Data Execution Prevention

What Does Data Execution Prevention Mean?

Data execution prevention (DEP) is a security feature within operating system that prevents applications from executing code from a non-executable memory location. DEP is a hardware and software enforced technology designed to secure against memory-based code exploits. It was first introduced in Windows XP Service Pack 2. It is also available in Linux and the Mac OS.


Techopedia Explains Data Execution Prevention

DEP works by routinely scanning the memory heaps and stacks for actions of loading data into the memory. The hardware enforced DEP mechanism uses the CPU to mark all memory locations that are flagged with an attribute value for non-execution. Once an abnormality is detected in these locations in terms of code execution, an exception is sent to the primary OS security mechanism. Software enforced DEP only checks for an exception within the functions table of the primary application. This provides protection against security esploits like buffer overflow.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…