SG11201501083SA - Threat detection for return oriented programming - Google Patents

Threat detection for return oriented programming

Info

Publication number
SG11201501083SA
SG11201501083SA SG11201501083SA SG11201501083SA SG11201501083SA SG 11201501083S A SG11201501083S A SG 11201501083SA SG 11201501083S A SG11201501083S A SG 11201501083SA SG 11201501083S A SG11201501083S A SG 11201501083SA SG 11201501083S A SG11201501083S A SG 11201501083SA
Authority
SG
Singapore
Prior art keywords
oriented programming
threat detection
return oriented
return
threat
Prior art date
Application number
SG11201501083SA
Inventor
Georg Wicherski
Original Assignee
Crowdstrike Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crowdstrike Inc filed Critical Crowdstrike Inc
Publication of SG11201501083SA publication Critical patent/SG11201501083SA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/81Threshold
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/865Monitoring of software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/88Monitoring involving counting
SG11201501083SA 2012-09-07 2013-09-06 Threat detection for return oriented programming SG11201501083SA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/607,155 US9256730B2 (en) 2012-09-07 2012-09-07 Threat detection for return oriented programming
PCT/US2013/058496 WO2014039811A1 (en) 2012-09-07 2013-09-06 Threat detection for return oriented programming

Publications (1)

Publication Number Publication Date
SG11201501083SA true SG11201501083SA (en) 2015-05-28

Family

ID=50234814

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201501083SA SG11201501083SA (en) 2012-09-07 2013-09-06 Threat detection for return oriented programming

Country Status (10)

Country Link
US (1) US9256730B2 (en)
EP (1) EP2893486B1 (en)
JP (1) JP6208761B2 (en)
AU (1) AU2013312388A1 (en)
BR (1) BR112015004449A2 (en)
CA (1) CA2881859A1 (en)
IL (1) IL237385B (en)
IN (1) IN2015DN01594A (en)
SG (1) SG11201501083SA (en)
WO (1) WO2014039811A1 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9256730B2 (en) * 2012-09-07 2016-02-09 Crowdstrike, Inc. Threat detection for return oriented programming
US9177147B2 (en) * 2012-09-28 2015-11-03 Intel Corporation Protection against return oriented programming attacks
US9223979B2 (en) * 2012-10-31 2015-12-29 Intel Corporation Detection of return oriented programming attacks
US9213831B2 (en) * 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
US9305167B2 (en) 2014-05-21 2016-04-05 Bitdefender IPR Management Ltd. Hardware-enabled prevention of code reuse attacks
US10049211B1 (en) 2014-07-16 2018-08-14 Bitdefender IPR Management Ltd. Hardware-accelerated prevention of code reuse attacks
US9961102B2 (en) 2014-07-16 2018-05-01 Mcafee, Llc Detection of stack pivoting
US9904780B2 (en) * 2014-07-31 2018-02-27 Nec Corporation Transparent detection and extraction of return-oriented-programming attacks
EP2996034B1 (en) * 2014-09-11 2018-08-15 Nxp B.V. Execution flow protection in microcontrollers
US9646154B2 (en) * 2014-12-12 2017-05-09 Microsoft Technology Licensing, Llc Return oriented programming (ROP) attack protection
US20160253497A1 (en) * 2015-02-26 2016-09-01 Qualcomm Incorporated Return Oriented Programming Attack Detection Via Memory Monitoring
US20170091454A1 (en) * 2015-09-25 2017-03-30 Vadim Sukhomlinov Lbr-based rop/jop exploit detection
US9767292B2 (en) 2015-10-11 2017-09-19 Unexploitable Holdings Llc Systems and methods to identify security exploits by generating a type based self-assembling indirect control flow graph
US10878091B2 (en) * 2016-02-24 2020-12-29 Nippon Telegraph And Telephone Corporation Attack code detection device, attack code detection method, and attack code detection program
US10320820B2 (en) 2016-03-24 2019-06-11 Carbon Black, Inc. Systems and techniques for guiding a response to a cybersecurity incident
US10423777B2 (en) * 2016-04-14 2019-09-24 Endgame, Inc. Preventing execution of malicious instructions based on address specified in a branch instruction
US10044701B2 (en) * 2016-05-24 2018-08-07 Vantiv, Llc Technologies for token-based authentication and authorization of distributed computing resources
US10681059B2 (en) 2016-05-25 2020-06-09 CyberOwl Limited Relating to the monitoring of network security
WO2018053154A1 (en) 2016-09-14 2018-03-22 Carbon Black, Inc. Cybersecurity incident detection based on unexpected activity patterns
US10437990B2 (en) 2016-09-30 2019-10-08 Mcafee, Llc Detection of return oriented programming attacks in a processor
EP3506140B1 (en) * 2016-10-06 2021-04-14 Nippon Telegraph and Telephone Corporation Hacking code sensing device, hacking code sensing method, and hacking code sensing program
IL266459B2 (en) * 2016-11-07 2023-10-01 Perception Point Ltd System and method for detecting and for alerting of exploits in computerized systems
US9734337B1 (en) * 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US10706180B2 (en) 2017-07-07 2020-07-07 Endgame, Inc. System and method for enabling a malware prevention module in response to a context switch within a certain process being executed by a processor
US10885183B2 (en) * 2017-09-28 2021-01-05 International Business Machines Corporation Return oriented programming attack protection
US11030302B2 (en) * 2018-04-12 2021-06-08 Webroot Inc. Restricting access to application programming interfaces (APIs)
US11023582B2 (en) * 2018-12-19 2021-06-01 EMC IP Holding Company LLC Identification and control of malicious users on a data storage system

