US Patent No: 7,437,759

Number of patents in Portfolio can not be more than 2000

Kernel mode overflow attack prevention system and method

Stats

ATTORNEY / AGENT: (SPONSORED)

Importance

Loading Importance Indicators... loading....

Abstract

See full text

A method includes hooking a critical operating system function, stalling a call to the critical operating system function originating from a call module, determining a location of the call module in a kernel address space of a memory, and determining whether the location is in a driver area of the kernel address space. Upon a determination that the call module is not in the driver area, the method further includes taking protective action to protect a host computer system. In this event, it is highly likely that the call module is malicious code that has been injected into the kernel stack/heap through a malicious kernel mode buffer overflow attack. By taking protective action, exploitation, damage or destruction of the host computer system is prevented.

Loading the Abstract Image... loading....

First Claim

See full text

all claims..

Related Publications

Loading Related Publications... loading....

Patent Owner(s)

Patent OwnerAddressTotal Patents
SYMANTEC CORPORATIONMOUNTAIN VIEW, CA1840

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
Szor, Peter Northridge, CA 58 493

Cited Art Landscape

Patent Info (Count) # Cites Year
 
SYMANTEC CORPORATION (4)
5,696,822 Polymorphic virus detection module 173 1995
6,357,008 Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases 165 1997
7,228,563 Shell code blocking system and method 5 2003
7,216,367 Safe memory scanning 18 2003
 
INTERNATIONAL BUSINESS MACHINES CORPORATION (3)
6,199,181 Method and system for maintaining restricted operating environments for application programs or operating systems 174 1998
7,146,305 Analytical virtual machine 38 2001
2004/0255,163 Preventing attacks in a data processing system 43 2004
 
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (2)
6,910,142 System for detection and routing of platform events in a multi-cell computer 8 2001
6,820,146 Filter driver for blocking access by host to devices 8 2002
 
INTEL CORPORATION (2)
6,718,414 Function modification in a write-protected operating system 5 2000
7,181,603 Method of secure function loading 15 2002
 
MCAFEE, INC. (2)
5,864,683 System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights 330 1994
6,658,571 Security framework for dynamically wrapping software applications executing in a computing system 65 1999
 
CA, INC. (1)
2002/0083,334 Detection of viral code using emulation of operating system functions 38 2001
 
CIGITAL (1)
7,085,928 System and method for defending against malicious software 30 2001
 
ENTERCEPT SECURITY TECHNOLOGIES, INC. (1)
6,301,699 Method for detecting buffer overflow for computer security 76 1999
 
Hill; William Stanley (1)
5,598,531 Method and apparatus for preventing "disease" damage in computer systems 29 1993
 
IN-DEFENSE, INC. (1)
5,822,517 Method for detecting infection of software programs by memory resident software viruses 60 1996
 
ROUND ROCK RESEARCH, LLC (1)
5,802,178 Stand alone device for providing security within computer networks 71 1996
 
SECUREWAVE S.A. (1)
2003/0014,667 Buffer overflow attack detection and suppression 51 2001
 
SIEMENS NIXDORF INFORMATIONSSYSTEME AG (1)
6,092,136 Multi-processor central processing unit 10 1998

Patent Citation Ranking

Forward Cite Landscape

Patent Info (Count) # Cites Year
 
WONTOK, INC. (3)
7,765,558 System and method for handling an event in a computer system 3 2005
8,341,649 System and method for handling an event in a computer system 1 2009
8,332,872 System and method for handling an event in a computer system 0 2010
 
AHNLAB, INC. (1)
8,763,128 Apparatus and method for detecting malicious files 0 2013
 
LRDC Systems, LLC (1)
8,769,373 Method of identifying and protecting the integrity of a set of source data 0 2010
 
SKY SOCKET, LLC (1)
8,646,076 Method and apparatus for detecting malicious shell codes using debugging events 0 2013
 
SYMANTEC CORPORATION (1)
8,539,578 Systems and methods for defending a shellcode attack 0 2010
 
The Trustees of Columbia University in the City of New York (1)
7,971,255 Detecting and preventing malcode execution 13 2005

Maintenance Fees

Fee Large entity fee small entity fee micro entity fee due date
7.5 Year Payment $3600.00 $1800.00 $900.00 Apr 14, 2016
11.5 Year Payment $7400.00 $3700.00 $1850.00 Apr 14, 2020
Fee Large entity fee small entity fee micro entity fee
Surcharge - 7.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge - 11.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge after expiration - Late payment is unavoidable $700.00 $350.00 $175.00
Surcharge after expiration - Late payment is unintentional $1,640.00 $820.00 $410.00