BR112015004449A2 - detecção de ameaças para programação orientada ao retorno - Google Patents

detecção de ameaças para programação orientada ao retorno

Info

Publication number
BR112015004449A2
BR112015004449A2 BR112015004449A BR112015004449A BR112015004449A2 BR 112015004449 A2 BR112015004449 A2 BR 112015004449A2 BR 112015004449 A BR112015004449 A BR 112015004449A BR 112015004449 A BR112015004449 A BR 112015004449A BR 112015004449 A2 BR112015004449 A2 BR 112015004449A2
Authority
BR
Brazil
Prior art keywords
computing device
oriented programming
return
threat detection
call stack
Prior art date
Application number
BR112015004449A
Other languages
English (en)
Inventor
Wicherski Georg
Original Assignee
Crowdstrike Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crowdstrike Inc filed Critical Crowdstrike Inc
Publication of BR112015004449A2 publication Critical patent/BR112015004449A2/pt

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/81Threshold
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/865Monitoring of software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/88Monitoring involving counting

Abstract

resumo “detecção de ameaças para programação orientada ao retorno” trata-se de técnicas para detectar explorações de segurança associadas à programação orientada ao retorno. por exemplo, um dispositivo computacional pode determinar que uma contagem retomada é indicativa de uma atividade mal-intencionada, tal como uma programação orientada ao retorno. o dispositivo computacional pode retomar a contagem a partir de um contador de desempenho do processador de incompatibilidades de predição, sendo que as incompatibilidades de predição resultam a partir de comparações de uma pilha de chamadas do dispositivo computacional e de uma pilha de chamadas de sombra mantida por um processador do dispositivo computacional. em resposta à determinação que a contagem indica uma atividade mal-intencionada, o dispositivo computacional pode realizar pelo menos uma ação de resposta de segurança.
BR112015004449A 2012-09-07 2013-09-06 detecção de ameaças para programação orientada ao retorno BR112015004449A2 (pt)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/607,155 US9256730B2 (en) 2012-09-07 2012-09-07 Threat detection for return oriented programming
PCT/US2013/058496 WO2014039811A1 (en) 2012-09-07 2013-09-06 Threat detection for return oriented programming

Publications (1)

Publication Number Publication Date
BR112015004449A2 true BR112015004449A2 (pt) 2017-07-04

Family

ID=50234814

Family Applications (1)

Application Number Title Priority Date Filing Date
BR112015004449A BR112015004449A2 (pt) 2012-09-07 2013-09-06 detecção de ameaças para programação orientada ao retorno

Country Status (10)

Country Link
US (1) US9256730B2 (pt)
EP (1) EP2893486B1 (pt)
JP (1) JP6208761B2 (pt)
AU (1) AU2013312388A1 (pt)
BR (1) BR112015004449A2 (pt)
CA (1) CA2881859A1 (pt)
IL (1) IL237385B (pt)
IN (1) IN2015DN01594A (pt)
SG (1) SG11201501083SA (pt)
WO (1) WO2014039811A1 (pt)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9256730B2 (en) * 2012-09-07 2016-02-09 Crowdstrike, Inc. Threat detection for return oriented programming
US9177147B2 (en) * 2012-09-28 2015-11-03 Intel Corporation Protection against return oriented programming attacks
US9223979B2 (en) * 2012-10-31 2015-12-29 Intel Corporation Detection of return oriented programming attacks
US9213831B2 (en) * 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
US9305167B2 (en) 2014-05-21 2016-04-05 Bitdefender IPR Management Ltd. Hardware-enabled prevention of code reuse attacks
US10049211B1 (en) 2014-07-16 2018-08-14 Bitdefender IPR Management Ltd. Hardware-accelerated prevention of code reuse attacks
US9961102B2 (en) 2014-07-16 2018-05-01 Mcafee, Llc Detection of stack pivoting
US9904780B2 (en) * 2014-07-31 2018-02-27 Nec Corporation Transparent detection and extraction of return-oriented-programming attacks
EP2996034B1 (en) * 2014-09-11 2018-08-15 Nxp B.V. Execution flow protection in microcontrollers
US9646154B2 (en) * 2014-12-12 2017-05-09 Microsoft Technology Licensing, Llc Return oriented programming (ROP) attack protection
US20160253497A1 (en) * 2015-02-26 2016-09-01 Qualcomm Incorporated Return Oriented Programming Attack Detection Via Memory Monitoring
US20170091454A1 (en) * 2015-09-25 2017-03-30 Vadim Sukhomlinov Lbr-based rop/jop exploit detection
US9767292B2 (en) 2015-10-11 2017-09-19 Unexploitable Holdings Llc Systems and methods to identify security exploits by generating a type based self-assembling indirect control flow graph
WO2017146094A1 (ja) * 2016-02-24 2017-08-31 日本電信電話株式会社 攻撃コード検知装置、攻撃コード検知方法及び攻撃コード検知プログラム
AU2017238773B2 (en) 2016-03-24 2021-10-07 Carbon Black, Inc. Systems and techniques for guiding a response to a cybersecurity incident
US10423777B2 (en) * 2016-04-14 2019-09-24 Endgame, Inc. Preventing execution of malicious instructions based on address specified in a branch instruction
US10044701B2 (en) * 2016-05-24 2018-08-07 Vantiv, Llc Technologies for token-based authentication and authorization of distributed computing resources
US10681059B2 (en) 2016-05-25 2020-06-09 CyberOwl Limited Relating to the monitoring of network security
WO2018053154A1 (en) 2016-09-14 2018-03-22 Carbon Black, Inc. Cybersecurity incident detection based on unexpected activity patterns
US10437990B2 (en) 2016-09-30 2019-10-08 Mcafee, Llc Detection of return oriented programming attacks in a processor
WO2018066516A1 (ja) * 2016-10-06 2018-04-12 日本電信電話株式会社 攻撃コード検知装置、攻撃コード検知方法及び攻撃コード検知プログラム
IL266459B2 (en) * 2016-11-07 2023-10-01 Perception Point Ltd A system and method for detecting and alerting the exploitation of security loopholes in computer systems
US9734337B1 (en) 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US10706180B2 (en) 2017-07-07 2020-07-07 Endgame, Inc. System and method for enabling a malware prevention module in response to a context switch within a certain process being executed by a processor
US10885183B2 (en) * 2017-09-28 2021-01-05 International Business Machines Corporation Return oriented programming attack protection
US11030302B2 (en) * 2018-04-12 2021-06-08 Webroot Inc. Restricting access to application programming interfaces (APIs)
US11023582B2 (en) * 2018-12-19 2021-06-01 EMC IP Holding Company LLC Identification and control of malicious users on a data storage system

