专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09372704B2 Virtual environment having harvard architecture 有权
标题翻译：具有哈佛架构的虚拟环境
公开(公告)号：US09372704B2
公开(公告)日：2016-06-21
申请号：US14141906
申请日：2013-12-27
申请人： Google Inc.
发明人： David C. Sehr , J. Bradley Chen , Bennet S. Yee
IPC分类号： G06F21/00 , G06F9/455 , G06F21/53
CPC分类号： G06F9/455 , G06F9/45558 , G06F21/53 , G06F2009/45583
摘要： Methods, systems, and apparatus, including computer programs encoded on computer storage media, relating to software execution. One of the methods includes executing, on a computer including a single memory for storing data and instructions, a virtual environment including a data memory and an instruction memory, the instruction memory configured to be unreadable by instructions stored in the instruction memory; receiving, at the virtual environment, a software module comprising multiple instructions; and performing validation of the software module including: identifying, in the software module one or more calls to the single memory; and verifying that the one or more calls to the single memory are in the data memory.
摘要翻译：方法，系统和装置，包括在计算机存储介质上编码的计算机程序，涉及软件执行。一种方法包括在包括用于存储数据和指令的单个存储器的计算机上执行包括数据存储器和指令存储器的虚拟环境，所述指令存储器被配置为通过存储在指令存储器中的指令而不可读; 在虚拟环境中接收包括多个指令的软件模块; 以及执行所述软件模块的验证，包括：在所述软件模块中识别对所述单个存储器的一个或多个调用; 并验证对单个存储器的一个或多个调用是在数据存储器中。

2. 发明授权

US09361453B2 Validating an untrusted native code module 有权
标题翻译：验证不可信的本机代码模块
公开(公告)号：US09361453B2
公开(公告)日：2016-06-07
申请号：US14463345
申请日：2014-08-19
申请人： Google Inc.
发明人： J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
IPC分类号： G06F21/00 , G06F21/51
CPC分类号： G06F21/577 , G06F21/51
摘要： A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
摘要翻译：验证本地代码模块的系统。在操作期间，系统接收由不可信的本地程序代码组成的本地代码模块。该系统通过以下方式来验证本地代码模块：（1）确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和（2）确定本地代码模块中的指令沿着字节边界排列，使得指定的字节边界集合总是包含有效指令，并且控制流指令具有有效目标。系统允许成功验证的本地代码模块执行，并拒绝验证失败的本机代码模块。通过验证本地代码模块，系统便于在计算设备上的安全运行时环境中安全执行本地代码模块，从而为不受信任的程序二进制代码执行本机代码性能，而不会产生不必要的副作用。

3. 发明授权

US09300760B2 Machine-specific instruction set translation 有权
标题翻译：特定于机器的指令集翻译
公开(公告)号：US09300760B2
公开(公告)日：2016-03-29
申请号：US13751729
申请日：2013-01-28
申请人： Google Inc.
发明人： David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
IPC分类号： H04L29/06
CPC分类号： H04L67/42 , H04L41/08 , H04L67/06
摘要： Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
摘要翻译：为机器特定的指令集转换提供了方法，系统和计算机程序产品。一个示例性方法包括识别计算设备，每个设备具有安装的相应的软件组件，所述软件组件包括用于将便携式格式的程序转换为特定于机器的指令集的翻译器组件，以及用于执行翻译为使用基于软件的故障隔离的计算设备上的机器特定指令集; 识别具有给定硬件配置的计算设备; 以及将另一个翻译器组件和另一个沙盒组件传输到每个所识别的计算设备。具有给定硬件配置的所识别的计算设备中的每一个被配置为接收组件并且配置其软件组件以使用所接收的组件来代替相应的组件。

4. 发明申请

US20150161383A1 Method for Safely Executing an Untrusted Native Code Module on a Computing Device 有权
标题翻译：在计算设备上安全执行不受信任的本机代码模块的方法
公开(公告)号：US20150161383A1
公开(公告)日：2015-06-11
申请号：US14621550
申请日：2015-02-13
申请人： Google Inc.
发明人： J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee , Gregory Dardyk
IPC分类号： G06F21/53
CPC分类号： G06F21/51 , G06F9/30174 , G06F9/44589 , G06F21/53 , G06F21/57 , G06F2221/033 , G06F2221/2113 , G06F2221/2119 , H04L29/06884
摘要： A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.
摘要翻译：一种在计算设备上安全执行本机代码模块的系统。在操作期间，系统接收本地代码模块，其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。然后，系统将本机代码模块加载到安全运行时环境中，并继续在安全运行时环境中从本机代码模块执行一组指令。安全运行时环境强制本机代码模块的代码完整性，控制流完整性和数据完整性。此外，安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。通过在安全运行时环境中执行本地代码模块，系统便于实现不可信程序代码的本地代码性能，而不会产生不必要的副作用的重大风险。

5. 发明授权

US09710654B2 Method for validating an untrusted native code module 有权
公开(公告)号：US09710654B2
公开(公告)日：2017-07-18
申请号：US15172879
申请日：2016-06-03
申请人： Google Inc.
发明人： J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
IPC分类号： G06F21/00 , G06F21/57 , G06F21/51
CPC分类号： G06F21/577 , G06F21/51
摘要： A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.

6. 发明申请

US20160212243A1 Machine-Specific Instruction Set Translation 有权
公开(公告)号：US20160212243A1
公开(公告)日：2016-07-21
申请号：US15082162
申请日：2016-03-28
申请人： Google Inc.
发明人： David C. Sehr , J. Bradley Chen , Bennet S. Yee , Robert Muth , Jan Voung , Derek L. Schuff
IPC分类号： H04L29/06
CPC分类号： H04L67/42 , H04L41/08 , H04L67/06
摘要： Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.

