1. Field of the Invention
The present invention relates to security in computer systems. More particularly, the present invention relates to a method and apparatus for limiting security attacks on a computer system that cause a computer system to execute computer code embedded in data received from an external source, such data received in the form of an electronic mail message.
2. Related Art
As computers become increasingly inter-linked through computer networks, security problems arise from malicious programs, such as computer viruses, which can enter a computer system through a computer network. These malicious programs often operate by hiding malicious code in a data file, such as an electronic mail message or a web page, which is copied into the memory of a computer system. A malicious program typically exploits some feature of an application executing on the computer system, such as an email program or a web browser application, to cause the malicious code stored in the memory of the computer system to be executed.
For example, a malicious program may pass an overly large array as a parameter into an email function causing the email function to overwrite a return address on the system stack. If the return address is overwritten with the start address of the malicious code stored in memory, the system will return control to the malicious code. Once the malicious code begins executing, computer system security has been compromised.
One solution to this problem is carefully write all applications that handle data from unreliable sources so as not to leave any holes open to security attack. For example, the above-described attack can be prevented by always checking array bounds. However, applications that handle data from external sources, such as web browsers and email programs, are often quite complex and large, making it difficult to write such applications without any weaknesses that can be attacked. Furthermore, unlike operating systems that are typically architected to provide security, applications such as email programs and web browsers are typically not designed to provide a high level of security.
Another way to avoid attacks of this type is to completely separate code and data storage in memory, making it impossible to execute data files. However, existing programs and operating systems are not structured to enforce such separation. Consequently, the existing base of programs and operating systems would have to be completely redesigned to enforce code and data separation, which would be impractical. Furthermore, by completely separating code and data, it is very hard if not impossible to perform many tasks that rely on code and data being interchangeable in memory, such as compilation of code on-the-fly.
Also, note that a similar attack can be carried out by causing a file containing malicious executable code to be stored on a disk in the computer system, and then causing the computer system to execute the file.
What is needed is a method or apparatus that prevents malicious code embedded in data from an external source from being executed by a computer system.
One embodiment of the present invention provides a system for limiting security attacks on a computer system that operate by causing the computer system to execute computer instructions embedded in data received from an external source. The system operates by receiving the data from the external source and performing a transformation on the data that causes any computer instructions that may be encoded in the data to be unexecutable. After the data is transformed, the system stores the.data in a memory in the computer system. When the data is needed, the system retrieves the data from the memory and reverses the transformation. In this way, data from an external source is stored in memory in a form that cannot be executed by the computer system, thereby making it impossible to execute malicious code embedded in the data.
According to one aspect of the present invention, the data is transformed using a random number, so that the data can only be converted back to its original form with an inverse transformation using the same random number.
According to one aspect of the present invention, the transformed data is additionally stored to a secondary storage device, such as a disk drive, in the computer system.