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5604877A (en) * 1994-01-04 1997-02-18 Intel Corporation Method and apparatus for resolving return from subroutine instructions in a computer processor
US5949973A (en) * 1997-07-25 1999-09-07 Memco Software, Ltd. Method of relocating the stack in a computer system for preventing overrate by an exploit program
JP3552627B2 (ja) * 2000-02-04 2004-08-11 インターナショナル・ビジネス・マシーンズ・コーポレーション スタック保護システム、コンピュータシステム、コンパイラ、スタック保護方法および記憶媒体
US6971019B1 (en) * 2000-03-14 2005-11-29 Symantec Corporation Histogram-based virus detection
US7853803B2 (en) * 2001-09-28 2010-12-14 Verizon Corporate Services Group Inc. System and method for thwarting buffer overflow attacks using encrypted process pointers
US6931632B2 (en) * 2001-11-08 2005-08-16 Hewlett-Packard Development Company, L.P. Instrumentation of code having predicated branch-call and shadow instructions
US20040168078A1 (en) * 2002-12-04 2004-08-26 Brodley Carla E. Apparatus, system and method for protecting function return address
US7594111B2 (en) * 2002-12-19 2009-09-22 Massachusetts Institute Of Technology Secure execution of a computer program
US7603704B2 (en) * 2002-12-19 2009-10-13 Massachusetts Institute Of Technology Secure execution of a computer program using a code cache
US7178010B2 (en) * 2003-01-16 2007-02-13 Ip-First, Llc Method and apparatus for correcting an internal call/return stack in a microprocessor that detects from multiple pipeline stages incorrect speculative update of the call/return stack
US7272748B1 (en) * 2004-03-17 2007-09-18 Symantec Corporation Method and apparatus to detect and recover from a stack frame corruption
KR100586500B1 (ko) * 2004-03-18 2006-06-07 학교법인고려중앙학원 버퍼 오버플로우 공격들을 감지하고 복구하는 방법 및 그장치
US7650640B1 (en) * 2004-10-18 2010-01-19 Symantec Corporation Method and system for detecting IA32 targeted buffer overflow attacks
US7607041B2 (en) * 2005-12-16 2009-10-20 Cisco Technology, Inc. Methods and apparatus providing recovery from computer and network security attacks
US8443442B2 (en) * 2006-01-31 2013-05-14 The Penn State Research Foundation Signature-free buffer overflow attack blocker
US7581089B1 (en) * 2006-04-20 2009-08-25 The United States Of America As Represented By The Director Of The National Security Agency Method of protecting a computer stack
US20090089564A1 (en) 2006-12-06 2009-04-02 Brickell Ernie F Protecting a Branch Instruction from Side Channel Vulnerabilities
US8751948B2 (en) * 2008-05-13 2014-06-10 Cyandia, Inc. Methods, apparatus and systems for providing and monitoring secure information via multiple authorized channels and generating alerts relating to same
US8117660B2 (en) * 2008-06-19 2012-02-14 Microsoft Corporation Secure control flows by monitoring control transfers
US8495587B2 (en) * 2009-01-13 2013-07-23 International Business Machines Corporation Method, apparatus or software for selectively activating a trace function
WO2010093996A1 (en) * 2009-02-13 2010-08-19 Peter Anthony Crosby Memory utilization analysis
US8490060B2 (en) * 2009-09-23 2013-07-16 International Business Machines Corporation Tracing memory updates and accesses for debugging computer programs
US9443085B2 (en) * 2011-07-19 2016-09-13 Elwha Llc Intrusion detection using taint accumulation
US8943313B2 (en) * 2011-07-19 2015-01-27 Elwha Llc Fine-grained security in federated data sets
US8839429B2 (en) * 2011-11-07 2014-09-16 Qualcomm Incorporated Methods, devices, and systems for detecting return-oriented programming exploits
US8776223B2 (en) * 2012-01-16 2014-07-08 Qualcomm Incorporated Dynamic execution prevention to inhibit return-oriented programming
US9256730B2 (en) * 2012-09-07 2016-02-09 Crowdstrike, Inc. Threat detection for return oriented programming

