Program Instruction Sequence Monitor for Hijack Detection and Proactive Zero-day Defense
Small Business Information
Broadata Communications, Inc.
2545 W. 237th Street, Suite K, Torrance, CA, -
AbstractNumerous malicious means have been developed for the hijacking software program execution to gain unauthorized access and functionality on computer systems and network nodes. The techniques are many and varied, but generally fall into the framework of placing a pointer to an execution location into a program"s normative execution path, in order to cause a jump to the targeted location for subsequent execution. To address this critical need, Broadata Communications, Inc. (BCI) proposes the Program Instruction Sequence Monitor (PRISM); a robust, accurate, and efficient mechanism of deterministically detecting program hijacking. PRISM provides hijack detection that is out-of-band to attack. It does not require virtualization technology but can (optionally) leverage virtualization it to enhance robustness against attack. The key advantages of PRISM include: (1) Insensitive to replay attacks, (2) Efficient performance in comparison with dynamic tainting, (3) No need for source code, emulation, or instrumentation of the executable, (4) Works even in the presence of an executable stack, or writable code area, (5) Monitoring mechanisms are robust and out-of-band to attackers in user space. PRISM can respond to zero-day attacks, and can greatly enhance existing military, governmental, and industrial cyber-security systems.
* information listed above is at the time of submission.