DEeP Protection or a Bit of a NiX? A closer look at Microsoft’s new memory protection offerings

Charles Renert Determina

Microsoft’s Data Execution Protection (DEP) is a new feature embedded in Windows operating systems that allows for the enforcement of access controls on system memory. Designed as a response to the outbreaks of network worms propagating through buffer overflows, the so-called ‘NX bit’ is used to designate whether a region of memory can execute code, and is intended to block the execution of malicious code from areas commonly exploited by worm writers (such as the stack and the heap). This paper will outline how DEP works, discuss the benefits and pitfalls of the approach, and assess the feature’s security coverage with an analysis of exploitation techniques in use by today’s most recent attacks.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘I attend a variety of security conferences and events each year and VB continues to be my favourite. Great content, great networking, great organisation.’