-
公开(公告)号:US20160283720A1
公开(公告)日:2016-09-29
申请号:US15172879
申请日:2016-06-03
Applicant: Google Inc.
Inventor: J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
IPC: G06F21/57
CPC classification number: G06F21/577 , G06F21/51
Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
Abstract translation: 验证本地代码模块的系统。 在操作期间,系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块:(1)确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和(2)确定本地代码模块中的指令沿着字节边界排列,使得指定的字节边界集合总是包含有效指令,并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行,并拒绝验证失败的本机代码模块。 通过验证本地代码模块,系统便于在计算设备上的安全运行时环境中安全执行本地代码模块,从而为不受信任的程序二进制代码执行本机代码性能,而不会产生不必要的副作用。
-
公开(公告)号:US20150195106A1
公开(公告)日:2015-07-09
申请号:US13712675
申请日:2012-12-12
Applicant: Google Inc.
Inventor: David C. Sehr , Cliff L. Biffle , Bennet S. Yee
IPC: H04L12/58
CPC classification number: H04L51/10 , G06F12/1081 , G06F12/126 , G06F12/1458 , G06F21/128 , G06F21/53
Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for memory address pinning. One of the methods includes loading a software module into a sandbox environment; receiving, a message from the software module to a recipient, the message includes a memory address; determining whether to pin the memory address; and passing the message to an address pinning unit which replaces at least a portion of the memory address with at least a portion of a specified replacement address, when it is determined to pin the memory address, and passes the modified message to be delivered to the recipient.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于存储器地址固定。 其中一种方法包括将软件模块加载到沙箱环境中; 从软件模块接收到接收者的消息,该消息包括存储器地址; 确定是否固定内存地址; 以及当确定将所述存储器地址固定时,将所述消息传递到地址钉扎单元,所述地址钉扎单元用至少一部分指定替换地址替代所述存储器地址的至少一部分,并将所述修改的消息传递给 接受者。
-
23.发明授权Predicated control flow and store instructions for native code module security 有权用于本地代码模块安全性的预测控制流程和存储指令公开(公告)号:US09075625B1
公开(公告)日:2015-07-07
申请号:US14466311
申请日:2014-08-22
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Clifford L. Biffle
CPC classification number: G06F8/41 , G06F8/70 , G06F9/3004 , G06F21/51 , G06F21/52 , G06F21/53 , G06F2221/033
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that use predicated store instructions and predicated control flow instructions, wherein each predicated instruction from the predicated store instructions and the predicated control flow instructions is executed if a mask condition associated with the predicated instruction is met.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块,这些机制使用预定的存储指令和预定的控制流程指令,其中来自预测存储指令和预测的指令 如果满足与预测指令相关联的掩码条件,则执行控制流程指令。
-
Patent Agency Ranking
公开(公告)号:US20140013430A1
公开(公告)日:2014-01-09
申请号:US14022882
申请日:2013-09-10
Applicant: Google Inc.
Inventor: Robert Muth , Karl Schmipf , David C. Sehr , Cliff L. Biffle
IPC: G06F21/53
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
公开(公告)号:US09710654B2
公开(公告)日:2017-07-18
申请号:US15172879
申请日:2016-06-03
Applicant: Google Inc.
Inventor: J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
CPC classification number: G06F21/577 , G06F21/51
Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
-
公开(公告)号:US09197446B2
公开(公告)日:2015-11-24
申请号:US13712675
申请日:2012-12-12
Applicant: Google Inc.
Inventor: David C. Sehr , Cliff L. Biffle , Bennet S. Yee
CPC classification number: H04L51/10 , G06F12/1081 , G06F12/126 , G06F12/1458 , G06F21/128 , G06F21/53
Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for memory address pinning. One of the methods includes loading a software module into a sandbox environment; receiving, a message from the software module to a recipient, the message includes a memory address; determining whether to pin the memory address; and passing the message to an address pinning unit which replaces at least a portion of the memory address with at least a portion of a specified replacement address, when it is determined to pin the memory address, and passes the modified message to be delivered to the recipient.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于存储器地址固定。 其中一种方法包括将软件模块加载到沙箱环境中; 从软件模块接收到接收者的消息,该消息包括存储器地址; 确定是否固定内存地址; 以及当确定将所述存储器地址固定时,将所述消息传递到地址钉扎单元,所述地址钉扎单元用至少一部分指定替换地址替代所述存储器地址的至少一部分,并将所述修改的消息传递给 接受者。
-
27.发明授权公开(公告)号:US08997225B2
公开(公告)日:2015-03-31
申请号:US13967626
申请日:2013-08-15
Applicant: Google Inc.
Inventor: Bennet S. Yee , David C. Sehr , Cliff L. Biffle
Abstract: Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.
Abstract translation: 用于动态添加和删除新密码的方法和装置,用于在安全运行时执行的先前验证的应用程序。 新代码被写入不可执行的应用程序的一部分安全内存。 验证新代码以确保它不能直接调用操作系统,在安全内存之外的地址内存,或修改安全的内存状态。 间接分支指令可能只针对在固定内存中固定大小边界对齐的地址。 经过验证的代码被复制到可执行的安全内存的一部分,应用程序可以在两个阶段的过程中进行,以确保不能执行部分复制的段。 一旦所有线程达到安全执行点,就可以删除验证的新代码,前提是代码以前被插入为单元,或者不包含可以通过不被删除的代码调用的内部目标。
-
公开(公告)号:US20140052971A1
公开(公告)日:2014-02-20
申请号:US13756371
申请日:2013-01-31
Applicant: Google Inc.
Inventor: David C. Sehr , Bennet S. Yee , Jean-Francois Bastien
IPC: G06F9/30
CPC classification number: G06F9/30003 , G06F8/52
Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selecting native code instructions. One of the methods includes receiving an initial machine language instruction for execution by a processor in a first execution mode; determining that a portion of the initial machine language instruction, when executed by the processor in a second execution mode, satisfies one or more risk criteria; generating one or more alternative machine language instructions to replace the initial machine language instruction for execution by the processor in the first execution mode, wherein the one or more alternative machine language instructions, when executed by the processor in the second execution mode, mitigate the one or more risk criteria; and providing the one or more alternative machine language instructions.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于选择本地代码指令。 其中一种方法包括在第一执行模式中接收处理器执行的初始机器语言指令; 当处理器以第二执行模式执行时,确定所述初始机器语言指令的一部分满足一个或多个风险准则; 生成一个或多个替代的机器语言指令来替换所述初始机器语言指令以供处理器在第一执行模式中执行,其中当所述处理器在所述第二执行模式中执行时,所述一个或多个替代的机器语言指令减轻所述一个 或更多的风险标准; 以及提供一个或多个替代的机器语言指令。
-
-
-
-
-
-
-
Search Results
28
records
(took 0.016 seconds)
