CA2996747A1 - Secure just-in-time (jit) code generation - Google Patents

Secure just-in-time (jit) code generation Download PDF

Info

Publication number
CA2996747A1
CA2996747A1 CA2996747A CA2996747A CA2996747A1 CA 2996747 A1 CA2996747 A1 CA 2996747A1 CA 2996747 A CA2996747 A CA 2996747A CA 2996747 A CA2996747 A CA 2996747A CA 2996747 A1 CA2996747 A1 CA 2996747A1
Authority
CA
Canada
Prior art keywords
jit
code segment
executing
code
shared memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CA2996747A
Other languages
English (en)
French (fr)
Inventor
Udi Yavo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fortinet Inc
Original Assignee
Ensilo Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ensilo Ltd filed Critical Ensilo Ltd
Publication of CA2996747A1 publication Critical patent/CA2996747A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • G06F9/4552Involving translation to a different instruction set architecture, e.g. just-in-time translation in a JVM
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)
  • Devices For Executing Special Programs (AREA)
CA2996747A 2017-03-05 2018-02-28 Secure just-in-time (jit) code generation Pending CA2996747A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/449,965 US10795989B2 (en) 2017-03-05 2017-03-05 Secure just-in-time (JIT) code generation
US15/449,965 2017-03-05

Publications (1)

Publication Number Publication Date
CA2996747A1 true CA2996747A1 (en) 2018-09-05

Family

ID=61557080

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2996747A Pending CA2996747A1 (en) 2017-03-05 2018-02-28 Secure just-in-time (jit) code generation

Country Status (6)

Country Link
US (1) US10795989B2 (enExample)
EP (1) EP3373133B1 (enExample)
JP (1) JP2018152061A (enExample)
CA (1) CA2996747A1 (enExample)
IL (1) IL257893B (enExample)
SG (1) SG10201801669XA (enExample)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11822654B2 (en) * 2017-04-20 2023-11-21 Morphisec Information Security 2014 Ltd. System and method for runtime detection, analysis and signature determination of obfuscated malicious code
CN113360134B (zh) * 2020-03-06 2022-06-17 武汉斗鱼网络科技有限公司 安全验证程序的生成方法、装置、设备和存储介质
US11487565B2 (en) * 2020-10-29 2022-11-01 Hewlett Packard Enterprise Development Lp Instances of just-in-time (JIT) compilation of code using different compilation settings
US11816484B2 (en) * 2020-10-30 2023-11-14 Apple Inc. Hardware verification of dynamically generated code

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7600222B2 (en) * 2002-01-04 2009-10-06 Microsoft Corporation Systems and methods for managing drivers in a computing system
US7219329B2 (en) * 2003-06-13 2007-05-15 Microsoft Corporation Systems and methods providing lightweight runtime code generation
JP2006048186A (ja) * 2004-08-02 2006-02-16 Hitachi Ltd 動的コンパイラの生成コードを保護する言語処理系
US7603712B2 (en) * 2005-04-21 2009-10-13 Microsoft Corporation Protecting a computer that provides a Web service from malware
US20070283336A1 (en) * 2006-06-01 2007-12-06 Michael Karl Gschwind System and method for just-in-time compilation in a heterogeneous processing environment
US20080127142A1 (en) 2006-11-28 2008-05-29 Microsoft Corporation Compiling executable code into a less-trusted address space
US8156093B2 (en) * 2009-03-10 2012-04-10 Microsoft Corporaton Memory object sharing for just in time compiled data
US8677329B2 (en) * 2009-06-03 2014-03-18 Apple Inc. Methods and apparatuses for a compiler server
JP6555981B2 (ja) * 2015-08-24 2019-08-07 キヤノン株式会社 情報処理装置及びその制御方法
US10303885B2 (en) * 2016-03-02 2019-05-28 Apple Inc. Methods and systems for securely executing untrusted software

Also Published As

Publication number Publication date
HK1255149A1 (en) 2019-08-09
EP3373133B1 (en) 2021-02-24
SG10201801669XA (en) 2018-10-30
EP3373133A1 (en) 2018-09-12
JP2018152061A (ja) 2018-09-27
US10795989B2 (en) 2020-10-06
US20180253549A1 (en) 2018-09-06
IL257893B (en) 2022-01-01
IL257893A (en) 2018-04-30

Similar Documents

Publication Publication Date Title
Elsabagh et al. {FIRMSCOPE}: Automatic uncovering of {Privilege-Escalation} vulnerabilities in {Pre-Installed} apps in android firmware
US8099596B1 (en) System and method for malware protection using virtualization
RU2691187C1 (ru) Система и способы аудита виртуальной машины
US8806640B2 (en) Program execution integrity verification for a computer system
US9934380B2 (en) Execution profiling detection of malicious objects
US20170161498A1 (en) Systems and methods for detection of malicious code in runtime generated code
US10102373B2 (en) Method and apparatus for capturing operation in a container-based virtualization system
US20160210216A1 (en) Application Control Flow Models
Yavarzadeh et al. Half&half: Demystifying intel’s directional branch predictors for fast, secure partitioned execution
EP3373133B1 (en) Secure just-in-time (jit) code generation
US11341241B2 (en) Enhancing memory safe programming using a page frame tag mechanism
US10885183B2 (en) Return oriented programming attack protection
Kim et al. Prof-gen: Practical study on system call whitelist generation for container attack surface reduction
GB2527323A (en) Runtime protection of web services
US10417412B2 (en) Protecting computer code against ROP attacks
US20200019392A1 (en) Application Binary Rewriting to Reduce Binary Attack Surface Area
US9027145B2 (en) Method and apparatus for detecting leak of information resource of device
Zhang et al. A comprehensive study of co-residence threat in multi-tenant public PaaS clouds
US20190387001A1 (en) Methods and Apparatus to Enable Services to Run in Multiple Security Contexts
HK1255149B (en) Secure just-in-time (jit) code generation
Armando et al. SAM: the static analysis module of the MAVERIC mobile app security verification platform
Graa et al. Detection of illegal control flow in android system: protecting private data used by smartphone apps
US20250077198A1 (en) Exploit prevention based on generation of random chaotic execution context
US10990664B2 (en) Eliminating and reporting kernel instruction alteration
Ashouri et al. JACY: a JVM-Based Intrusion Detection and Security Analysis System

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20230105

EEER Examination request

Effective date: 20230105

EEER Examination request

Effective date: 20230105

EEER Examination request

Effective date: 20230105

EEER Examination request

Effective date: 20230105