公开(公告)号：US07480919B2

公开(公告)日：2009-01-20

申请号：US10602952

申请日：2003-06-24

申请人： Brandon R. Bray ,  Bryan W. Tuttle ,  Louis Lafreniere ,  Philip M. Lucido ,  Richard M. Shupak ,  Daniel R. Spalding

发明人： Brandon R. Bray ,  Bryan W. Tuttle ,  Louis Lafreniere ,  Philip M. Lucido ,  Richard M. Shupak ,  Daniel R. Spalding

IPC分类号： G06F3/00 ,  G06F9/44 ,  G06F11/00 ,  H04L9/00

CPC分类号： G06F21/52

摘要： Safe exceptions detect and intervene in a malicious attack against an application or system component, even in the presence of a coding flaw such as a buffer overrun. A list of all the exception handlers in an image (e.g., a DLL or EXE) is desirably created. When loading the image into a process, the operating system loader finds and stores a reference to this list. When a subsequent attack targets exception handling by creating an attacker provided exception handler, the new attacker provided exception handler is compared to a list of the real exception handlers. The list of real exception handlers is stored in memory, and desirably cannot be modified. In particular, when an exception occurs, the operating system finds the proper exception handler from information on the stack (this may be under attack, so the information is not trusted) and compares it to the previously created read-only reference list. If the exception handler that has occurred is found on the reference list, the exception handler is allowed to execute. Otherwise, the operating system assumes the application is under attack and terminates the process' execution.

摘要翻译： 安全异常检测并介入对应用程序或系统组件的恶意攻击，即使存在编码缺陷（如缓冲区溢出）。 期望地创建图像中的所有异常处理程序的列表（例如，DLL或EXE）。 当将图像加载到进程中时，操作系统加载程序将查找并存储对此列表的引用。 当后续的攻击通过创建提供异常处理程序的攻击者来攻击异常处理时，将提供异常处理程序的新的攻击者与真正的异常处理程序列表进行比较。 真正的异常处理程序列表存储在存储器中，并且希望不被修改。 特别是，当发生异常时，操作系统从堆栈上的信息中找到正确的异常处理程序（这可能受到攻击，因此信息不受信任），并将其与先前创建的只读引用列表进行比较。 如果在引用列表中找到已发生的异常处理程序，则允许异常处理程序执行。 否则，操作系统假定应用程序受到攻击，并终止进程的执行。

公开(公告)号：US07716495B2

公开(公告)日：2010-05-11

申请号：US10750297

申请日：2003-12-31

申请人： Richard M. Shupak ,  Philip M. Lucido

发明人： Richard M. Shupak ,  Philip M. Lucido

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G06F21/52

摘要： Security mechanisms detect and intervene in a malicious attack against a runtime function, even in the presence of a coding flaw such as a buffer overrun or overflow. One such exemplary mechanism uses a predetermined security list of the valid targets for a first runtime function (such as longjmp). For every call to a second runtime function (e.g., setjmp) that prepares for a later invocation of the first runtime function, the dispatcher finds and stores a reference to this list. When a subsequent attack targets the runtime functions by creating an attacker-provided setjmp target address (e.g., the attack overwrites the longjmp target address so that the pointer points somewhere else, such as code provided by the attacker or code that already exists that will eventually pass control to code provided by the attacker), the new (attacker provided) target address is compared to a reference list of the real (valid) target addresses. The list of real target addresses is stored in memory. If the target address that has been provided is found on the reference list, then the runtime function (e.g., longjmp) is allowed to continue to execute by the dispatcher (which may be the actual runtime function). Otherwise, the dispatcher assumes the application is under attack and terminates the process' execution.

摘要翻译： 即使存在编码缺陷（如缓冲区溢出或溢出），安全机制也会检测并介入针对运行时功能的恶意攻击。 一个这样的示例性机制使用用于第一运行时功能（例如longjmp）的有效目标的预定安全列表。 对于每次调用准备稍后调用第一个运行时间函数的第二运行时函数（例如，setjmp），调度程序将查找并存储对该列表的引用。 当后续攻击通过创建攻击者提供的setjmp目标地址（例如，攻击覆盖longjmp目标地址，以便指针指向其他地方，例如由攻击者提供的代码或已经存在的代码将最终定位到运行时功能时） 对攻击者提供的代码进行传递控制），将新的（攻击者提供的）目标地址与实际（有效）目标地址的参考列表进行比较。 实际目标地址列表存储在内存中。 如果在参考列表中找到了提供的目标地址，则允许运行时功能（例如，longjmp）由调度程序（可能是实际运行时功能）继续执行。 否则，调度员假定应用程序正在受到攻击并终止进程的执行。