| 发明名称 |
Detecting and preventing malcode execution |
| 摘要 |
A system for detecting and halting execution of malicious code includes a kernel-based system call interposition mechanism and a libc function interception mechanism. The kernel-based system call interposition mechanism detects a system call request from an application, determines a memory region from which the system call request emanates, and halts execution of the code responsible for the call request if the memory region from which the system call request emanates is a data memory region. The libc function interception mechanism maintains an alternative wrapper function for each of the relevant standard libc routines, intercepts a call from an application to one or more libc routines and redirects the call into the corresponding alternative wrapper function.
|
| 申请公布号 |
US7971255(B1) |
申请公布日期 |
2011.06.28 |
| 申请号 |
US20050181165 |
申请日期 |
2005.07.14 |
| 申请人 |
THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK |
发明人 |
KC GAURAV S.;AHO ALFRED V. |
| 分类号 |
G06F11/00;G06F12/14;G06F12/16;G08B23/00 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
