The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 26, 2022
Filed:
Mar. 14, 2019
Fireeye, Inc., Milpitas, CA (US);
FireEye Security Holdings, Inc., Milpitas, CA (US);
Abstract
According to one embodiment, a method detecting and mitigating a privilege escalation attack on an electronic device is described. The method involves operations by a user agent mode operating within a user space and a kernel driver mode operating within a kernel space. The kernel driver mode, in response to detecting an initial activation of a process being monitored, stores metadata associated with an access token. This metadata includes the initial token state information. Responsive to detecting an event associated with the process being monitored, the kernel mode driver extracts a portion of current state information for the access token for comparison to a portion of the stored token state information. Differences between content within the current state information and the stored token state information are used, at least in part, by the user agent mode to detect a privilege escalation attack.