Dynamic replacement of system call tables
First Claim
Patent Images
1. A method for dynamically replacing a system call table for applications targeted for security checking, comprising:
- identifying a target process executing on a processor including threads associated with a global service descriptor table (SDT);
allocating an alternate SDT for the target process;
installing one or more security hook routines in the alternate SDT;
changing the threads included in the target process from being associated with the global SDT to being associated with the alternate SDT, wherein threads of a plurality of other processes remain associated with the global SDT; and
responsive to a thread of the target process creating a new thread, associating the new thread with the alternate SDT.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed that exploit system call mechanism to effect robust security applications. In one particular case, security software is able to effectively “sandbox” user mode applications at the thread granularity level, by replacing the system call mechanism of the operating system with a custom mechanism that limits the rights available to a target application that is vulnerable to malicious attack. The techniques allow the security software to create service tables with varying degrees of security levels, and do not impact performance of non-targeted running processes/threads.
-
Citations
17 Claims
-
1. A method for dynamically replacing a system call table for applications targeted for security checking, comprising:
-
identifying a target process executing on a processor including threads associated with a global service descriptor table (SDT); allocating an alternate SDT for the target process; installing one or more security hook routines in the alternate SDT; changing the threads included in the target process from being associated with the global SDT to being associated with the alternate SDT, wherein threads of a plurality of other processes remain associated with the global SDT; and responsive to a thread of the target process creating a new thread, associating the new thread with the alternate SDT. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A machine-readable storage medium encoded with executable instructions, that when executed by a processor, cause the processor to carry out a process for dynamically replacing a system call table for applications targeted for security checking, the process comprising:
-
identifying a target process including threads associated with a global service descriptor table (SDT) object; allocating an alternate SDT for the target process; installing one or more security hook routines in the alternate SDT; changing the threads included in the target process from being associated with the global SDT to being associated with the alternate SDT, wherein threads of a plurality of other processes remain associated with the global SDT; and responsive to a thread of the target process creating a new thread, associating the new thread with the alternate SDT. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for dynamically replacing a system call table for applications targeted for security checking, comprising:
-
a storage medium for storing one or more security hook routines; and an alternate service descriptor table (SDT) module for; identifying a target process including threads associated with a global SDT; allocating an alternate SDT for the target process; installing one or more of the security hook routines from the storage medium in the alternate SDT; changing the threads included in the target process from being associated with the global SDT to being associated with the alternate SDT, wherein threads of a plurality of other processes remain associated with the global SDT; and responsive to a thread of the target process creating a new thread, associating the new thread with the alternate SDT. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for dynamically replacing a system call table for applications targeted for security checking, comprising:
-
means for storing one or more security hook routines; means for identifying a target process including threads associated with a global service descriptor table (SDT); means for allocating an alternate SDT for the target process; means for installing one or more of the security hook routines from the means for storing in the alternate SDT; means for changing the threads included in the target process from being associated with the global SDT to being associated with the alternate SDT, wherein threads of a plurality of other processes remain associated with the global SDT; and means for associating a new thread with the alternate SDT, responsive to a thread of the target process creating the new thread. - View Dependent Claims (17)
-
Specification