System and method for indirect interface monitoring and plumb-lining
First Claim
Patent Images
1. A method, comprising:
- monitoring, by a processor, a first interface by directly monitoring the first interface, wherein the first interface is associated with a call stack of call frames pushed onto the call stack;
monitoring, by the processor, a second interface by;
identifying, based on a callback, a calling code associated with the second interface by unwinding one of the call frames of the call stack associated with the first interface, wherein the call frame includes a pointer to the calling code and one or more parameters passed to the calling code and wherein the calling code caused the call frame to be pushed to the stack; and
identifying a program context associated with the calling code; and
taking a policy action if the second interface is not executed before the first interface.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment that includes monitoring a first interface, monitoring a second interface, and taking a policy action if the second interface is not executed before the first interface. In more particular embodiments, monitoring the second interface may include walking a call stack associated with the first interface. Moreover, a program context for calling code associated with the second interface may be identified and acted upon.
-
Citations
17 Claims
-
1. A method, comprising:
-
monitoring, by a processor, a first interface by directly monitoring the first interface, wherein the first interface is associated with a call stack of call frames pushed onto the call stack; monitoring, by the processor, a second interface by; identifying, based on a callback, a calling code associated with the second interface by unwinding one of the call frames of the call stack associated with the first interface, wherein the call frame includes a pointer to the calling code and one or more parameters passed to the calling code and wherein the calling code caused the call frame to be pushed to the stack; and identifying a program context associated with the calling code; and taking a policy action if the second interface is not executed before the first interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more non-transitory tangible media encoding logic that include instructions for execution that, when executed by a processor, is operable to perform operations comprising:
-
monitoring, by a processor, a first interface by directly monitoring the first interface, wherein the first interface is associated with a call stack of call frames pushed onto the call stack; monitoring, by the processor, a second interface by; identifying, based on a callback, a calling code associated with the second interface from one of the call frames of the call stack associated with the first interface, wherein the call frame includes a pointer to the calling code and one or more parameters passed to the calling code and wherein the calling code caused the call frame to be pushed onto the stack; identifying a function within the calling code to determine security of the function; and taking a policy action if the second interface is not executed before the first interface. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification