Sensor for detecting and eliminating inter-process memory breaches in multitasking operating systems

Abstract

The invention relates to a method for detecting and eliminating SCR breach operations by a second party within the memory space allocated to a first party, in a multi-tasking system, which comprises: (a) pre-recording by the first party within a knowledge base the structure and / or behavior of an SCR stack; (b) implanting within the SCR stack a dedicated SCR for reporting on the structure and / or behavior of said SCR stack when the SCR stack is activated; (c) when the SCR stack is activated, comparing the data reported by the dedicated SCR with the pre-recorded stack structure and / or behavior; (d) whenever non-matching in the structure and / or behavior is found, ceasing the activity of the activated stack, and alerting.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application claims the benefit of U.S. Provisional Application No. 60 / 260,203, filed Jan. 9, 2001, the disclosure of which is incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention relates to the field of protecting and securing data in computerized systems. More particularly, the invention provides a method and system for detecting inter-process memory breaches in multitasking operating systems.BACKGROUND OF THE INVENTION[0003]Modern operating systems are actually a modular collection of building blocks rather than one monolithic object. This form of architecture enables an Operation System (OS) manufacturer to build and distribute new facilities (or new versions for existing facilities) with relative ease. It also enables third party programmers to add new capabilities to a basic operating system without accessing its source code, by means of well-defined extension interfaces.[0004]In particular, the Inpu...

AI Technical Summary

Benefits of technology

This solution enhances security by effectively detecting and eliminating unauthorized SCR breach operations within multitasking systems, improving the separation of memory spaces and aiding in accountability by alerting users to illegal actions.

Problems solved by technology

In particular, user-mode multi-layer extension mechanisms are quite vulnerable to memory-space breaches.

Normally, whenever a service from a specific SCR is requested by a user application, the request travels along the whole relevant stack, however, the user application has no clue about the specific SCRs that actually serve it along the way.

Unfortunately, there is more than one way to share memory between the SCR's ‘instances’.

Combining the aforementioned factors that compromise the requirement for separation between memory spaces of different processes, there is an opportunity for offenders to abuse the inherent mechanisms of the operating system.

Amongst other threats, the offender may read or manipulate I / O, it might change the behavior of the invaded application, or it may send information from one process to another process.

One of the most serious aspects of memory-space breaches is the ability of the offender to take the identity of the invaded process.

This makes life harder for auditing tools and intrusion-detection systems, and makes the search for accountability more difficult.

The art has not yet provided satisfactory protection means for detecting and / or preventing such inter-process memory breaches in multitasking OS.

Images