专利名称:Alteration of executable code module load
locations
发明人:Sobel, William E.,McCorkendale, Bruce申请号:EP03252821.8申请日:20030506公开号:EP1361496B1公开日:20060315
摘要:Buffer overflow attacks are prevented by altering the load locations ofcommonly used executable code modules. A monitor layer (210) is associated with anoperating system (220) and controls the load locations for predetermined modulescontaining executable code that can be used in the execution of buffer overflow attacks.The monitor layer (210) applies predetermined criteria to determine whether a module(280) presents a high risk for enabling a buffer overflow attack. If the monitor layer (210)determines that the module (280) presents a high risk, the monitor layer (210) may forcethe module (280) to load in an alternate location (290) by reserving sections of memory(295) into which the module normally loads. Alternatively, the monitor layer (210) mayalter the area of the module that directs the operating system (220) to load it into aparticular location (295), thus causing the operating system to load the module to analternate location (290).
申请人:SYMANTEC CORP
地址:US
国籍:US
代理机构:Beresford, Keith Denis Lewis
更多信息请下载全文后查看
因篇幅问题不能全部显示,请点此查看更多更全内容