1. Field of the Invention
The present invention relates to computers and computer network security. More specifically, it relates to secure application execution in a computer's user space.
2. Description of the Related Art
Protection of applications that execute in the user space of a computing device has become increasingly important. As computers become more connected with networks and other computing devices, they are more vulnerable to attacks from external entities. In particular, application programs executing in the user space are especially susceptible to tampering, and as a result may not perform their intended functions. They may be altered to download malware, confidential data, spread viruses, and the like. There are errors in the execution of application programs in the user space that may be taken advantage of by external entities.
Presently, there are security programs that are able to analyze application code to detect errors in the code that may lead to vulnerabilities that hackers can take advantage of, such as Coverity and Fortify. There are other products that try to prevent these types of errors from executing at runtime, such as StackGuard, PaX, and NX bit. All these products focus on detecting and preventing a specific type of error that may lead to vulnerabilities which hackers may use to create a problem in the application code, such as stack overflow. Because such security programs may not always be effective and new vulnerabilities may always arise, we can assume that hackers will be able to take advantage of code vulnerabilities and create problems. Therefore, it would be desirable to prevent the problem itself (e.g., execution of arbitrary code) from happening in cases where hackers were able to take advantage of vulnerabilities and to create the possibility that problems may occur when the application executes.