1. Technical Field
This invention generally relates to computer security. Specifically, it relates to a method for preventing buffer overflow attacks in digital computers.
2. Background Art
During the brief history of computers, system administrators have been plagued by self-replicating programs such as viruses, worms, and Trojan Horses, which are designed to disable host computer systems and propagate themselves to connected systems.
In recent years, two developments have increased the threat posed by these malicious programs. Firstly, increased dependence on computers to perform mission critical business tasks has increased the economic cost associated with system downtime. Secondly, increased interconnectivity between computers has made it possible for viruses and worms to spread to a large number of systems in a matter of hours.
Viruses and worms sometimes employ buffer overflow attacks to attain control of a computer system. This method involves responding to a data request with a larger data string than that request is designed to accept. The larger data string spills into sections of memory that were configured to hold other values, such as the return address of the code being executed. When the code finishes its execution, the application in question, rather than reading memory at the previous return address, reads memory at the return address inserted by the virus. The new return address can either be the location of the newly inserted virus code, or that of a common system executable code module, which itself makes a call to the location where the virus code is located.
To maintain system resources, certain commonly used segments of executable code, known as “executable code modules,” are loaded into fixed locations in the logical memory of certain application processes. These executable code modules are useful to the creators of viruses and worms as the modules can be used to execute malicious code and the modules' load addresses are often published or easily determinable. What is needed is a method of preventing viruses and other malicious agents from utilizing these executable code modules.