| 发明名称 | Mitigation of cyber attacks by pointer obfuscation | ||
| 摘要 | A method for protecting a computer includes identifying a first pointer in a data structure used by a computer program indicating a first memory address to be accessed, using the pointer, in order to invoke a functionality of the computer. The identified first pointer is replaced with a second pointer indicating a second memory address, different from the first memory address. A security program module traps attempts to access the second memory address during execution of the computer program so as to foil unauthorized access to the functionality of the computer. | ||
| 申请公布号 | US9471514(B1) | 申请公布日期 | 2016.10.18 |
| 申请号 | US201313969650 | 申请日期 | 2013.08.19 |
| 申请人 | PALO ALTO NETWORKS, INC. | 发明人 | Badishi Gal;Davidi Netanel |
| 分类号 | G06F12/00;G06F13/00;G06F13/28;G06F12/14 | 主分类号 | G06F12/00 |
| 代理机构 | D. Kligler IP Services Ltd. | 代理人 | D. Kligler IP Services Ltd. |
| 主权项 | 1. A method for protecting a computer when loading a computer program into a memory for execution by the computer and creating a data structure for the computer program, comprising: executing a pointer handling module which when loading a computer program into a memory for execution by the computer, and before execution of the computer program, performs: identifying a first pointer in the data structure created for the computer program, the first pointer indicating a first memory address which can be used to access operating system functions and accordingly is considered to be vulnerable;replacing the identified first pointer in the created data structure for the loaded computer program with a second pointer selected to initiate an exception when accessed; configuring the computer such that when the second pointer is accessed, control is transferred to a security program module in two steps, a first step in which the computer attempts to access a memory location indicated by the second pointer, causing an exception, and a second step in which an exception handling function transfers control to the security program module; initiating execution of the computer program after replacing the first pointer; and determining, by the security program module when invoked, whether an access to the second pointer which invoked the security program module is a possible unauthorized access to the functionality of the computer. | ||
| 地址 | Santa Clara CA US | ||