Hardware-based security: The bug stops here

A new feature in Windows XP Service Pack 2 aims to put a stop to buffer overrun exploits, with the help of major chip vendors

Buggy code is a fact of life: That’s the message from Microsoft these days. Or rather, the company recognizes that as software grows in complexity it becomes increasingly difficult to prevent bugs from sneaking in under the radar.

This should come as no surprise to anyone who’s wrestled with Microsoft products in the past few years. What’s new is that the software giant is taking significant steps to address the problem. A new feature called DEP (Data Execution Prevention), which shipped with Windows XP SP2 (Service Pack 2), gives users an added layer of security against buffer overruns, one of the most common methods of transmission for viruses and worms.

A buffer overrun is an exploit that takes advantage of a bug in which a programmer has failed to implement proper bounds-checking routines for data memory. By forcing too much data into a poorly controlled memory buffer, an attacker can cause its contents to “spill over,” overwriting neighboring locations that contain executable code. If the sequence of bytes used to force the overflow contains instructions, they will replace the original code and be unwittingly executed, to whatever effect the attacker desires.

Modern execution environments, such as the JVM and Microsoft’s .Net Framework, include measures to prevent buffer overruns. But many applications still rely on languages such as C, C++, and assembly language, which allow more direct access to memory and are thus more susceptible to the kind of bugs that allow overruns to occur.

DEP doesn’t eliminate buffer overruns; only diligence on the part of programmers will do that. But it does reduce the risk that mismanaged data can become a gateway for malicious code.

It works in conjunction with the processor at a very low level, by activating a bit called the NX (No Execute) flag in those areas of memory that are intended for data storage only. The CPU will refuse to execute any instructions from memory marked with the NX flag. Forcing it to do so will cause the program to crash — not an ideal outcome, but one that is certainly better than allowing a virus or worm to execute malicious code.

Unfortunately, support for DEP won’t be retroactive for every XP user. Because it relies on hardware features, DEP will only work with the newest generation of CPUs, including Itanium- and Prescott-core CPUs from Intel, AMD Athlons, and the new series of Efficeon chips from Transmeta. Future designs from all three chip vendors are expected to follow suit.

DEP is hardly a panacea. Buffer overruns are only one type of exploit, and hardware-based solutions are no substitute for more careful software engineering. Its inclusion in SP2 is a telling sign, however. The market’s tolerance for insecure software is waning, and this time Microsoft is listening.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies