Executable-space protection

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Executable-space protection" – news · newspapers · books · scholar · JSTOR (April 2013) (Learn how and when to remove this message)

In computer security, executable-space protection marks memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It relies on hardware features such as the NX bit (no-execute bit), or on software emulation when hardware support is unavailable. Software emulation often introduces a performance cost, or overhead (extra processing time or resources), while hardware-based NX bit implementations have no measurable performance impact.

The Burroughs large systems, starting with the Burroughs 5000 introduced in 1961, implemented executable-space protection using a tagged architecture. All accesses to code and data took place through descriptors, which had memory tags preventing them from being modified; descriptors for code did not allow the code to be modified, and descriptors for data did not allow the data ta be executed as code.

Today, operating systems use executable-space protection to mark writable memory areas, such as the stack and heap, as non-executable, helping to prevent buffer overflow exploits. These attacks rely on some part of memory, usually the stack, being both writable and executable; if it is not, the attack fails.