread Environment Block (TEB) or Process Environment Block (PEB) and the location of the lowest Thread Environment Block (TEB) or PEB. In another embodiment, a critical call initiating function making a call to a predefined critical operating system function is considered a potential threat if the value of the return address of the critical call initiating function points to the beginning of a new function with a zero offset.

REFERENCES:
patent: 5345588 (1994-09-01), Greenwood et al.
patent: 5628016 (1997-05-01), Kukol
patent: 6081854 (2000-06-01), Priem et al.
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6578094 (2003-06-01), Moudgill
patent: 6832302 (2004-12-01), Fetzer et al.
patent: 7086088 (2006-08-01), Narayanan
patent: 7178132 (2007-02-01), Pierce
patent: 2003/0172293 (2003-09-01), Johnson et al.
patent: 2005/0102493 (2005-05-01), DeWitt et al.
patent: 2007/0180524 (2007-08-01), Choi et al.
Satish et al., “Detecting Return-to-LIBC Buffer Overflows Via Dynamic Disassembly of Offsets”, U.S. Appl. No. 11/064,712, filed Feb. 23, 2005.
Satish et al., “Detecting Buffer Overflows Using Frame Pointer Characteristics”, U.S. Appl. No. 11/095,276, filed Mar. 30, 2005.

Affiliated with

Conover Matthew

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Salinas Govind

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Satish Sourabh

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Brown Anthony

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Gunnison McKay & Hodgson, L.L.P.

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

McKay Philip

Attorney

[ 0.00 ] – not rated yet Voters 0 Comments 0

Srivastava Vivek

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Symantec Corporation

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method to identify buffer overflows and RLIBC attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method to identify buffer overflows and RLIBC attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method to identify buffer overflows and RLIBC attacks will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2659672

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure