Systems and methods for preventing subversion of address space layout randomization (ASLR)
First Claim
1. A method for preventing subversion of address space layout randomization (ASLR) in a computing device, the method comprising:
- intercepting an unverified module attempting to load into an address space of memory of the computing device;
analyzing attributes associated with the unverified module;
determining, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold; and
preventing the unverified module from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
-
Citations
20 Claims
-
1. A method for preventing subversion of address space layout randomization (ASLR) in a computing device, the method comprising:
-
intercepting an unverified module attempting to load into an address space of memory of the computing device; analyzing attributes associated with the unverified module; determining, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold; and preventing the unverified module from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system that is configured to prevent subversion of address space layout randomization (ASLR), the computer system comprising:
-
a processor; memory in electronic communication with the processor; and a security extension module, the module configured to; intercept an unverified module attempting to load into an address space of memory of the computing device; analyze attributes associated with the unverified module; determine, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold; and prevent the unverified module from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-program product for preventing subversion of address space layout randomization (ASLR), the computer-program product comprising a non-transitory computer-readable storage medium having instructions thereon, the instructions comprising:
-
code programmed to intercept an unverified module attempting to load into an address space of memory of the computing device; code programmed to analyze attributes associated with the unverified module; code programmed to determine, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold; and code programmed to prevent the unverified module from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.
-
Specification