Protection of process memory against foreign code injection
Inventors
Assignees
Publication Number
US-12229249-B1
Publication Date
2025-02-18
Expiration Date
2042-05-17
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Protection of process memory against foreign code injection is described herein. A system includes at least one processor and at least one memory storing instructions thereon that, when executed by the at least one processor, cause the at least one processor to perform operations. The operations include to dynamically virtualize a protected application in user space, wherein the virtualization comprises a virtualized memory management system and to monitor memory allocated to the virtualized protected application by the virtualized memory management system. The operations include to compare memory allocated by the virtualized memory management system with known allocations of virtual memory. Additionally, the applications include to designate the memory as being injected with foreign code in response to the virtualized memory management system detecting privileges not created by the virtualized memory management system.
Core Innovation
The invention provides techniques to protect process memory against foreign code injection by dynamically virtualizing a protected application in user space. This virtualization includes a virtualized memory management system that monitors memory allocated to the protected application, comparing such allocations against known virtual memory allocations. If privileges are detected in the memory that were not created by the virtualized memory management system, that memory is designated as having been injected with foreign code.
The problem addressed by this invention is the vulnerability of applications to code injection attacks, where malicious processes inject foreign code into legitimate processes, bypass security measures, or steal information. Traditional solutions require privileged kernel drivers or system-wide library injections, which can be ineffective in scenarios where privileged access is unavailable or can be undermined by more privileged malware. These methods can also introduce compatibility issues and are often detectable or unloadable by malicious actors.
The innovative solution offered applies user-space unprivileged virtualization by generating micro-containers for protected applications. Each micro-container contains a custom virtual memory management system that monitors and periodically scans allocated memory, identifying non-micro-container allocations and unauthorized privilege assignments. When memory with write or execute privileges not allocated by the micro-container is detected, it is labeled as injected foreign code. This approach allows memory protection without requiring privileged access and makes the detection process less visible to malicious processes.
Claims Coverage
The patent includes three independent claims that define key aspects of the invention’s coverage through a system, method, and non-transitory storage media.
User-space virtualization with a virtualized memory management system
The core inventive feature is dynamically virtualizing a protected application in user space, wherein the virtualization comprises a virtualized memory management system. This system performs operations without requiring privileged kernel drivers, providing an isolated environment for applications.
Monitoring and comparison of memory allocations
The invention performs monitoring of memory allocated to the virtualized protected application by the virtualized memory management system. It compares memory allocations by this system to known allocations of virtual memory, enabling identification of unauthorized memory regions.
Detection of unauthorized privileges and designation of injected foreign code
Another inventive feature is detecting, by the virtualized memory management system, privileges not created by itself. Upon such detection, the system designates the memory as being injected with foreign code. This association allows security decisions to be made based on the presence of foreign code.
In summary, the inventive features focus on user-space virtualization using a custom memory manager, monitoring and comparing memory allocations, and designating memory as containing foreign code when unauthorized privileges are detected.
Stated Advantages
Protects process memory integrity against code injection without requiring privileged access.
Avoids use of traditional privileged kernel drivers or system-wide library injections, reducing compatibility issues and detection by malicious processes.
Allows granular detection of foreign code injection, enabling its use as an authorization parameter in zero-trust systems or to restrict resource access.
Uses micro-containers that require less computing resources compared to full virtual machines.
Documented Applications
Protection of process memory in applications against foreign code injection.
Use in security software for zero-trust access systems; foreign code detection can halt network access to privileged resources or reduce accessible resources.
Deployment in edge or mobile implementations to provide process memory protection using cloud-based resources.
Interested in licensing this patent?