摘要 |
The present invention minimizes security exposures resulting from so-called "stack overflows" and pointer overflows by creating an "execution shield" within the virtual memory space of an instruction execution system such as a personal computer or workstation. The execution shield is defined by dynamically setting a code segment limit value (410,608), which is continuously reset to take into executable code regions are compressed at low-end addresses (218) of the virtual memory space. When an application tries to execute code outside the shield (504), which may quite possibly be malicious code designed to grant unauthorized access to the system, the application is shut down (510). Thus, the operation of the system is secured against the exploitation of overflow conditions. |