7. 发明授权

US08959632B2 Safely executing an untrusted native code module on a computing device 有权
标题翻译：在计算设备上安全执行不受信任的本地代码模块
公开(公告)号：US08959632B2
公开(公告)日：2015-02-17
申请号：US13787616
申请日：2013-03-06
申请人： Google Inc.
发明人： J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee , Gregory Dardyk
IPC分类号： G06F21/00 , G06F9/445 , H04L29/06 , G06F9/30 , G06F21/53 , G06F21/57
CPC分类号： G06F21/51 , G06F9/30174 , G06F9/44589 , G06F21/53 , G06F21/57 , G06F2221/033 , G06F2221/2113 , G06F2221/2119 , H04L29/06884
摘要： A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.
摘要翻译：一种在计算设备上安全执行本机代码模块的系统。在操作期间，系统接收本地代码模块，其由使用与计算设备相关联的指令集架构中的本地指令表示的不可信的本机程序代码组成。然后，系统将本机代码模块加载到安全运行时环境中，并继续在安全运行时环境中从本机代码模块执行一组指令。安全运行时环境强制本机代码模块的代码完整性，控制流完整性和数据完整性。此外，安全运行时环境调节哪些资源可以由计算设备上的本地代码模块访问和/或如何访问这些资源。通过在安全运行时环境中执行本地代码模块，系统便于实现不可信程序代码的本地代码性能，而不会产生不必要的副作用的重大风险。

8. 发明授权

US08935776B1 Native code module security for 64-bit instruction set architectures 有权
标题翻译： 64位指令集架构的本地代码模块安全性
公开(公告)号：US08935776B1
公开(公告)日：2015-01-13
申请号：US13904490
申请日：2013-05-29
申请人： Google Inc.
发明人： David C. Sehr , Bennet S. Yee , J. Bradley Chen , Victor Khimenko
IPC分类号： G06F21/00 , G06F21/53
CPC分类号： G06F21/53
摘要： Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that maintain control flow integrity for the native code module and constrain store instructions in the native code module by bounding a valid memory region of the native code module with one or more guard regions.
摘要翻译：一些实施例提供执行本地代码模块的系统。在操作过程中，系统获取本地代码模块。接下来，系统将本机代码模块加载到安全运行时环境中。最后，系统通过使用一组维护本地代码模块的控制流完整性的软件故障隔离（SFI）机制来安全地执行安全运行时环境中的本地代码模块，并通过限制本地代码模块限制存储指令具有一个或多个保护区域的本地代码模块的存储器区域。

9. 发明申请

US20140359765A1 Method for Validating an Untrusted Native Code Module 有权
标题翻译：验证不受信任的本地代码模块的方法
公开(公告)号：US20140359765A1
公开(公告)日：2014-12-04
申请号：US14463345
申请日：2014-08-19
申请人： Google Inc.
发明人： J. Bradley Chen , Matthew T. Harren , Matthew Papakipos , David C. Sehr , Bennet S. Yee
IPC分类号： G06F21/51
CPC分类号： G06F21/577 , G06F21/51
摘要： A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
摘要翻译：验证本机代码模块的系统。在操作期间，系统接收由不可信的本地程序代码组成的本地代码模块。该系统通过以下方式来验证本地代码模块：（1）确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和（2）确定本地代码模块中的指令沿着字节边界排列，使得指定的字节边界集合总是包含有效指令，并且控制流指令具有有效目标。系统允许成功验证的本地代码模块执行，并拒绝验证失败的本机代码模块。通过验证本地代码模块，系统便于在计算设备上的安全运行时环境中安全执行本地代码模块，从而为不受信任的程序二进制代码执行本机代码性能，而不会产生不必要的副作用。

10. 发明申请

US20140282534A1 VIRTUAL ENVIRONMENT HAVING HARVARD ARCHITECTURE 有权
标题翻译：有虚拟环境的HARVARD ARCHITECTURE
公开(公告)号：US20140282534A1
公开(公告)日：2014-09-18
申请号：US14141906
申请日：2013-12-27
申请人： Google Inc.
发明人： David C. Sehr , J. Bradley Chen , Bennet S. Yee
IPC分类号： G06F9/455 , G06F21/53
CPC分类号： G06F9/455 , G06F9/45558 , G06F21/53 , G06F2009/45583
摘要： Methods, systems, and apparatus, including computer programs encoded on computer storage media, relating to software execution. One of the methods includes executing, on a computer including a single memory for storing data and instructions, a virtual environment including a data memory and an instruction memory, the instruction memory configured to be unreadable by instructions stored in the instruction memory; receiving, at the virtual environment, a software module comprising multiple instructions; and performing validation of the software module including: identifying, in the software module one or more calls to the single memory; and verifying that the one or more calls to the single memory are in the data memory.
摘要翻译：方法，系统和装置，包括在计算机存储介质上编码的计算机程序，涉及软件执行。一种方法包括在包括用于存储数据和指令的单个存储器的计算机上执行包括数据存储器和指令存储器的虚拟环境，所述指令存储器被配置为通过存储在指令存储器中的指令而不可读; 在虚拟环境中接收包括多个指令的软件模块; 以及执行所述软件模块的验证，包括：在所述软件模块中识别对所述单个存储器的一个或多个调用; 并验证对单个存储器的一个或多个调用是在数据存储器中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式