公开(公告)号：US09058483B2

公开(公告)日：2015-06-16

申请号：US12117634

申请日：2008-05-08

申请人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee

发明人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee

IPC分类号： G06F21/00 ,  G06F21/51

CPC分类号： G06F21/577 ,  G06F21/51

摘要： A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.

摘要翻译： 验证本地代码模块的系统。 在操作期间，系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块：（1）确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和（2）确定本地代码模块中的指令沿着字节边界排列，使得指定的字节边界集合总是包含有效指令，并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行，并拒绝验证失败的本机代码模块。 通过验证本地代码模块，系统便于在计算设备上的安全运行时环境中安全执行本地代码模块，从而为不受信任的程序二进制代码执行本机代码性能，而不会产生不必要的副作用。

公开(公告)号：US20090282477A1

公开(公告)日：2009-11-12

申请号：US12117634

申请日：2008-05-08

申请人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee

发明人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee

IPC分类号： G06F21/22

CPC分类号： G06F21/577 ,  G06F21/51

摘要： A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.

摘要翻译： 验证本地代码模块的系统。 在操作期间，系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块：（1）确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和（2）确定本地代码模块中的指令沿着字节边界排列，使得指定的字节边界集合总是包含有效指令，并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行，并拒绝验证失败的本机代码模块。 通过验证本地代码模块，系统便于在计算设备上的安全运行时环境中安全执行本地代码模块，从而为不受信任的程序二进制代码执行本机代码性能，而不会产生不必要的副作用。

公开(公告)号：US08424082B2

公开(公告)日：2013-04-16

申请号：US12117650

申请日：2008-05-08

申请人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

发明人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

IPC分类号： G06F21/00

CPC分类号： G06F21/51 ,  G06F9/30174 ,  G06F9/44589 ,  G06F21/53 ,  G06F21/57 ,  G06F2221/033 ,  G06F2221/2113 ,  G06F2221/2119 ,  H04L29/06884

摘要： A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control-flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.

摘要翻译： 一种在计算设备上安全执行本机代码模块的系统。 在操作期间，系统接收本地代码模块，其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。 然后，系统将本机代码模块加载到安全运行时环境中，并继续在安全运行时环境中从本机代码模块执行一组指令。 安全运行时环境强制本机代码模块的代码完整性，控制流完整性和数据完整性。 此外，安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。 通过在安全运行时环境中执行本地代码模块，系统便于实现不可信程序代码的本地代码性能，而不会产生不必要的副作用的重大风险。

公开(公告)号：US20130185787A1

公开(公告)日：2013-07-18

申请号：US13787616

申请日：2013-03-06

申请人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

发明人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

IPC分类号： G06F21/53

CPC分类号： G06F21/51 ,  G06F9/30174 ,  G06F9/44589 ,  G06F21/53 ,  G06F21/57 ,  G06F2221/033 ,  G06F2221/2113 ,  G06F2221/2119 ,  H04L29/06884

摘要： A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.

摘要翻译： 一种在计算设备上安全执行本机代码模块的系统。 在操作期间，系统接收本地代码模块，其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。 然后，系统将本机代码模块加载到安全运行时环境中，并继续在安全运行时环境中从本机代码模块执行一组指令。 安全运行时环境强制本机代码模块的代码完整性，控制流完整性和数据完整性。 此外，安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。 通过在安全运行时环境中执行本地代码模块，系统便于实现不可信程序代码的本地代码性能，而不会产生不必要的副作用的重大风险。

公开(公告)号：US20090282474A1

公开(公告)日：2009-11-12

申请号：US12117650

申请日：2008-05-08

申请人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

发明人： J. Bradley Chen ,  Matthew T. Harren ,  Matthew Papakipos ,  David C. Sehr ,  Bennet S. Yee ,  Gregory Dardyk

IPC分类号： G06F21/22

CPC分类号： G06F21/51 ,  G06F9/30174 ,  G06F9/44589 ,  G06F21/53 ,  G06F21/57 ,  G06F2221/033 ,  G06F2221/2113 ,  G06F2221/2119 ,  H04L29/06884

摘要： A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control-flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.

摘要翻译： 一种在计算设备上安全执行本机代码模块的系统。 在操作期间，系统接收本地代码模块，其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。 然后，系统将本机代码模块加载到安全运行时环境中，并继续在安全运行时环境中从本机代码模块执行一组指令。 安全运行时环境强制本机代码模块的代码完整性，控制流完整性和数据完整性。 此外，安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。 通过在安全运行时环境中执行本地代码模块，系统便于实现不可信程序代码的本地代码性能，而不会产生不必要的副作用的重大风险。

公开(公告)号：US08151349B1

公开(公告)日：2012-04-03

申请号：US12202103

申请日：2008-08-29

申请人： Bennet S. Yee ,  J. Bradley Chen ,  David C. Sehr

发明人： Bennet S. Yee ,  J. Bradley Chen ,  David C. Sehr

IPC分类号： G06F12/14 ,  H04L9/32

CPC分类号： G06F21/53 ,  G06F21/51 ,  H04L2209/046

摘要： This disclosure presents a system that uses masking to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a masking mechanism that masks one or more bits of a target address during a control flow transfer to transfer control to a restricted set of aligned byte boundaries in the native code.

