公开(公告)号：US20110138476A1

公开(公告)日：2011-06-09

申请号：US12633326

申请日：2009-12-08

申请人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

发明人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

IPC分类号： G06F21/22

CPC分类号： G06F21/53 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/54 ,  G06F21/57 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/101

摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

摘要翻译： 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的这些扩展可以强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过重定向函数调用 在插页库中调用包装器。 仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。

公开(公告)号：US08352797B2

公开(公告)日：2013-01-08

申请号：US12633326

申请日：2009-12-08

申请人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

发明人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

IPC分类号： G06F11/30

CPC分类号： G06F21/53 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/54 ,  G06F21/57 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/101

摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

摘要翻译： 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的仪器会强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过将函数调用重定向到 在插页库中调用包装器。 仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。

公开(公告)号：US08434064B2

公开(公告)日：2013-04-30

申请号：US12058513

申请日：2008-03-28

申请人： Periklis Akritidis ,  Manuel Costa ,  Miguel Castro

发明人： Periklis Akritidis ,  Manuel Costa ,  Miguel Castro

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F11/3612 ,  G06F21/52 ,  G06F21/54

摘要： Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.

摘要翻译： 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中，当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中，使得在运行时，程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败，则插入的代码会引发异常，如果检查成功，则允许写入继续。 在另一实施例中，还可以插入代码以在间接控制流传输指令之前执行检查，以确保那些指令不能将控制转移到与预期不同的位置。

公开(公告)号：US20090249289A1

公开(公告)日：2009-10-01

申请号：US12058513

申请日：2008-03-28

申请人： Periklis Akritidis ,  Manuel Costa ,  Miguel Castro

发明人： Periklis Akritidis ,  Manuel Costa ,  Miguel Castro

IPC分类号： G06F9/44

CPC分类号： G06F11/3612 ,  G06F21/52 ,  G06F21/54

摘要： Methods of detecting memory errors using write integrity testing are described. In an embodiment, additional analysis is performed when a program is compiled. This analysis identifies a set of objects which can be written by each instruction in the program. Additional code is then inserted into the program so that, at runtime, the program checks before performing a write instruction that the particular object being written is one of the set of objects that it is allowed to write. The inserted code causes an exception to be raised if this check fails and allows the write to proceed if the check is successful. In a further embodiment, code may also be inserted to perform checks before indirect control-flow transfer instructions, to ensure that those instructions cannot transfer control to locations different from those intended.

摘要翻译： 描述使用写入完整性测试来检测存储器错误的方法。 在一个实施例中，当编译程序时执行附加分析。 此分析标识可由程序中的每条指令写入的一组对象。 然后将附加代码插入到程序中，使得在运行时，程序在执行写入指令之前检查所写入的特定对象是被允许写入的一组对象之一。 如果此检查失败，则插入的代码会引发异常，如果检查成功，则允许写入继续。 在另一实施例中，还可以插入代码以在间接控制流传输指令之前执行检查，以确保那些指令不能将控制转移到与预期不同的位置。