-
1.发明授权Predicated control flow and store instructions for native code module security 有权用于本地代码模块安全性的预测控制流程和存储指令公开(公告)号:US09075625B1
公开(公告)日:2015-07-07
申请号:US14466311
申请日:2014-08-22
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Clifford L. Biffle
CPC classification number: G06F8/41 , G06F8/70 , G06F9/3004 , G06F21/51 , G06F21/52 , G06F21/53 , G06F2221/033
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that use predicated store instructions and predicated control flow instructions, wherein each predicated instruction from the predicated store instructions and the predicated control flow instructions is executed if a mask condition associated with the predicated instruction is met.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块,这些机制使用预定的存储指令和预定的控制流程指令,其中来自预测存储指令和预测的指令 如果满足与预测指令相关联的掩码条件,则执行控制流程指令。
-
公开(公告)号:US20150026803A1
公开(公告)日:2015-01-22
申请号:US14465407
申请日:2014-08-21
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来保持本地代码模块的控制流完整性。
-
公开(公告)号:US08966628B2
公开(公告)日:2015-02-24
申请号:US14465407
申请日:2014-08-21
Applicant: Google Inc.
Inventor: Robert Muth , Karl M. Schimpf , David C. Sehr , Cliff L. Biffle
Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.
Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中,系统获取本地代码模块。 接下来,系统将本机代码模块加载到安全运行时环境中。 最后,系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离(SFI)机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块,来维持本地代码模块的控制流完整性。
-
-
Search Results
3
records
(took 0.016 seconds)
