1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a system and method of preventing buffer overflow exploitation.
2. Description of the Related Art
Buffer overflow techniques have been used by malicious hackers and virus writers to attack computer systems. Buffers are data storage areas, which generally hold a predefined amount of finite data. A buffer overflow occurs when a program attempts to store data into the buffer, where the data is larger than the size of the buffer.
When the data exceeds the size of the buffer, the extra data can overflow into the adjacent memory locations. In this manner, it is possible to corrupt valid data and possibly to change the execution flow and instructions. Thus, by exploiting a buffer overflow, it is possible to inject malicious code, sometimes called shell code, into the execution flow. This shell code allows remote system level access, giving unauthorized access to not only malicious hackers, but also to replicating malware, e.g., worms.
Recently, manufactures have added a no-execute processor feature to processors such as to an IA-32 processor with no-execute bit capability. When enabled, the no-execute processor feature prevents execution from non-executable pages of memory such as the buffer. In this manner, execution of shell code located within a buffer is prevented thus defeating buffer overflow attacks.