Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2005-01-14
2009-08-18
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
C713S152000
Reexamination Certificate
active
07577992
ABSTRACT:
Software control flow integrity is provided by embedding identifying bit patterns at computed control flow instruction sources and destinations. The sources and destinations of computed control flow instructions are determined with reference to a control flow graph. The identifying bit patterns are compared during software execution, and a match between a source and a respective destination ensures control flow consistent with the control flow graph. Security measures are implemented when the comparison results in a mismatch, indicating that control flow has deviated from the anticipated course.
REFERENCES:
patent: 5761477 (1998-06-01), Wahbe et al.
patent: 5974549 (1999-10-01), Golan
patent: 6151618 (2000-11-01), Wahbe et al.
patent: 7043757 (2006-05-01), Hoefelmeyer et al.
patent: 7185368 (2007-02-01), Copeland, III
patent: 7337291 (2008-02-01), Abadi et al.
patent: 2007/0180526 (2007-08-01), Copeland, III
patent: 2007/0250703 (2007-10-01), Giraud et al.
Abadi et al, “Control-Flow Integrity”, Nov. 2005, CCS '05, ACM, p. 1-14.
KIm et al, “Applying Dataflow Analysis to Detecting Software Vulnerability”, Feb. 2008, ICACT 2008, p. 255-258.
Jo et al, “Constructing Control Flow Graph That Accounts For Exception Induced Control Flows For Java”, 2003, Proceedings of the 7thKorea-Russia International Symposium, p. 160-165.
Schuette et al, “Processor Control Flow Monitoring Using SIgnatured Instruction Streams”, Mar. 1987, IEEE Transactions on Computers, vol. C-36, No. 3, p. 264-276.
Oh et al, “Control-Flow Checking by Software Signatures”, Mar. 2002, IEEE Transactions on Reliability, vol. 51, No. 2, p. 111-122.
Suh, G.E. et al., “Secure Program Execution via Dynamic Information Flow Tracking”,Computer Science and Artificial Intelligence Laboratory(CSAIL), 14 pages.
Tabatabai, A.R.A., et al., “Efficient and Language-Independent Mobile Programs”,Proceedings of PLDI, ACM SIGPLAN Conference on Programming Language Design and Implementation, 1996, 10 pages.
Tuck, N. et al., “Hardware and Binary Modification Support for Code Pointer Protection from Buffer Overflow”,Proceedings of the 37thInternational Symposium on Microarchitecture, Dec. 2004, 12 pages.
Vachharajani, N. et al., “RIFLE: An Architectural Framework for User-Centric Information-Flow Security”,Departments of Computer Science and Electrical Engineering, Princeton University, 1-12.
Wagner, D. et al., “Mimicry Attacks on Host-Based Intrusion Detection Systems”,CCS, 2002, 10 pages.
Wagner, D. et al., “Intrusion Detection via Static Analysis”, 13 pages.
Wagner, D. et al., “A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities”,University of California, Berkeley, 15 pages.
Wahbe, R. et al., “Efficient Software-Based Fault Isolation”,Proceedings of the Symposium on Operating System Principles, 1993, 14 pages.
Wilander, J. et al., “A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention”,10thNetwork and Distributed System Security Symposium, 2003, 14 pages.
Xu, J. et al., “Transparent Runtime Randomization for Security”,Center for Reliable and High-Performance Computing Coordinated Science Laboratory, 10 pages.
“Towards a Solid Base for Dealing with the Next 500 Advanced Code Injection Attacks on C and C++ Programs”, 8 pages.
Oh, N. et al., “Control-Flow Checking by Software Signatures”,IEEE Transactions on Reliability, Mar. 2002, 51(2), 111-122.
Reis, G.A. et al., “SWIFT: Software Implemented Fault Tolerance”, http://liberty.princeton.edu/Publications/, Mar. 2005, 12 pages.
Venkatasubramanian, R. et al., “Low-Cost On-Line Fault Detection Using Control Flow Assertions”,Proceedings of the 9thIEEE International On-LineTesting Symposium, 2003, 7 pages.
Abadi, M. et al., “Asgard: Software Guards for System Address Spaces”, Work done at Microsoft Research, Silicon Valley, 14 pages.
