Patent · US Active

Detection of malicious programs

US7870610B1 · kind B1 · utility

102Cited by

2References

21Claims

0Family size

Assignee

The Board of Directors of the Leland Stanford Junior University · US

Inventors

John Mitchell · High Point, US
Elizabeth A. Stinson · Palo Alto, US

Key dates

Filing date	Mar 16, 2007
Grant date	Jan 11, 2011
Priority date	—
Expiry date	Nov 2, 2029

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/53
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Various approaches for detecting unauthorized actions on a computing platform are disclosed. In one approach, a memory region is designated as tainted if data is received from an untrusted source (such as the network) and written to that region. Thereafter, destination regions may be designated as tainted based on an operation having source and destination parameters in which at least a portion of an address range of the source overlaps an address range of a tainted memory region, and data from the source is used to update the destination. If an argument in an invocation of a function call references a tainted memory region, the call is determined to be unauthorized and data is output indicative of the unauthorized call.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.