摘要翻译： 本公开提供了使用掩蔽来安全地执行本地代码的系统。 该系统包括执行本地代码的处理元件和存储处理元件的代码和数据的存储器。 处理元件包括屏蔽机制，其在控制流传输期间屏蔽目标地址的一个或多个位以将控制转移到本地代码中对齐的字节边界的限制集合。

公开(公告)号：US20120042145A1

公开(公告)日：2012-02-16

申请号：US13277143

申请日：2011-10-19

申请人： David C. Sehr ,  J. Bradley Chen ,  Bennet S. Yee

发明人： David C. Sehr ,  J. Bradley Chen ,  Bennet S. Yee

IPC分类号： G06F12/14

CPC分类号： G06F12/1491 ,  G06F21/51 ,  G06F21/53 ,  G06F21/78

摘要： A system that uses segmentation to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a segmentation mechanism which limits the native code executing on the processing element to accessing a specified segment of memory. The processing element also includes an instruction-processing unit, which is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory.

摘要翻译： 一种使用分段来安全地执行本地代码的系统。 该系统包括执行本地代码的处理元件和存储处理元件的代码和数据的存储器。 处理元件包括分割机制，其限制在处理元件上执行的本地代码以访问指定的存储器段。 所述处理单元还包括指令处理单元，其被配置为执行使所述分割机制将所述本地代码的存储器访问限制到所述存储器的指定段的用户级指令。

公开(公告)号：US20150195376A1

公开(公告)日：2015-07-09

申请号：US13751729

申请日：2013-01-28

申请人： David C. Sehr ,  J. Bradley Chen ,  Bennet S. Yee ,  Robert Muth ,  Jan Voung ,  Derek L. Schuff

发明人： David C. Sehr ,  J. Bradley Chen ,  Bennet S. Yee ,  Robert Muth ,  Jan Voung ,  Derek L. Schuff

IPC分类号： H04L29/06

CPC分类号： H04L67/42 ,  H04L41/08 ,  H04L67/06

摘要： Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.

摘要翻译： 为机器特定的指令集转换提供了方法，系统和计算机程序产品。 一个示例性方法包括识别计算设备，每个设备具有安装的相应的软件组件，所述软件组件包括用于将便携式格式的程序转换为特定于机器的指令集的翻译器组件，以及用于执行翻译为 使用基于软件的故障隔离的计算设备上的机器特定指令集; 识别具有给定硬件配置的计算设备; 以及将另一个翻译器组件和另一个沙盒组件传输到每个所识别的计算设备。 具有给定硬件配置的所识别的计算设备中的每一个被配置为接收组件并且配置其软件组件以使用所接收的组件来代替相应的组件。

公开(公告)号：US08850573B1

公开(公告)日：2014-09-30

申请号：US12886960

申请日：2010-09-21

申请人： J. Bradley Chen ,  Bennet S. Yee ,  David C. Sehr

发明人： J. Bradley Chen ,  Bennet S. Yee ,  David C. Sehr

IPC分类号： H04L29/06 ,  G06F12/14 ,  G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  G06F17/00 ,  G06F12/16 ,  G06F11/00 ,  G08B23/00

CPC分类号： G06F21/126 ,  G06F9/30145 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/74 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2149

摘要： Methods and apparatus for executing untrusted application code are disclosed. An example apparatus includes an execution mode state indicator with a plurality of states. In the example apparatus, the execution mode state indicator is configured such that placing the execution mode state indicator in a first state causes the processor to operate in a first execution mode and placing the execution mode state indicator in a second state causes the processor to operate in a second execution mode. The example apparatus also includes an instruction processing module that is configured to implement a set of instructions in the first execution mode and designate one or more instructions of the set of instructions as illegal instructions in the second execution mode. The example apparatus further includes a memory system that, in the second execution mode, is configured to restrict access to a set of memory addresses accessible by the processor in the first execution mode to a subset of the set of memory addresses.

摘要翻译： 公开了用于执行不可信应用代码的方法和装置。 示例性装置包括具有多个状态的执行模式状态指示符。 在示例性装置中，执行模式状态指示符被配置为使得将执行模式状态指示符置于第一状态使得处理器以第一执行模式操作并且将执行模式状态指示符置于第二状态使得处理器操作 在第二执行模式。 示例性装置还包括指令处理模块，其被配置为在第一执行模式中实现一组指令，并将指令集中的一个或多个指令指定为第二执行模式中的非法指令。 该示例设备还包括存储器系统，其在第二执行模式中被配置为限制对处理器在第一执行模式中可访问的一组存储器地址的访问到该组存储器地址的子集。

公开(公告)号：US08595832B1

公开(公告)日：2013-11-26

申请号：US13403330

申请日：2012-02-23

申请人： Bennet S. Yee ,  J. Bradley Chen ,  David C. Sehr

发明人： Bennet S. Yee ,  J. Bradley Chen ,  David C. Sehr

IPC分类号： G06F12/14 ,  H04L9/32

CPC分类号： G06F21/53 ,  G06F21/51 ,  H04L2209/046

摘要： This disclosure presents a system that uses masking to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a masking mechanism that masks one or more bits of a target address during a control flow transfer to transfer control to a restricted set of aligned byte boundaries in the native code.

摘要翻译： 本公开提供了使用掩蔽来安全地执行本地代码的系统。 该系统包括执行本地代码的处理元件和存储处理元件的代码和数据的存储器。 处理元件包括屏蔽机制，其在控制流传输期间屏蔽目标地址的一个或多个位以将控制转移到本地代码中对齐的字节边界的限制集合。