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5604877A (en) * 1994-01-04 1997-02-18 Intel Corporation Method and apparatus for resolving return from subroutine instructions in a computer processor
US5949973A (en) * 1997-07-25 1999-09-07 Memco Software, Ltd. Method of relocating the stack in a computer system for preventing overrate by an exploit program
JP3552627B2 (en) * 2000-02-04 2004-08-11 インターナショナル・ビジネス・マシーンズ・コーポレーション Stack protection system, computer system, compiler, stack protection method, and storage medium
US6971019B1 (en) * 2000-03-14 2005-11-29 Symantec Corporation Histogram-based virus detection
US7853803B2 (en) * 2001-09-28 2010-12-14 Verizon Corporate Services Group Inc. System and method for thwarting buffer overflow attacks using encrypted process pointers
US6931632B2 (en) * 2001-11-08 2005-08-16 Hewlett-Packard Development Company, L.P. Instrumentation of code having predicated branch-call and shadow instructions
US20040168078A1 (en) * 2002-12-04 2004-08-26 Brodley Carla E. Apparatus, system and method for protecting function return address
US7603704B2 (en) * 2002-12-19 2009-10-13 Massachusetts Institute Of Technology Secure execution of a computer program using a code cache
US7594111B2 (en) * 2002-12-19 2009-09-22 Massachusetts Institute Of Technology Secure execution of a computer program
US7178010B2 (en) * 2003-01-16 2007-02-13 Ip-First, Llc Method and apparatus for correcting an internal call/return stack in a microprocessor that detects from multiple pipeline stages incorrect speculative update of the call/return stack
US7272748B1 (en) * 2004-03-17 2007-09-18 Symantec Corporation Method and apparatus to detect and recover from a stack frame corruption
KR100586500B1 (en) * 2004-03-18 2006-06-07 학교법인고려중앙학원 Method for sensing and recovery against buffer overflow attacks and apparatus thereof
US7650640B1 (en) * 2004-10-18 2010-01-19 Symantec Corporation Method and system for detecting IA32 targeted buffer overflow attacks
US7607041B2 (en) * 2005-12-16 2009-10-20 Cisco Technology, Inc. Methods and apparatus providing recovery from computer and network security attacks
US8443442B2 (en) * 2006-01-31 2013-05-14 The Penn State Research Foundation Signature-free buffer overflow attack blocker
US7581089B1 (en) * 2006-04-20 2009-08-25 The United States Of America As Represented By The Director Of The National Security Agency Method of protecting a computer stack
US20090089564A1 (en) 2006-12-06 2009-04-02 Brickell Ernie F Protecting a Branch Instruction from Side Channel Vulnerabilities
US8751948B2 (en) * 2008-05-13 2014-06-10 Cyandia, Inc. Methods, apparatus and systems for providing and monitoring secure information via multiple authorized channels and generating alerts relating to same
US8117660B2 (en) * 2008-06-19 2012-02-14 Microsoft Corporation Secure control flows by monitoring control transfers
US8495587B2 (en) * 2009-01-13 2013-07-23 International Business Machines Corporation Method, apparatus or software for selectively activating a trace function
US8359450B2 (en) * 2009-02-13 2013-01-22 Opnet Technologies, Inc. Memory utilization analysis
US8490060B2 (en) * 2009-09-23 2013-07-16 International Business Machines Corporation Tracing memory updates and accesses for debugging computer programs
US9443085B2 (en) * 2011-07-19 2016-09-13 Elwha Llc Intrusion detection using taint accumulation
US8943313B2 (en) * 2011-07-19 2015-01-27 Elwha Llc Fine-grained security in federated data sets
US8839429B2 (en) * 2011-11-07 2014-09-16 Qualcomm Incorporated Methods, devices, and systems for detecting return-oriented programming exploits
US8776223B2 (en) * 2012-01-16 2014-07-08 Qualcomm Incorporated Dynamic execution prevention to inhibit return-oriented programming
US9256730B2 (en) * 2012-09-07 2016-02-09 Crowdstrike, Inc. Threat detection for return oriented programming

Also Published As

Publication number Publication date
IN2015DN01594A (en) 2015-07-03
JP2015527680A (en) 2015-09-17
US9256730B2 (en) 2016-02-09
EP2893486A4 (en) 2016-03-02
IL237385A0 (en) 2015-04-30
CA2881859A1 (en) 2014-03-13
IL237385B (en) 2018-05-31
EP2893486B1 (en) 2018-11-28
US20140075556A1 (en) 2014-03-13
EP2893486A1 (en) 2015-07-15
JP6208761B2 (en) 2017-10-04
AU2013312388A1 (en) 2015-03-05
WO2014039811A1 (en) 2014-03-13
BR112015004449A2 (en) 2017-07-04

Similar Documents

Publication Publication Date Title
IL237385A0 (en) Threat detection for return oriented programming
GB2521946B (en) Detection of return oriented programming attacks
HK1218765A1 (en) Multiaptamer target detection
EP2815592A4 (en) Zone oriented systems
GB201204792D0 (en) Detection techniques
EP2806287A4 (en) Object detection device
HK1213681A1 (en) Fire detection
EP2919028A4 (en) Storage-device-state detection method
EP2900475A4 (en) Drop detection
HK1197224A1 (en) Elevator-taking detection system
GB2506136B (en) Interference detection
EP2814016A4 (en) Object detection device
EP2677659A4 (en) Object detection system
GB201503259D0 (en) Security systems
GB2507574B (en) Malicious object detection
PL2911534T3 (en) Detection system
GB201415402D0 (en) Moveable Object Detection
GB2502677B (en) Security
EP2859381A4 (en) Neutron detection
GB2508247B (en) Shielded system
GB2504497B (en) Armour
PL2877809T3 (en) Armour
EP2814629A4 (en) Bleedout detection system
GB201223243D0 (en) Detection method
GB201213925D0 (en) Airborne particle detection