首页>
外国专利>
APPARATUS AND A METHOD FOR PREVENTING A VIRUS CODE EXECUTION THROUGH BUFFER OVERFLOW CONTROL, PARTICULARLY FOR DETECTING BUFFER OVERFLOW THROUGH SOFTWARE WITHOUT SUPPORTING HARDWARE
APPARATUS AND A METHOD FOR PREVENTING A VIRUS CODE EXECUTION THROUGH BUFFER OVERFLOW CONTROL, PARTICULARLY FOR DETECTING BUFFER OVERFLOW THROUGH SOFTWARE WITHOUT SUPPORTING HARDWARE
PURPOSE: An apparatus and a method for preventing a virus code execution through buffer overflow control are provided to enhance a detection rate of overflow attack for the state, buffer and global variable without recompiling and the change of an application code or an operating system.;CONSTITUTION: The execution of a kernel module or application program is detected, a code conversion unit(133) changes some of kernel or application program codes into an interrupt command. When the exception is generated by the execution of the interrupt command, a code inspection unit(135) judges the buffer overflow. When the buffer overflow is generated, a virus detection engine(137) performs virus inspection for a program execution region which is moved by the buffer overflow.;COPYRIGHT KIPO 2011
展开▼
