The company was once called araksha. Their technology is good (think compiler optimization foo) but not a silver bullet. Many of the problems and issues with this approach can be found in a paper published a couple of years ago at usenix security. Google for it through the MIT profs name.
gem -----Original Message----- From: Thor Larholm [mailto:[EMAIL PROTECTED] Sent: Wed Jun 09 13:32:52 2004 To: sc-l Subject: [SC-L] Determina claims 100% protection against all buffer overflows Startup Determina has released a product that they claim protects against 100% of all memory based attacks, including all types of buffer overflows, without any false positives, false negatives or noticeable overhead. This is appareantly based on work done by their CTO, Dr. Saman Amarasinghe, who is an Associate Professor of the Department of Electrical Engineering and Computer Science at MIT. If this is based on work from MIT I guess the research should be public, but I have trouble finding evidence that support these broad claims. Broad overview at http://www.determina.com/tech/memfirewall.asp More in-depth overview at http://www.determina.com/docs/Determina%20Memory%20Firewall%20Paper.pdf The paper gives some graphs about jump points and break instructions. I would guess that they have a rootkit that hooks all kernel and user space functions that deal with memory allocation and process creation. When a process is created they probably generate a map of all carry/jump/break instructions which they use to compare with once anything in the system tries to alter the process memory space through the system functions they are proxying. If anything tries to change the existing execution roadmap they just disregard that request for a process memory change. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] Stock symbol: (PIVX) Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines a new genre in Desktop Security: Proactive Threat Mitigation. <http://www.pivx.com/qwikfix> ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------