公开(公告)号：US08935776B1

公开(公告)日：2015-01-13

申请号：US13904490

申请日：2013-05-29

Applicant: Google Inc.

Inventor： David C. Sehr ,  Bennet S. Yee ,  J. Bradley Chen ,  Victor Khimenko

IPC: G06F21/00 ,  G06F21/53

CPC classification number: G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that maintain control flow integrity for the native code module and constrain store instructions in the native code module by bounding a valid memory region of the native code module with one or more guard regions.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组维护本地代码模块的控制流完整性的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本地代码模块，并通过限制本地代码模块限制存储指令 具有一个或多个保护区域的本地代码模块的存储器区域。