A method makes use of the fact that call modules, such as APIS, making calls to a critical operating system (OS) function are typically called by a call instruction while, in contrast, a RLIBC attack typically uses call modules that are jumped to, returned to, or invoked by some means other than a call instruction. The method includes stalling a call to critical OS function and checking to ensure that the call module making the call to the critical OS function was called by a call instruction. If it is determined that the call module making the call to the critical OS function was not called by a call instruction, the method further includes taking protective action to protect a computer system.

 
Web www.patentalert.com

< Method and apparatus for compressing instructions to have consecutively addressed operands and for corresponding decompression in a computer system

> Method and system for setting up hosting environments in safety

> Method and system for automated recall notification

~ 00527