Security concerns for all types of processor-based electronic devices, and particularly for computing devices, have become a significant concern. While some concerns may relate to detrimental actions which may be undertaken by defective code implemented by such devices, the greater concerns relate to the ramifications of various types of attacks made upon such devices through malicious code, including code conventionally known in the field by a number of names, including “viruses,” “worms,” “Trojan horses,” “spyware,” “adware,” and others. Such malicious code can have effects ranging from relatively benign, such as displaying messages on a screen, or taking control of limited functions of a device; to highly destructive, such as taking complete control of a device, running processes, transmitting and/or deleting files, etc. Virtually any type of imaginable action on a processor-based device has been the subject of attacks by malicious code.
Many of these attacks are directed at computing devices, such as workstations, servers, desktop computers, notebook and handheld computers, and other similar devices. Many of these computing devices can run one or more application programs which a user may operate to perform a set of desired functions. However, such attacks are not limited to such computing devices. A broader group of various types of devices, such as cell phones; personal digital assistants (“PDA's”); music and video players; network routers, switches or bridges; and other devices utilizing a microprocessor, microcontroller, or a digital signal processor, to execute coded instructions have been the subjects of attacks by malicious code.
A number of methodologies have been used in an attempt to reduce or eliminate both the attacks and influence of malicious or defective code. Generally, these methodologies include detection, prevention, and mitigation. Specifically, these methodologies range from attempts to scan, identify, isolate, and possibly delete malicious code before it is introduced to the system or before it does harm (such as is the objective of anti-virus software, and the like), to restricting or containing the actions which may be taken by processes affected by malicious or defective code. However, most of these techniques are ineffective if the malware gains access or operating privilege (e.g., root privilege or administrative privilege).
For example, in a conventional operating system, once the malware gains certain accessing privilege, such as root or administrative privilege, it can cause significant damage to the system. One of the most significant damage will be modify certain security settings of certain system components or applications running within an operating system, which in turn destroys all or most of the security measures of the system. There has been a lack of efficient security prevention mechanisms to prevent such malware even if it gained the necessary accessing privileges.