1. Field of the Invention
The present invention relates to computer systems. More specifically, the present invention relates to a method and an apparatus for facilitating the secure execution of code within a computer system.
2. Related Art
Since the early years of computer programming, computer designers have strived to create open platforms with robust feature sets while minimizing the ability for hackers to execute malicious code. To this end, programmers have created the notion of “privileged” code to help safeguard against the malicious use of code. In theory, the programmers must specifically mark privileged code, and only code that is marked as privileged is allowed to execute potentially dangerous functions. In practice, however, hackers are able to fool such systems into thinking that their code is privileged through various methods. For example, many hackers exploit privilege inheritance vulnerabilities to gain access to higher privileges. Essentially, they fool the system into calling their code from a privileged function, and in turn, their code inherits the access level of the calling function.
Another way in which hackers can fool the system into executing their rogue code is by replacing a system function with their own corresponding function. Subsequently, when the system attempts to execute the system function, the hacker's function executes instead; often times with all of the access rights of the replaced system function.
It is possible to manually inspect code to identify such vulnerabilities and compromised code. However, with all of the different levels of privilege inheritance, and all of the complex procedure calls, it can be very easy to overlook potential problems.
Hence, what is needed is a method and an apparatus for securely executing code without the problems described above.