Information security – Prevention of unauthorized use of data including prevention...
Reexamination Certificate
2007-10-16
2007-10-16
Moazzami, Nasser (Department: 2136)
Information security
Prevention of unauthorized use of data including prevention...
C726S022000, C726S023000, C726S024000, C713S165000, C713S167000, C713S188000
Reexamination Certificate
active
10763867
ABSTRACT:
A method includes stalling a call to a critical operating system (OS) function and determining whether branch trace records of the call include a return instruction. Upon a determination that the branch trace records of the call do include a return instruction, the method further includes taking protective action to protect a computer system.
REFERENCES:
patent: 5822517 (1998-10-01), Dotan
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6412071 (2002-06-01), Hollander et al.
Baratloo, A., et al, ‘Transparent Run-Time Defense Against Stack Smashing Attacks’, 2000 Proceedings of the USENIX Annual Technical Conference, entire document, http://citeseer.ist.psu.edu/cache/papers/cs/24655/http:zSzzSzwww.research.avayalabs.comzSzprojectzSzlibsafezSzdoczSzusenix00.pdf/baratloo00transparent.pdf.
Choi, Y., et al, ‘A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation’, ICISC 2001: 4th International Conference Seoul, Korea, Dec. 6-7, 2001. Proceedings, pp. 146-159, http://www.springerlink.com/content/x8tn836pk6wyp8kw/fulltext.pdf.
Larochelle, D., et al, ‘Statically Detecting Likely Buffer Overflow Vulnerabilities’, Hackers Digest, Iss. 2, Fall 2001, pp. 45-58, http://www.cs.virginia.edu/˜evans/pubs/hd—fall—2001.pdf.
Pedram,‘Branch Tracing with Intel MSR Registers’, www.openrce.org/blog, Dec. 13, 2006, entire blog, https://www.openrce.org/blog/view/535/Branch—Tracing—with—Intel—MSR—Registers.
Chien, E. and Szor, P., “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques In Computer Viruses”, Virus Bulletin Conference, Sep. 2002, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-36.
Dabak, P., Borate, M. and Phadke, S., “Hooking Windows NT System Services”, pp. 1-8 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet: URL:http://www.windowsitlibrary.com/Content/356/06/2.html.
“How Entercept Protects: System Call Interception”, pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet: <URL:http://www.entercept.com/products/technology/kernelmode.asp>. No author provided.
“How Entercept Protects: System Call Interception”, p. 1 [online] . Retrieved on Apr. 16, 2003. Retrieved from the Internet: <URL:http://www.entercept.com/products/technology/interception.asp>. No author provided.
Gordon, J., “Understand . . . the Stack(part 1)”, pp. 1-8 [online]. Retrieved on Aug. 27, 2003. Retrieved from the Internet: <URL:http://www.jorgon.freeserve.co.uk/GoasmHelp/usstack1.htm>.
Chew, M. and Song, D., “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2002, 9 pages.
“Entercept Continues to Dominate the Market in Buffer Overflow Protection”, p. 1-2 [online]. Retrieved on Aug. 6, 2003. Retrieved from the Internet: <URL:http://www.entercept.com
ews/uspr/07-09-02.asp>. No author provided.
“IA-32 Intel® Architecture Software Developer's Manual; vol. 3:System Programming Guide”, pp. 15-11 to 15-22. 2002. No author provided.
Dabak, P. , Borate, M. , Phadke, S. ,Adding New System Services to the Windows NT Kernal, pp. 1-5 [online]. Retrieved Dec. 16, 2003. Retrieved from the Internet: URL:http://www.windowsitlibrary.com/Content/356/07/1.html.
Szor, U.S. Appl. No. 10/671,202, filed Sep. 25, 2003, entitled “Return-to-LIBC Attack Blocking System and Method”.
Szor, U.S. Appl. No. 10/360,341, filed Feb. 6, 2003, entitled “Shell Code Blocking System and Method”.
Sobel et al., U.S. Appl. No. 10/140,149, filed May 6, 2002, entitled “Alteration of Module Load Locations”.
Conover Matthew
Szor Peter
Baum Ronald
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Symantec Corporation
LandOfFree
Return-to-LIBC attack detection using branch trace records... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Return-to-LIBC attack detection using branch trace records..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Return-to-LIBC attack detection using branch trace records... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3876180