发明申请
US20110138476A1 Software Fault Isolation Using Byte-Granularity Memory Protection
有权
使用字节粒度内存保护的软件故障隔离
- 专利标题: Software Fault Isolation Using Byte-Granularity Memory Protection
- 专利标题(中): 使用字节粒度内存保护的软件故障隔离
-
申请号: US12633326申请日: 2009-12-08
-
公开(公告)号: US20110138476A1公开(公告)日: 2011-06-09
- 发明人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
- 申请人: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
- 申请人地址: US WA Redmond
- 专利权人: Microsoft Corporation
- 当前专利权人: Microsoft Corporation
- 当前专利权人地址: US WA Redmond
- 主分类号: G06F21/22
- IPC分类号: G06F21/22
摘要:
Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.