Information security – Prevention of unauthorized use of data including prevention...
Reexamination Certificate
2007-10-23
2007-10-23
Moazzami, Nasser (Department: 2136)
Information security
Prevention of unauthorized use of data including prevention...
C726S022000, C726S023000, C726S024000, C713S165000, C713S167000, C713S188000
Reexamination Certificate
active
10671202
ABSTRACT:
A method includes stalling a call to a critical operating system (OS) function, looking up a value at the previous top of stack, and determining whether the value is equivalent to an address of the critical OS function being called. If the value at the previous top of stack is equivalent to the address of the critical OS function being called, the method further includes taking protective action to protect a computer system.
REFERENCES:
patent: 5822517 (1998-10-01), Dotan
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6412071 (2002-06-01), Hollander et al.
Baratloo, A., et al, ‘Transparent Run-Time Defense Against Stack Smashing Attacks’, 2000 Proceedings of the USENIX Annual Technical Conference, entire document, http://citeseer.ist.psu.edu/cache/papers/cs/24655/http:zSzzSzwww.research.avayalabs.comzSzpprojectzSzlibsafezSzdoczSzusenix00.pdf/baratloo00transparent.pdf.
Choi, Y., et al, ‘A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation’, ICISC 2001: 4th International Conference Seoul, Korea, Dec. 6-7, 2001. Proceedings, pp. 146-159, http://www.springerlink.com/content/x8tn836pk6wyp8kw/fulltext.pdf.
Larochelle, D., et al, ‘Statically Detecting Likely Buffer Overflow Vulnerabilities’, Hackers Digest, Iss. 2, Fall 2001, pp. 45-58, http://www.cs.virginia.edu/˜evans/pubs/hd—fall—2001.pdf.
Pedram, ‘Branch Tracing with Intel MSR Registers’, www.openrce.org/blog, Dec. 13, 2006, entire blog, https://www.openrce.org/blog/view/535/Branch—Tracing—with—Intel—MSR—Registers.
Farmer, D., et al,‘Forensic Discovery’, Addison Wesley Professional, 2004, Chapter 6, http://www.fish2.com/forensics/pipe/chapter6.html.
Chien, E. and Szor, P., “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques In Computer Viruses”, Virus Bulletin Conference, Sep. 2002, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-36.
Dabak, P., Borate, M. and Phadke, S., “Hooking Windows NT System Services”, pp. 1-8 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet::<URL:http://www.windowsitlibrary.com/Content/356/06/2.html>.
“How Entercept Protects: System Call Interception”, pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/kernelmode.asp>. No author provided.
“How Entercept Protects: System Call Interception”, p. 1 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/interception.asp>. No author provided.
Gordon, J., “Understand . . . the Stack(part 1)”, pp. 1-8 [online]. Retrieved on Aug. 27, 2003. Retrieved from the Internet:<URL:http://www.jorgon.freeserve.co.uk/GoasmHelp/usstack1.htm>.
Chew, M. and Song, D., “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2002, 9 pages.
“Entercept Continues to Dominate the Market in Buffer Overflow Protection”, p. 1-2 [online]. Retrieved on Aug. 6, 2003. Retrieved from the Internet:<URL:http://www.entercept.com
ews/uspr/07-09.02.asp>. No author provided.
“IA-32 Intel® Architecture Software Developer's Manual; vol. 3: System Programming Guide”, pp. 15-11 to 15-22. 2002. No author provided.
Dabak, P., Borate, M., Phadke, S.,Adding New System Services to the Windows NT Kernal, pp. 1-5 [online]. Retrieved Dec. 16, 2003. Retrieved from the Internet: URL:http://www.windowsitlibrary.com/Content/356/07/1.html.
Conover et al., U.S. Appl. No. 10/763,867, filed Jan. 22, 2004, entitled “Return-to-LIBC Attack Detection Using Branch Trace Records System and Method”.
Baum Ronald
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Moazzami Nasser
Symantec Corporation
LandOfFree
Return-to-LIBC attack blocking system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Return-to-LIBC attack blocking system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Return-to-LIBC attack blocking system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3833895