公开(公告)号：US08856925B2

公开(公告)日：2014-10-07

申请号：US14022882

申请日：2013-09-10

Applicant: Google Inc.

Inventor： Robert Muth ,  Karl Schimpf ,  David C. Sehr ,  Cliff L. Biffle

IPC: G06F11/00 ,  G06F21/52 ,  G06F21/53

CPC classification number: G06F21/52 ,  G06F21/53

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

Abstract translation: 一些实施例提供执行本地代码模块的系统。 在操作过程中，系统获取本地代码模块。 接下来，系统将本机代码模块加载到安全运行时环境中。 最后，系统通过使用一组限制本地代码模块中的存储指令的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本机代码模块。 SFI机制还通过将与本地代码模块相关联的代码区域划分为相等大小的代码块和数据块以及以非法指令启动每个数据块，来维持本地代码模块的控制流完整性。