Control flow redirection and analysis for detecting vulnerability exploitation
US8296848B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 20, 2007 |
| Grant date | Oct 23, 2012 |
| Priority date | — |
| Expiry date | Oct 9, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A security module detects attempted exploitations of vulnerabilities of applications executing on a computer. The security module hooks an application on the computer. The hook transfers control flow to the security module if execution reaches a hooked location. When a hook is followed, the security module saves the state of the computer and activates an analysis environment. A virtual machine within the analysis environment executes signatures that programmatically analyze the state of the computer to determine whether a vulnerability in the application is being exploited. If a signature detects an exploit, the security module blocks the exploit by skipping over the one or more instructions that constitute the exploit, terminating the application, or performing a different action. The security module reports the detected exploit attempt to the user of the client. The security module returns control flow back to the application if it does not detect an exploit.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.