Abstract: An apparatus for and method of providing user exits, including dynamic installation of associated software, within the kernel portion of an operating system. An initializer replaces existing system call pointers, in the system services table located in the kernel portion of an operating system, with new pointers to user supplied code. System calls that are hooked, when issued by a user application, are intercepted by a kernel level intercepter which generates a query to a database interface. The database interface sends database requests based on the received query to a database engine. A database manager allows a user to add, delete, edit, etc. records in a database included in the database engine. A method of dynamically inserting user supplied code into the kernel space of an operating system is also disclosed. A communications channel is opened and its associated buffer location is found. A bootstrap loader module is then written into the communications channel buffer.

Abstract: A stack override prevention method provides protection against a computer attack that utilizes the technique of stack override to gain control of a computer system. The method of the protection is to permit the stack to be executable but to add functionality that blocks the possibility of passing control via stack override to code inserted into the stack by means of the exploit program. This method includes relocating the entire stack to a random memory location in memory and subsequently erasing the old stack area. By moving the entire stack associated with a process to a random location, the attacker cannot predict the address in which potentially all permitting code resides and thus cannot put the correct value in the location of the return address within the stack frame. The invention is applicable to operating systems which use the stack as means for passing control to and returning from functions and in which the stack is executable.

Abstract: A security shield implementation method comprising computer software for use with a computer system's software which is transparent to the user of the computer system software and utilizes the steps of system call interception and interactive command interception to control access by a user of the computer system software. The system call interception for non-interactive commands, file access, programs, networks, and the interactive commands, such as access to interactive programs, are routed and examined by redirector software. Security rule checks and log event functions are then conducted on the non-interactive commands, file access requests, programs, networks, and the interactive commands. If a non-interactive command, file access request, program, network, or an interactive command is approved, the command request is then forwarded to the computer operating system.

Abstract: An apparatus for and method of providing user exits, including dynamic installation of associated software, within the kernel portion of an operating system. An initializer replaces existing system call pointers, in the system services table located in the kernel portion of an operating system, with new pointers to user supplied code. System calls that are hooked, when issued by a user application, are intercepted by a kernel level intercepter which generates a query to a database interface. The database interface sends database requests based on the received query to a database engine. A database manager allows a user to add, delete, edit, etc. records in a database included in the database engine. A method of dynamically inserting user supplied code into the kernel space of an operating system is also disclosed. A communications channel is opened and its associated buffer location is found. A bootstrap loader module is then written into the communications channel buffer.