De Sutter, B. et al., “Link-Time Binary Rewriting Techniques for Program Compaction”,ACM Transactions on Programming Languages and Systems, Sep. 2005, 27(5), 882-945.
Necula, G.C. et al., “Safe Kernel Extensions Without Run-Time Checking”,Proceedings of the Second Symposium on Operating Systems and Implementation, 1996, 229-243.
Necula, G.C., “Proof-Carrying Code”,Proceedings of the 24thAnnual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1997, 14 pages.
Abadi, M. et al., “Control-Flow Integrity: Principles, Implementations, and Applications”, University of California, Santa, Cruz, Microsoft Research, Silicon Valley, Princeton University, Oct. 26, 2004, 24 pages.
Avijit, K. et al., “TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection”,Proceedings of the 13thUSENIX Security Symposium, Aug. 9-13, 2004, San Diego, CA, USA, 12 pages.
Baratloo, A. et al., “Transparent Run-Time Defense Against Stack Smashing Attacks”,Proceedings of the 2000 USENIX Annual Technical Conference, Jun. 18-23, 2000, San Diego, California, 13 pages.
Bhatkar, S. et al., “Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits”,Proceedings of the 12thUSENIX Security Symposium, Aug. 4-8, 2003, 105-120.
Brumley, D. et al., “Remote Timing Attacks are Practical”,i Proceedings of the 12thUSENIX Security Symposium, Aug. 4-8, 2003, 1-13.
Chew, M. et al., “Mitigating Buffer Overflows by Operating System Randomization”, Fall 1999 @ UC Berkeley, 1-9.
Cowan, C. et al., “PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities”,Proceedings of the 12thUSENIX Security Symposium, Aug. 4-8, 2003, 91-104.
Cowan, C. et al., “FormatGuard: Automatic Protection from printf Format String Vulnerabilities”,Proceedings of the 10thUSENIX Security Symposium, Aug. 13-17, 2001, 10 pages.
Crandall, J.R. et al., “Minos: Control Data Attack Prevention Orthogonal to Memory Model”,37thInternational Symposium on Microarchitecture, 12 pages.
Drinic', M. et al., “A Hardware-Software Platform for Intrusion Prevention”, 10 pages.
Feng, H.H. et al., “Anomaly Detection Using Call Stack Information”,Department of Electrical and Computer Engineering, College of Computing, 14 pages.
Frantzen, M. et al., “StackGhost: Hardware Facilitated Stack Protection”,CERIAS, Engineering Computer Network, 11 pages.
Kiriansky, V. et al., “Execution Model Enforcement Via Program Shepherding”,Laboratory for Computer Science, 10 pages.
Kiriansky, V. et al., “Secure Execution Via Program Shepherding”,Proceedings of the 11thUSENIX Security Symposium, Aug. 5-9, 2002, San Francisco, CA., 17 pages.
Kiriansky, V.L., “Secure Execution Environment via Program Shepherding”,Submitted to the Department of Electrical Engineering and Computer Science, Feb. 4, 2003, 1-82.
Kirovski, D. et al., “Enabling Trusted Software Integrity”,ASPLOS, 2002, 1-13.
Larochelle, D. et al. “Statically Detecting Likely Buffer Overflow Vulnerabilities”,University of Virginia, Department of Computer Science, 13 pages.
Larson, E. et al., “High Coverage Detection of Input-Related Security Faults”,Proceedings of the 12thUSENIX Security Symposium, Aug. 4-8, 2003, Washington, D.C., 121-136.
McCamant, S. “Verifiable Binary Sandboxing for a CISC Architecture”, May 14, 2004, 14 pages.
Nebenzahl, D. et al., “Install-time Vaccination of Windows Executables to Defend Against Stack Smashing Attacks”,Technical Report EES2003-9, School of Electrical Engineering, Nov. 4, 2003, 17 pages.
Oplinger, J. et al., “Enhancing Software Reliability with Speculative Threads”,ACM, 2002, 13 pages.
Pincus, J. et al., “Mitigations for Low-Level Coding Vulnerabilities: Incomp
Abadi Martin
Budiu Mihai-Dan
Erlingsson Ulfar
Ligatti Jay A.
Microsoft Corporation
Revak Christopher A
Woodcock & Washburn LLP
LandOfFree
Software security based on control flow integrity does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Software security based on control flow integrity, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Software security based on control flow integrity will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4077502