Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2011-05-17
2011-05-17
Srivastava, Vivek (Department: 2433)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000, C726S025000
Reexamination Certificate
active
07945953
ABSTRACT:
A method and system detect buffer overflows and RLIBC attacks by determining if a critical call initiating function is a “potential threat”. In one embodiment, a critical call initiating function is considered a potential threat if the value of the return address of the critical call initiating function points to a location in memory between the location of the highest Thread Environment Block (TEB) or Process Environment Block (PEB) and the location of the lowest Thread Environment Block (TEB) or PEB. In another embodiment, a critical call initiating function making a call to a predefined critical operating system function is considered a potential threat if the value of the return address of the critical call initiating function points to the beginning of a new function with a zero offset.
REFERENCES:
patent: 5345588 (1994-09-01), Greenwood et al.
patent: 5628016 (1997-05-01), Kukol
patent: 6081854 (2000-06-01), Priem et al.
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6578094 (2003-06-01), Moudgill
patent: 6832302 (2004-12-01), Fetzer et al.
patent: 7086088 (2006-08-01), Narayanan
patent: 7178132 (2007-02-01), Pierce
patent: 2003/0172293 (2003-09-01), Johnson et al.
patent: 2005/0102493 (2005-05-01), DeWitt et al.
patent: 2007/0180524 (2007-08-01), Choi et al.
Satish et al., “Detecting Return-to-LIBC Buffer Overflows Via Dynamic Disassembly of Offsets”, U.S. Appl. No. 11/064,712, filed Feb. 23, 2005.
Satish et al., “Detecting Buffer Overflows Using Frame Pointer Characteristics”, U.S. Appl. No. 11/095,276, filed Mar. 30, 2005.
Conover Matthew
Salinas Govind
Satish Sourabh
Brown Anthony
Gunnison McKay & Hodgson, L.L.P.
McKay Philip
Srivastava Vivek
Symantec Corporation
LandOfFree
Method to identify buffer overflows and RLIBC attacks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method to identify buffer overflows and RLIBC attacks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method to identify buffer overflows and RLIBC attacks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2659672