发明名称 |
Mitigation of cyber attacks by pointer obfuscation |
摘要 |
A method for protecting a computer includes identifying a first pointer in a data structure used by a computer program indicating a first memory address to be accessed, using the pointer, in order to invoke a functionality of the computer. The identified first pointer is replaced with a second pointer indicating a second memory address, different from the first memory address. A security program module traps attempts to access the second memory address during execution of the computer program so as to foil unauthorized access to the functionality of the computer. |
申请公布号 |
US9471514(B1) |
申请公布日期 |
2016.10.18 |
申请号 |
US201313969650 |
申请日期 |
2013.08.19 |
申请人 |
PALO ALTO NETWORKS, INC. |
发明人 |
Badishi Gal;Davidi Netanel |
分类号 |
G06F12/00;G06F13/00;G06F13/28;G06F12/14 |
主分类号 |
G06F12/00 |
代理机构 |
D. Kligler IP Services Ltd. |
代理人 |
D. Kligler IP Services Ltd. |
主权项 |
1. A method for protecting a computer when loading a computer program into a memory for execution by the computer and creating a data structure for the computer program, comprising:
executing a pointer handling module which when loading a computer program into a memory for execution by the computer, and before execution of the computer program, performs:
identifying a first pointer in the data structure created for the computer program, the first pointer indicating a first memory address which can be used to access operating system functions and accordingly is considered to be vulnerable;replacing the identified first pointer in the created data structure for the loaded computer program with a second pointer selected to initiate an exception when accessed; configuring the computer such that when the second pointer is accessed, control is transferred to a security program module in two steps, a first step in which the computer attempts to access a memory location indicated by the second pointer, causing an exception, and a second step in which an exception handling function transfers control to the security program module; initiating execution of the computer program after replacing the first pointer; and determining, by the security program module when invoked, whether an access to the second pointer which invoked the security program module is a possible unauthorized access to the functionality of the computer. |
地址 |
Santa Clara CA US |