-
公开(公告)号:US09563424B2
公开(公告)日:2017-02-07
申请号:US13756371
申请日:2013-01-31
Applicant: GOOGLE INC.
Inventor: David C. Sehr , Bennet S. Yee , Jean-Francois Bastien
CPC classification number: G06F9/30003 , G06F8/52
Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selecting native code instructions. One of the methods includes receiving an initial machine language instruction for execution by a processor in a first execution mode; determining that a portion of the initial machine language instruction, when executed by the processor in a second execution mode, satisfies one or more risk criteria; generating one or more alternative machine language instructions to replace the initial machine language instruction for execution by the processor in the first execution mode, wherein the one or more alternative machine language instructions, when executed by the processor in the second execution mode, mitigate the one or more risk criteria; and providing the one or more alternative machine language instructions.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于选择本地代码指令。 其中一种方法包括在第一执行模式中接收处理器执行的初始机器语言指令; 当处理器以第二执行模式执行时,确定所述初始机器语言指令的一部分满足一个或多个风险准则; 生成一个或多个替代的机器语言指令来替换所述初始机器语言指令以供处理器在第一执行模式中执行,其中当所述处理器在所述第二执行模式中执行时,所述一个或多个替代的机器语言指令减轻所述一个 或更多的风险标准; 以及提供一个或多个替代的机器语言指令。
-
2.发明申请公开(公告)号:US20130333031A1
公开(公告)日:2013-12-12
申请号:US13967626
申请日:2013-08-15
Applicant: Google Inc.
Inventor: Bennet S. Yee , David C. Sehr , Cliff L. Biffle
IPC: G06F21/53
Abstract: Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.
Abstract translation: 用于动态添加和删除新密码的方法和装置,用于在安全运行时执行的先前验证的应用程序。 新代码被写入不可执行的应用程序的一部分安全内存。 验证新代码以确保它不能直接调用操作系统,在安全内存之外的地址内存,或修改安全的内存状态。 间接分支指令可能只针对在固定内存中固定大小边界对齐的地址。 经过验证的代码被复制到可执行的安全内存的一部分,应用程序可以在两个阶段的过程中进行,以确保不能执行部分复制的段。 所有线程到达安全执行点后,可以删除已验证的新代码,前提是代码先前作为单元插入,也不包含内部可以通过代码不被删除的内部目标。
-
公开(公告)号:US09372704B2
公开(公告)日:2016-06-21
申请号:US14141906
申请日:2013-12-27
Applicant: Google Inc.
Inventor: David C. Sehr , J. Bradley Chen , Bennet S. Yee
CPC classification number: G06F9/455 , G06F9/45558 , G06F21/53 , G06F2009/45583
Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, relating to software execution. One of the methods includes executing, on a computer including a single memory for storing data and instructions, a virtual environment including a data memory and an instruction memory, the instruction memory configured to be unreadable by instructions stored in the instruction memory; receiving, at the virtual environment, a software module comprising multiple instructions; and performing validation of the software module including: identifying, in the software module one or more calls to the single memory; and verifying that the one or more calls to the single memory are in the data memory.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,涉及软件执行。 一种方法包括在包括用于存储数据和指令的单个存储器的计算机上执行包括数据存储器和指令存储器的虚拟环境,所述指令存储器被配置为通过存储在指令存储器中的指令而不可读; 在虚拟环境中接收包括多个指令的软件模块; 以及执行所述软件模块的验证,包括:在所述软件模块中识别对所述单个存储器的一个或多个调用; 并验证对单个存储器的一个或多个调用是在数据存储器中。
-
公开(公告)号:US09361453B2
公开(公告)日:2016-06-07
申请号:US14463345
申请日:2014-08-19
Applicant: Google Inc.
Inventor: J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
CPC classification number: G06F21/577 , G06F21/51
Abstract: A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
Abstract translation: 验证本地代码模块的系统。 在操作期间,系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块:(1)确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和(2)确定本地代码模块中的指令沿着字节边界排列,使得指定的字节边界集合总是包含有效指令,并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行,并拒绝验证失败的本机代码模块。 通过验证本地代码模块,系统便于在计算设备上的安全运行时环境中安全执行本地代码模块,从而为不受信任的程序二进制代码执行本机代码性能,而不会产生不必要的副作用。
-
公开(公告)号:US09300760B2
公开(公告)日:2016-03-29
申请号:US13751729
申请日:2013-01-28
Applicant: Google Inc.
Inventor: David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
IPC: H04L29/06
Abstract: Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
Abstract translation: 为机器特定的指令集转换提供了方法,系统和计算机程序产品。 一个示例性方法包括识别计算设备,每个设备具有安装的相应的软件组件,所述软件组件包括用于将便携式格式的程序转换为特定于机器的指令集的翻译器组件,以及用于执行翻译为 使用基于软件的故障隔离的计算设备上的机器特定指令集; 识别具有给定硬件配置的计算设备; 以及将另一个翻译器组件和另一个沙盒组件传输到每个所识别的计算设备。 具有给定硬件配置的所识别的计算设备中的每一个被配置为接收组件并且配置其软件组件以使用所接收的组件来代替相应的组件。
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20160048677A1
公开(公告)日:2016-02-18
申请号:US14925413
申请日:2015-10-28
Applicant: Google Inc.
