logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7480919 B1

PDFFull Text
Date of Patent:
Jan. 20, 2009

Filed:

Jun. 24, 2003

Safe exceptions

Applicants:

Brandon R. Bray, Redmond, WA (US);

Bryan W. Tuttle, Newcastle, WA (US);

Louis Lafreniere, Seattle, WA (US);

Philip M. Lucido, Redmond, WA (US);

Richard M. Shupak, Bellevue, WA (US);

Daniel R. Spalding, Redmond, WA (US);

Inventors:

Brandon R. Bray, Redmond, WA (US);

Bryan W. Tuttle, Newcastle, WA (US);

Louis Lafreniere, Seattle, WA (US);

Philip M. Lucido, Redmond, WA (US);

Richard M. Shupak, Bellevue, WA (US);

Daniel R. Spalding, Redmond, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Woodcock Washburn LLP

Primary Examiner:

Meng-Ai An

Assistant Examiner:

Charles E Anya

Int. Cl.
CPC ...
G06F 3/00 (2006.01); G06F 9/44 (2006.01); G06F 11/00 (2006.01); H04L 9/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

Safe exceptions detect and intervene in a malicious attack against an application or system component, even in the presence of a coding flaw such as a buffer overrun. A list of all the exception handlers in an image (e.g., a DLL or EXE) is desirably created. When loading the image into a process, the operating system loader finds and stores a reference to this list. When a subsequent attack targets exception handling by creating an attacker provided exception handler, the new attacker provided exception handler is compared to a list of the real exception handlers. The list of real exception handlers is stored in memory, and desirably cannot be modified. In particular, when an exception occurs, the operating system finds the proper exception handler from information on the stack (this may be under attack, so the information is not trusted) and compares it to the previously created read-only reference list. If the exception handler that has occurred is found on the reference list, the exception handler is allowed to execute. Otherwise, the operating system assumes the application is under attack and terminates the process' execution.

Find Patent Forward Citations

Loading…