Security features

Security features are more effective when built into the basic design rather than added later as patches. ForwardCom has several basic features that improve security:

• A flexible and efficient memory protection system.
• The executable program memory section has neither read access nor write access.
• Data memory sections have no execute access.
• Function pointers and jump tables are stored in a read-only memory section.
• Call stack and data stack are separate. Buffer overflow attacks or wild pointers cannot compromise the call stack.
• Each thread can have its own private memory section, which is not accessible to parent or sibling threads.
• Device drivers have limited access rights to memory and input/output ports. They can only access a limited memory buffer provided by the calling program and a limited set of input/output ports and other resources.
• Executable programs have carefully controlled access rights. The user controls which resources can be accessed by each program.
• Efficient instructions for controlling array bounds.
• Efficient methods for detecting floating-point errors and integer overflow (see details).
• There is no “undefined” behavior. There is always a limited set of permissible responses to an error condition.
• Standardization of binary interfaces, function calling methods, etc. prevents compatibility problems.
• An innovative system for function libraries prevents problems with incompatible or tampered library versions.
• Installation and un-installation of executable programs follows mandatory and standardized operating system procedures.
• Malware protection should be an integrated part of the operating system rather than third party add-ons.