公开(公告)号：US20150195106A1

公开(公告)日：2015-07-09

申请号：US13712675

申请日：2012-12-12

Applicant: Google Inc.

Inventor： David C. Sehr ,  Cliff L. Biffle ,  Bennet S. Yee

IPC: H04L12/58

CPC classification number: H04L51/10 ,  G06F12/1081 ,  G06F12/126 ,  G06F12/1458 ,  G06F21/128 ,  G06F21/53

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for memory address pinning. One of the methods includes loading a software module into a sandbox environment; receiving, a message from the software module to a recipient, the message includes a memory address; determining whether to pin the memory address; and passing the message to an address pinning unit which replaces at least a portion of the memory address with at least a portion of a specified replacement address, when it is determined to pin the memory address, and passes the modified message to be delivered to the recipient.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于存储器地址固定。 其中一种方法包括将软件模块加载到沙箱环境中; 从软件模块接收到接收者的消息，该消息包括存储器地址; 确定是否固定内存地址; 以及当确定将所述存储器地址固定时，将所述消息传递到地址钉扎单元，所述地址钉扎单元用至少一部分指定替换地址替代所述存储器地址的至少一部分，并将所述修改的消息传递给 接受者。

公开(公告)号：US20140013430A1

公开(公告)日：2014-01-09

申请号：US14022882

申请日：2013-09-10

Applicant: Google Inc.

Inventor： Robert Muth ,  Karl Schmipf ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块，来维持本地代码模块的控制流完整性。

公开(公告)号：US20150026803A1

公开(公告)日：2015-01-22

申请号：US14465407

申请日：2014-08-21

Applicant: Google Inc.

Inventor： Robert Muth ,  Karl M. Schimpf ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F21/53 ,  G06F9/30 ,  G06F21/52

CPC classification number: G06F21/52 ,  G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块，来保持本地代码模块的控制流完整性。

公开(公告)号：US08856925B2

公开(公告)日：2014-10-07

申请号：US14022882

申请日：2013-09-10

Applicant: Google Inc.

Inventor： Robert Muth ,  Karl Schimpf ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F11/00 ,  G06F21/52 ,  G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块，来维持本地代码模块的控制流完整性。

公开(公告)号：US20150007142A1

公开(公告)日：2015-01-01

申请号：US13712700

申请日：2012-12-12

Applicant: Google Inc.

Inventor： Cliff L. Biffle ,  Bennet S. Yee

IPC: G06F11/36

CPC classification number: G06F21/54 ,  G06F21/53 ,  G06F2221/2109 ,  H04L63/145

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for software sandboxing. One of the methods includes receiving a software module that includes verifiably safe computer code and a branch destination table indicating addresses of all instructions that may be targets of indirect control flow transfers; validating the computer code to determine whether it can run safely by using a statically verifiable fault isolation scheme, where validating the computer code comprises validating the addresses of the branch destination table instructions; and running the computer code, in a sandbox environment, if it has been determined to run safely.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于软件沙箱。 一种方法包括接收包括可验证安全的计算机代码的软件模块和指示可以是间接控制流传输的目标的所有指令的地址的分支目的地表; 验证计算机代码以确定其是否可以通过使用可静态验证的故障隔离方案来安全地运行，其中验证计算机代码包括验证分支目的地表指令的地址; 并在沙箱环境中运行计算机代码，如果已经确定安全运行。

公开(公告)号：US20130333031A1

公开(公告)日：2013-12-12

申请号：US13967626

申请日：2013-08-15

Applicant: Google Inc.

Inventor： Bennet S. Yee ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F9/445

Abstract: Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.

Abstract translation: 用于动态添加和删除新密码的方法和装置，用于在安全运行时执行的先前验证的应用程序。 新代码被写入不可执行的应用程序的一部分安全内存。 验证新代码以确保它不能直接调用操作系统，在安全内存之外的地址内存，或修改安全的内存状态。 间接分支指令可能只针对在固定内存中固定大小边界对齐的地址。 经过验证的代码被复制到可执行的安全内存的一部分，应用程序可以在两个阶段的过程中进行，以确保不能执行部分复制的段。 所有线程到达安全执行点后，可以删除已验证的新代码，前提是代码先前作为单元插入，也不包含内部可以通过代码不被删除的内部目标。

公开(公告)号：US09306271B1

公开(公告)日：2016-04-05

申请号：US14841894

申请日：2015-09-01

Applicant: Google Inc.

