Invention Grant
- Patent Title: Software fault isolation using byte-granularity memory protection
- Patent Title (中): 软件故障隔离采用字节度记忆保护
-
Application No.: US12633326Application Date: 2009-12-08
-
Publication No.: US08352797B2Publication Date: 2013-01-08
- Inventor: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
- Applicant: Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
- Applicant Address: US WA Redmond
- Assignee: Microsoft Corporation
- Current Assignee: Microsoft Corporation
- Current Assignee Address: US WA Redmond
- Agency: Lee & Hayes, PLLC
- Main IPC: G06F11/30
- IPC: G06F11/30
Abstract:
Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
Public/Granted literature
- US20110138476A1 Software Fault Isolation Using Byte-Granularity Memory Protection Public/Granted day:2011-06-09
Information query
