AUTOMATICALLY PROTECTING COMPUTER SYSTEMS FROM ATTACKS THAT EXPLOIT SECURITY VULNERABILITIES

摘要

A first method for automatically protecting a computer system from attacks that exploit security vulnerabilities detects requests for execution of code portions, determines vulnerabilities of a code portion for which an execution request is detected, evaluates whether or not the execution of the code portion shall be prevented in a case at least one vulnerability concerning the code portion is determined, and prevents execution of the code portion if determined to do so in the evaluation. A second method for automatically protecting a computer system from attacks that exploit security vulnerabilities detects code portions which are currently executed, determines vulnerabilities of a code portion that is currently executed, evaluates whether or not the execution of the code portion shall be aborted in a case at least one vulnerability concerning the code portion is determined, and aborts execution of the code portion if determined to do so in the evaluation.