Inventor： Cliff L. Biffle ,  Richard Wayne DeVaul ,  Joshua Weaver ,  Anton Valdemar Staaf ,  Eric Teller ,  Michael Cassidy

IPC: H04B1/06 ,  H04B1/38 ,  H01Q1/28 ,  H01Q9/04 ,  H04B1/44 ,  H04B7/185

CPC classification number: H01Q1/286 ,  H01Q1/1292 ,  H01Q9/04 ,  H01Q9/0407 ,  H01Q9/30 ,  H04B1/06 ,  H04B1/44 ,  H04B7/18502

Abstract: Methods and apparatus are disclosed for receiving and transmitting signals at a balloon. Received signals can be received at the balloon, which can include a payload and an envelope. The envelope can include at least a first antenna section and a second antenna section. Both the first and second antenna sections are configured at least to receive the received signals and convey at least the received signals to the payload. The first antenna section can include a first metallization pattern to receive a first type of signal. The second antenna section can include a second metallization pattern to receive a second type of signal, with the first metallization pattern being different from the second metallization pattern.

公开(公告)号：US08966628B2

公开(公告)日：2015-02-24

申请号：US14465407

申请日：2014-08-21

Applicant: Google Inc.

Inventor： Robert Muth ,  Karl M. Schimpf ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F11/00 ,  G06F21/52 ,  G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块，来维持本地代码模块的控制流完整性。

公开(公告)号：US09197446B2

公开(公告)日：2015-11-24

申请号：US13712675

申请日：2012-12-12

Applicant: Google Inc.

Inventor： David C. Sehr ,  Cliff L. Biffle ,  Bennet S. Yee

IPC: G06F15/16 ,  H04L12/58 ,  G06F12/14

CPC classification number: H04L51/10 ,  G06F12/1081 ,  G06F12/126 ,  G06F12/1458 ,  G06F21/128 ,  G06F21/53

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for memory address pinning. One of the methods includes loading a software module into a sandbox environment; receiving, a message from the software module to a recipient, the message includes a memory address; determining whether to pin the memory address; and passing the message to an address pinning unit which replaces at least a portion of the memory address with at least a portion of a specified replacement address, when it is determined to pin the memory address, and passes the modified message to be delivered to the recipient.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于存储器地址固定。 其中一种方法包括将软件模块加载到沙箱环境中; 从软件模块接收到接收者的消息，该消息包括存储器地址; 确定是否固定内存地址; 以及当确定将所述存储器地址固定时，将所述消息传递到地址钉扎单元，所述地址钉扎单元用至少一部分指定替换地址替代所述存储器地址的至少一部分，并将所述修改的消息传递给 接受者。

公开(公告)号：US09153854B1

公开(公告)日：2015-10-06

申请号：US13712618

申请日：2012-12-12

Applicant: Google Inc.

Inventor： Cliff L. Biffle ,  Richard Wayne DeVaul ,  Joshua Weaver ,  Anton Valdemar Staaf ,  Eric Teller ,  Michael Cassidy

IPC: B64B1/40 ,  H01Q1/12 ,  H04B1/06 ,  H04B1/38

CPC classification number: H01Q1/286 ,  H01Q1/1292 ,  H01Q9/04 ,  H01Q9/0407 ,  H01Q9/30 ,  H04B1/06 ,  H04B1/44 ,  H04B7/18502

Abstract: Methods and apparatus are disclosed for receiving and transmitting signals at a balloon. Received signals can be received at the balloon, which can include a payload and an envelope. The envelope can include at least a first antenna section and a second antenna section. Both the first and second antenna sections are configured at least to receive the received signals and convey at least the received signals to the payload. The first antenna section can include a first metallization pattern to receive a first type of signal. The second antenna section can include a second metallization pattern to receive a second type of signal, with the first metallization pattern being different from the second metallization pattern.

Abstract translation: 公开了用于在气球处接收和发送信号的方法和装置。 可以在气球处接收接收的信号，其可以包括有效载荷和信封。 信封可以包括至少第一天线部分和第二天线部分。 第一和第二天线部分都被配置为至少接收接收到的信号并且将至少接收到的信号传送到有效载荷。 第一天线部分可以包括用于接收第一类型的信号的第一金属化图案。 第二天线部分可以包括第二金属化图案以接收第二类型的信号，其中第一金属化图案不同于第二金属化图案。