Preventing execution of remotely injected threads
US7797702B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 22, 2005 |
| Grant date | Sep 14, 2010 |
| Priority date | — |
| Expiry date | Nov 28, 2028 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2209/542
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A legitimate process utilizes thread local storage (TLS) functionality to prevent a malicious thread from executing in its address space. The legitimate process includes a thread white list that identifies the entry point addresses of threads executed by the process. When executed on a computer, the process interacts with the TLS functionality provided by the computer's operating system. The operating system sends the process a message each time a new thread is executed in the process's address space. Upon receiving the message, the process determines the entry point address of the new thread and checks to see if the address is in the white list. If the thread entry point address is not in the white list, the thread is probably malicious and the process therefore terminates the thread's execution.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.