DEeP Protection or a Bit of a NiX? A closer look at Microsoft’s new memory protection offerings

Charles Renert Determina

  Technical stream: Thursday 6 October 2005, 14:40 - 15:20.

Microsoft’s Data Execution Protection (DEP) is a new feature embedded in Windows operating systems that allows for the enforcement of access controls on system memory. Designed as a response to the outbreaks of network worms propagating through buffer overflows, the so-called ‘NX bit’ is used to designate whether a region of memory can execute code, and is intended to block the execution of malicious code from areas commonly exploited by worm writers (such as the stack and the heap). This paper will outline how DEP works, discuss the benefits and pitfalls of the approach, and assess the feature’s security coverage with an analysis of exploitation techniques in use by today’s most recent attacks.


Poll

Will taking client-side security 'into the cloud' provide better security for the end user?
Yes
No
I don't know

Leave a comment
View 1 comment

Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • Co-operation is the only way
  • XXX racted
  • Your filters are bypassed: Rustock.C in the kernel
  • Family matters
  • The Ottawa rules
  • DriveSentry Desktop 3.1/3.2 & GoAnywhere 1.0.2/2.0
  • The problem of backscatter – part 3
Virus Bulletin 10 2008
Subscribe now!
Virus Bulletin currently has 142,681 registered users.