Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2011-06-14
2011-06-14
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C709S224000
Reexamination Certificate
active
07962961
ABSTRACT:
A security module detects attempted exploitations of vulnerabilities of an application executing on a computer. A robust function of the application having native error handling functionality is identified. The security module wraps the robust function with an exception handler that catches a “security violation” exception. The exception handler returns an error code of a type that is handled by the application's native error handling functionality. The security module also hooks the application. When a hook is followed, the security module determines whether a vulnerability in the application is being exploited. If an attempted exploit is detected, the security module throws the security violation exception. The application's native error handling functionality unwinds the call stack for the application until it reaches the exception handler wrapping the robust function. The exception handler catches the security violation exception and returns the error code to the application's native error handling functionality.
REFERENCES:
patent: 5974549 (1999-10-01), Golan
patent: 7278161 (2007-10-01), Lingafelt et al.
patent: 7562138 (2009-07-01), Kilian
patent: 7716726 (2010-05-01), Phillips et al.
patent: 7716727 (2010-05-01), Phillips et al.
patent: 7793338 (2010-09-01), Beddoe et al.
patent: 7793348 (2010-09-01), Lingafelt et al.
patent: 7845006 (2010-11-01), Akulavenkatavara et al.
patent: 2006/0095965 (2006-05-01), Phillips et al.
patent: 2007/0083933 (2007-04-01), Venkatapathy et al.
Bob Sheep, “Low Fragmentation Heap and Function Interception”, The Code Project, Jan. 14, 2004, 2 pages, [online] [Retrieved on Dec. 22, 2008] Retrieved from the Internet <URL:http://www.codeproject.com/KB/cpp/LFH.aspx?display=Print>.
“Exception handling”, Wikipedia, 9 pages, [online] [Retrieved on Dec. 22, 2008] Retrieved from the Internet <URL:http://en.wikipedia.org/wiki/Exception—handling>.
Galen Hunt et al., “Detours: Binary Interception of Win32 Functions”, Proceedings of the 3rd USENIX Windows NT Symposium, Jul. 1999, Seattle, Washington, 9 pages.
Kiem-Phong Vo et al., “Xept: A Software Instrumentation Method for Exception Handling”, Proceedings of the International Symposium on Software Reliability Engineering (ISSRE), 1997, 10 pages.
Chiueh Tzi-cker
Griffin Kent E.
Satish Sourabh
Fenwick & West LLP
Revak Christopher A
Symantec Corporation
LandOfFree
Responding to detected application vulnerability exploits does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Responding to detected application vulnerability exploits, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Responding to detected application vulnerability exploits will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2637111