Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2019067689) METHODS FOR PROTECTING SOFTWARE HOOKS, AND RELATED COMPUTER SECURITY SYSTEMS AND APPARATUS
Latest bibliographic data on file with the International Bureau    Submit observation

Pub. No.: WO/2019/067689 International Application No.: PCT/US2018/053076
Publication Date: 04.04.2019 International Filing Date: 27.09.2018
IPC:
G06F 21/54 (2013.01) ,G06F 21/56 (2013.01) ,G06F 9/455 (2018.01)
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52
during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
54
by adding security routines or objects to programs
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55
Detecting local intrusion or implementing counter-measures
56
Computer malware detection or handling, e.g. anti-virus arrangements
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
9
Arrangements for programme control, e.g. control unit
06
using stored programme, i.e. using internal store of processing equipment to receive and retain programme
44
Arrangements for executing specific programmes
455
Emulation; Software simulation
Applicants:
CARBON BLACK, INC. [US/US]; 1100 Winter Street Waltham, MA 02451, US
Inventors:
DRAPEAU, Paul, M.; US
STURK, Brian, M.; US
Agent:
LEHRER, Joel E.; US
ARGENTIERI, Steven, R.; US
BRODOWSKI, Michael; US
BUCHMAN, Joshua, J.; US
ASHRAF, Shovon; US
Priority Data:
62/564,01227.09.2017US
Title (EN) METHODS FOR PROTECTING SOFTWARE HOOKS, AND RELATED COMPUTER SECURITY SYSTEMS AND APPARATUS
(FR) PROCÉDÉS DE PROTECTION DE HOOKS LOGICIELS, ET SYSTÈMES ET APPAREIL DE SÉCURITÉ INFORMATIQUE ASSOCIÉS
Abstract:
(EN) A computing apparatus for protecting software hooks from interference may include a processing device and a memory access monitoring device configured to monitor access to the memory addresses of one or more hooks. When a task T1 attempts to write to a memory address of a monitored hook, the monitoring device may generate a notification (e.g., an interrupt), and the processing device may pause execution of the task T1 and initiate execution of a hook protection task T2. The hook protection task T2 may determine whether to allow task T1 to modify the monitored hook. If task T1 is not a trusted task (e.g., if task T1 is or may be malware), the processing device blocks T1 from modifying the monitored hook. In this manner, some attempts to unhook critical software hooks may be thwarted.
(FR) Appareil informatique pour protéger des hooks logiciels contre des interférences pouvant comprendre un dispositif de traitement et un dispositif de surveillance d'accès à une mémoire configuré pour surveiller l'accès aux adresses de mémoire d'un ou de plusieurs hooks. Lorsqu'une tâche T1 tente d'écrire dans une adresse de mémoire d'un hook surveillé, le dispositif de surveillance peut générer une notification (par exemple, une interruption), et le dispositif de traitement peut mettre en pause l'exécution de la tâche T1 et initier l'exécution d'une tâche de protection de hook T2. La tâche de protection de hook T2 peut déterminer s'il faut autoriser la tâche T1 à modifier le hook surveillé. Si la tâche T1 n'est pas une tâche de confiance (par exemple, si la tâche T1 est, ou peut être, un logiciel malveillant), le dispositif de traitement bloque T1 et l'empêche de modifier le hook surveillé. De cette manière, certaines tentatives de décrochage de hooks logiciels critiques peuvent être contrecarrées.
front page image
Designated States: AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW
African Regional Intellectual Property Organization (ARIPO) (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Office (AM, AZ, BY, KG, KZ, RU, TJ, TM)
European Patent Office (EPO) (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG)
Publication Language: English (EN)
Filing Language: English (EN)