Also Published As

Publication number Publication date
AU2013312388A1 (en) 2015-03-05
EP2893486A1 (en) 2015-07-15
US9256730B2 (en) 2016-02-09
US20140075556A1 (en) 2014-03-13
IL237385B (en) 2018-05-31
WO2014039811A1 (en) 2014-03-13
CA2881859A1 (en) 2014-03-13
IL237385A0 (en) 2015-04-30
JP2015527680A (ja) 2015-09-17
IN2015DN01594A (pt) 2015-07-03
EP2893486B1 (en) 2018-11-28
JP6208761B2 (ja) 2017-10-04
EP2893486A4 (en) 2016-03-02
SG11201501083SA (en) 2015-05-28

Similar Documents

Publication Publication Date Title
BR112015004449A2 (pt) detecção de ameaças para programação orientada ao retorno
BR112015009225A2 (pt) bloqueio/desbloqueio de dispositivo contextual
GB2510506A (en) Generating compiled code that indicates register liveness
GB2519017A (en) Next instruction access intent instruction
GB201319170D0 (en) Malware detection
WO2014116740A3 (en) Privileged cryptographic services in a virtualized environment
WO2014140062A3 (en) System for the detection and handling of hypoglycemia
BR112015000139A2 (pt) método para prevenir o funcionamento acidental na tela de toque, tela de toque e terminal móvel
BR112013030585A2 (pt) monitoramento de saída de área demarcada
MX2015006359A (es) Entrada de ademan de usuario para dispositivo electronico portable, que involucra movimiento del dispositivo.
MX366275B (es) Metodos para detectar y medir la agregacion.
WO2013164821A3 (en) Detection and prevention for malicious threats
GB2511997A (en) Management of threads within a computing environment
GB2519882A (en) Identifying whether an application is malicious
GB2521946A (en) Detection of return oriented programming attacks
GB201100039D0 (en) Server, user device and malware detection method thereof
BR112013019245A2 (pt) método e aparelho para bloquear e desbloquear múltiplos ambientes de sistema operacional com uma única entrada de gesto
GB201302443D0 (en) Detecting malicious computer code in an executing program module
IN2015DN01188A (pt)
BR112013032640A2 (pt) carregar simultaneamente objetos multimídia e associar metadados com os objetos multimídia
BR112013004118A2 (pt) mecanismo de acesso de canal para canais amplos usados em redes sobrepostas
BR112017003426A8 (pt) Fluxo de dados construído para processamento de evento intensificado
BR112014009445A2 (pt) método para um dispositivo eletrônico, artigo e dispositivo eletrônico
Chen A simple proof of the Ohsawa-Takegoshi extension theorem
BR112015013051A2 (pt) gerenciamento de alimentação de dispositivos de comunicação

Legal Events

Date Code Title Description
B06F Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]
B08F Application dismissed because of non-payment of annual fees [chapter 8.6 patent gazette]

Free format text: REFERENTE A 6A ANUIDADE.

B08K Patent lapsed as no evidence of payment of the annual fee has been furnished to inpi [chapter 8.11 patent gazette]

Free format text: EM VIRTUDE DO ARQUIVAMENTO PUBLICADO NA RPI 2530 DE 02-07-2019 E CONSIDERANDO AUSENCIA DE MANIFESTACAO DENTRO DOS PRAZOS LEGAIS, INFORMO QUE CABE SER MANTIDO O ARQUIVAMENTO DO PEDIDO DE PATENTE, CONFORME O DISPOSTO NO ARTIGO 12, DA RESOLUCAO 113/2013.