Importance

Loading Importance Indicators...

Abstract

A page fault proxy handler and related method defend against buffer overflow attacks. The page fault proxy handler is for connection to an original page fault handler and a paging table in which supervisor flags for all entries for all writable memory pages have been pre-set. The page fault proxy handler comprises a page fault detector, a page fault filter, an execution address checker, a mitigation module, and a controlled memory access module. The detector detects page faults and passes them to the filter. The filter passes to the original page fault handler page faults not arising from an attempt to access a writable page by a user mode program. The execution address checker passes to the mitigation module only page faults arising from an attempt by a user mode program to execute from the writable page; other accesses to a writable page by a user mode program are passed to the controlled memory access module. The mitigation logs and/or terminates the program. The controlled memory access module permits the user program to access the writable page by changing an associated supervisor flag in the paging table. The method handles page faults in conjunction with an original page fault handler. The method sets a supervisor flag in a page entry table associated with a writable page. The method detects a page fault and determines whether it arises from an attempt by a user mode program to execute from the writable page having the associated supervisor flag set. The method conditionally calls the original page fault handler on the basis of the determining step.

Loading the Abstract Image...

First Claim