1. Field of the Invention
The present invention relates to protecting computer software.
2. Description of the Related Art
Computer software is subject to various types of attacks from hackers and others. For example, memory-based attacks are the most common among Internet worms, such as SQL Slammer, Code Red, Blaster, Sasser and so forth. Memory-based attacks take advantage of software flaws in order to take control of those programs. The most prevalent ones include buffer overruns, stack overflows, heap overflows, format string vulnerabilities, code-injection and code re-use attacks. Other, non-memory based attacks include denial of service, privilege escalation and control flow/hijack based attacks. As a result, various protective schemes have been developed which attempt to place a protective shield around computer programs, such as by enforcing coding conventions. However, some benign programs with bad properties that break commonly followed coding conventions can be falsely detected as attacks, e.g., false positives, and otherwise interfere with the protective scheme. As a result, the normal execution of the protected program can be interrupted, thereby impairing system availability. A key challenge is to identify benign programs with bad properties, and allow them to run without interruption, while stopping any malicious code from being executed.