Data Execution Prevention

What Does Data Execution Prevention Mean?

Data execution prevention (DEP) is a security feature within operating system that prevents applications from executing code from a non-executable memory location. DEP is a hardware and software enforced technology designed to secure against memory-based code exploits. It was first introduced in Windows XP Service Pack 2. It is also available in Linux and the Mac OS.


Techopedia Explains Data Execution Prevention

DEP works by routinely scanning the memory heaps and stacks for actions of loading data into the memory. The hardware enforced DEP mechanism uses the CPU to mark all memory locations that are flagged with an attribute value for non-execution. Once an abnormality is detected in these locations in terms of code execution, an exception is sent to the primary OS security mechanism. Software enforced DEP only checks for an exception within the functions table of the primary application. This provides protection against security esploits like buffer overflow.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.