Inventor: Evangelos Kokkevis , Matthew Papakipos , David C. Sehr
CPC classification number: G06F21/53 , G06F9/44526 , G06F9/44589 , G06F21/51 , G06F21/572 , G06F2221/034 , H04L67/02 , H04L67/34
Abstract: Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application.
Abstract translation: 一些实施例提供执行web应用的系统。 在操作期间,系统将Web应用程序加载到Web浏览器中,并将与Web应用程序相关联的本地代码模块加载到安全的运行时环境中。 接下来,系统向本地代码模块提供与web应用相关联的输入数据,并使用本地代码模块处理输入数据以获得输出数据。 最后,系统向Web应用程序提供输出数据以供Web应用程序使用。
-
公开(公告)号:US09223550B1
公开(公告)日:2015-12-29
申请号:US14056091
申请日:2013-10-17
Applicant: Google Inc.
Inventor: Jean-Francois Bastien , David C. Sehr
Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating portable concurrency primitives. In one aspect, a method includes receiving a set of source code for a module that will execute on a plurality of different types of architectures, the set of source code including a first set of concurrency primitives, generating a second set of concurrency primitives from the first set of concurrency primitives, wherein each concurrency primitive in the second set is different than the corresponding concurrency primitive from the first set of concurrency primitives, each concurrency primitive in the second set of concurrency primitives being independent of a plurality of different types of architectures that will execute the module, and storing each concurrency primitive from the second set of concurrency primitives in a portable executable that retains the language level constructs of the first set of concurrency primitives.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于产生便携式并行原语。 一方面,一种方法包括接收一组将在多个不同类型的体系结构上执行的模块的源代码,所述源代码集合包括第一组并发原语,从第二组并行原语生成来自 第一组并行原语,其中第二组中的每个并发原语与来自第一组并发原语的对应并发原语不同,第二组并发原语中的每个并发原语独立于多种不同类型的体系结构, 将执行该模块,并将来自第二组并行原语的每个并发原语存储在保留第一组并发原语的语言级结构的便携式可执行文件中。
-
公开(公告)号:US09189375B1
公开(公告)日:2015-11-17
申请号:US14144777
申请日:2013-12-31
Applicant: Google Inc.
Inventor: Jean-Francois Bastien , David C. Sehr
CPC classification number: G06F11/3612 , G06F11/302 , G06F11/3409 , G06F11/3466 , G06F11/3688 , G06F21/53 , G06F2201/865 , H04L67/303
Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for dynamic sandboxing. In one aspect, a method includes obtaining software including program instructions for execution by a data processing apparatus; identifying, from a plurality of predefined software characteristics, software characteristics of the software, each identified software characteristic corresponding to a set of the program instructions included in the software; accessing sandbox data defining, for each of the predefined software characteristics, one or more sandbox methods that are eligible for use when executing program instructions that correspond to the predefined software characteristics; selecting, from a plurality of sandbox methods, one or more sandbox methods based on the identified software characteristics and their respectively corresponding sandbox methods, each of the plurality of sandbox methods comprising sandbox instructions for executing program instructions using fault isolation techniques; and causing execution of the software using the selected sandbox methods.
Abstract translation: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于动态沙箱。 一方面,一种方法包括获得包括用于由数据处理设备执行的程序指令的软件; 从多个预定义的软件特征中识别软件的软件特征,每个识别的软件特征对应于软件中包括的一组程序指令; 访问沙箱数据,对于每个预定义的软件特征,定义当执行与预定软件特征对应的程序指令时有资格使用的一个或多个沙箱方法; 基于所识别的软件特征及其分别对应的沙箱方法,从多个沙箱方法中选择一个或多个沙盒方法,所述多个沙箱方法中的每一个包括用于使用故障隔离技术执行程序指令的沙箱指令; 并使用所选的沙箱方法来执行软件。
-
9.发明申请Method for Safely Executing an Untrusted Native Code Module on a Computing Device 有权在计算设备上安全执行不受信任的本机代码模块的方法公开(公告)号:US20150161383A1
公开(公告)日:2015-06-11
申请号:US14621550
申请日:2015-02-13
Applicant: Google Inc.
Inventor: J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee , Gregory Dardyk
IPC: G06F21/53
CPC classification number: G06F21/51 , G06F9/30174 , G06F9/44589 , G06F21/53 , G06F21/57 , G06F2221/033 , G06F2221/2113 , G06F2221/2119 , H04L29/06884
Abstract: A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.
Abstract translation: 一种在计算设备上安全执行本机代码模块的系统。 在操作期间,系统接收本地代码模块,其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。 然后,系统将本机代码模块加载到安全运行时环境中,并继续在安全运行时环境中从本机代码模块执行一组指令。 安全运行时环境强制本机代码模块的代码完整性,控制流完整性和数据完整性。 此外,安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。 通过在安全运行时环境中执行本地代码模块,系统便于实现不可信程序代码的本地代码性能,而不会产生不必要的副作用的重大风险。
-
公开(公告)号:US08966628B2
公开(公告)日:2015-02-24
申请号:US14465407
申请日:2014-08-21
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.024 seconds)
