-
公开(公告)号:US20160212243A1
公开(公告)日:2016-07-21
申请号:US15082162
申请日:2016-03-28
Applicant: Google Inc.
Inventor: David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
IPC: H04L29/06
Abstract: Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
-
公开(公告)号:US20150026803A1
公开(公告)日:2015-01-22
申请号:US14465407
申请日:2014-08-21
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来保持本地代码模块的控制流完整性。
-
公开(公告)号:US08856925B2
公开(公告)日:2014-10-07
申请号:US14022882
申请日:2013-09-10
Applicant: Google Inc.
Inventor: Robert Muth , Karl Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
公开(公告)号:US09300760B2
公开(公告)日:2016-03-29
申请号:US13751729
申请日:2013-01-28
Applicant: Google Inc.
Inventor: David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
IPC: H04L29/06
Abstract: Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
Abstract translation: 为机器特定的指令集转换提供了方法,系统和计算机程序产品。 一个示例性方法包括识别计算设备,每个设备具有安装的相应的软件组件,所述软件组件包括用于将便携式格式的程序转换为特定于机器的指令集的翻译器组件,以及用于执行翻译为 使用基于软件的故障隔离的计算设备上的机器特定指令集; 识别具有给定硬件配置的计算设备; 以及将另一个翻译器组件和另一个沙盒组件传输到每个所识别的计算设备。 具有给定硬件配置的所识别的计算设备中的每一个被配置为接收组件并且配置其软件组件以使用所接收的组件来代替相应的组件。
-
Patent Agency Ranking
公开(公告)号:US08966628B2
公开(公告)日:2015-02-24
申请号:US14465407
申请日:2014-08-21
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
公开(公告)号:US09756149B2
公开(公告)日:2017-09-05
申请号:US15082162
申请日:2016-03-28
Applicant: Google Inc.
Inventor: David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
Abstract: Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
-
7.发明授权Predicated control flow and store instructions for native code module security 有权用于本地代码模块安全性的预测控制流程和存储指令公开(公告)号:US09075625B1
公开(公告)日:2015-07-07
申请号:US14466311
申请日:2014-08-22
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Clifford L. Biffle
CPC classification number: G06F8/41 , G06F8/70 , G06F9/3004 , G06F21/51 , G06F21/52 , G06F21/53 , G06F2221/033
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that use predicated store instructions and predicated control flow instructions, wherein each predicated instruction from the predicated store instructions and the predicated control flow instructions is executed if a mask condition associated with the predicated instruction is met.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块,这些机制使用预定的存储指令和预定的控制流程指令,其中来自预测存储指令和预测的指令 如果满足与预测指令相关联的掩码条件,则执行控制流程指令。
-
公开(公告)号:US20140013430A1
公开(公告)日:2014-01-09
申请号:US14022882
申请日:2013-09-10
Applicant: Google Inc.
Inventor: Robert Muth , Karl Schmipf , David C. Sehr , Cliff L. Biffle
IPC: G06F21/53
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
9.发明授权公开(公告)号:US08935781B1
公开(公告)日:2015-01-13
申请号:US13757660
申请日:2013-02-01
Applicant: Google Inc.
Inventor: Robert Muth
Abstract: Methods, systems, and apparatuses, including computer programs, for safely executing a native code module for an ARM 64-bit instruction set. The native code module contains native code that is executed within a secure runtime environment that isolates the native code module from sensitive data and resources on the computing system. The native code module is validated by a validator prior to execution within the secure runtime environment to ensure that the native code module complies with a set of security constraints.
Abstract translation: 方法,系统和装置,包括计算机程序,用于安全执行ARM 64位指令集的本机代码模块。 本地代码模块包含在安全运行时环境中执行的本地代码,将本机代码模块与计算系统上的敏感数据和资源隔离开来。 本地代码模块在安全运行时环境中执行之前由验证器验证,以确保本机代码模块符合一组安全约束。
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.025 seconds)
