CA2996747C - Secure just-in-time (jit) code generation - Google Patents

Secure just-in-time (jit) code generation

Info

Publication number
CA2996747C
CA2996747C CA2996747A CA2996747A CA2996747C CA 2996747 C CA2996747 C CA 2996747C CA 2996747 A CA2996747 A CA 2996747A CA 2996747 A CA2996747 A CA 2996747A CA 2996747 C CA2996747 C CA 2996747C
Authority
CA
Canada
Prior art keywords
jit
code segment
executing
application
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA2996747A
Other languages
English (en)
French (fr)
Other versions
CA2996747A1 (en
Inventor
Udi YAVO
Original Assignee
Fortinet Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fortinet Inc filed Critical Fortinet Inc
Publication of CA2996747A1 publication Critical patent/CA2996747A1/en
Application granted granted Critical
Publication of CA2996747C publication Critical patent/CA2996747C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • G06F9/4552Involving translation to a different instruction set architecture, e.g. just-in-time translation in a JVM
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Devices For Executing Special Programs (AREA)
CA2996747A 2017-03-05 2018-02-28 Secure just-in-time (jit) code generation Active CA2996747C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/449,965 US10795989B2 (en) 2017-03-05 2017-03-05 Secure just-in-time (JIT) code generation
US15/449,965 2017-03-05

Publications (2)

Publication Number Publication Date
CA2996747A1 CA2996747A1 (en) 2018-09-05
CA2996747C true CA2996747C (en) 2026-02-10

Family

ID=61557080

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2996747A Active CA2996747C (en) 2017-03-05 2018-02-28 Secure just-in-time (jit) code generation

Country Status (6)

Country Link
US (1) US10795989B2 (https=)
EP (1) EP3373133B1 (https=)
JP (1) JP2018152061A (https=)
CA (1) CA2996747C (https=)
IL (1) IL257893B (https=)
SG (1) SG10201801669XA (https=)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11822654B2 (en) * 2017-04-20 2023-11-21 Morphisec Information Security 2014 Ltd. System and method for runtime detection, analysis and signature determination of obfuscated malicious code
CN113360134B (zh) * 2020-03-06 2022-06-17 武汉斗鱼网络科技有限公司 安全验证程序的生成方法、装置、设备和存储介质
US11487565B2 (en) * 2020-10-29 2022-11-01 Hewlett Packard Enterprise Development Lp Instances of just-in-time (JIT) compilation of code using different compilation settings
US11816484B2 (en) 2020-10-30 2023-11-14 Apple Inc. Hardware verification of dynamically generated code
EP4715638A1 (de) * 2024-09-23 2026-03-25 Siemens Aktiengesellschaft Ausführen von anwendungen auf einem sicheren system einer industriellen anlage

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7600222B2 (en) * 2002-01-04 2009-10-06 Microsoft Corporation Systems and methods for managing drivers in a computing system
US7219329B2 (en) * 2003-06-13 2007-05-15 Microsoft Corporation Systems and methods providing lightweight runtime code generation
JP2006048186A (ja) * 2004-08-02 2006-02-16 Hitachi Ltd 動的コンパイラの生成コードを保護する言語処理系
US7603712B2 (en) * 2005-04-21 2009-10-13 Microsoft Corporation Protecting a computer that provides a Web service from malware
US20070283336A1 (en) * 2006-06-01 2007-12-06 Michael Karl Gschwind System and method for just-in-time compilation in a heterogeneous processing environment
US20080127142A1 (en) * 2006-11-28 2008-05-29 Microsoft Corporation Compiling executable code into a less-trusted address space
US8156093B2 (en) * 2009-03-10 2012-04-10 Microsoft Corporaton Memory object sharing for just in time compiled data
US8677329B2 (en) * 2009-06-03 2014-03-18 Apple Inc. Methods and apparatuses for a compiler server
JP6555981B2 (ja) * 2015-08-24 2019-08-07 キヤノン株式会社 情報処理装置及びその制御方法
US10303885B2 (en) * 2016-03-02 2019-05-28 Apple Inc. Methods and systems for securely executing untrusted software

Also Published As

Publication number Publication date
EP3373133A1 (en) 2018-09-12
JP2018152061A (ja) 2018-09-27
IL257893B (en) 2022-01-01
IL257893A (en) 2018-04-30
US20180253549A1 (en) 2018-09-06
HK1255149A1 (en) 2019-08-09
US10795989B2 (en) 2020-10-06
CA2996747A1 (en) 2018-09-05
SG10201801669XA (en) 2018-10-30
EP3373133B1 (en) 2021-02-24

Similar Documents

Publication Publication Date Title
CA2996747C (en) Secure just-in-time (jit) code generation
Elsabagh et al. {FIRMSCOPE}: Automatic uncovering of {Privilege-Escalation} vulnerabilities in {Pre-Installed} apps in android firmware
US8099596B1 (en) System and method for malware protection using virtualization
US8806640B2 (en) Program execution integrity verification for a computer system
JP6837064B2 (ja) ランタイム生成コードにおける悪意のあるコードの検出のためのシステムおよび方法
US9934380B2 (en) Execution profiling detection of malicious objects
US10102373B2 (en) Method and apparatus for capturing operation in a container-based virtualization system
US20140245448A1 (en) Apparatus and method for analyzing permission of application for mobile devices and detecting risk
US20160210216A1 (en) Application Control Flow Models
US11262993B2 (en) Application binary rewriting to reduce binary attack surface area
US10417412B2 (en) Protecting computer code against ROP attacks
Zhang et al. A comprehensive study of co-residence threat in multi-tenant public PaaS clouds
EP3769247B1 (en) System and method for preventing unwanted bundled software installation
US10938831B2 (en) Methods and apparatus to enable services to run in multiple security contexts
Her et al. KubeRosy: A dynamic system call filtering framework for containers
HK1255149B (en) Secure just-in-time (jit) code generation
US20230305825A1 (en) Deployment of software programs based on security levels thereof
Armando et al. SAM: the static analysis module of the MAVERIC mobile app security verification platform
US20210157925A1 (en) Selective runtime activation of anti-rop defense
US12578938B2 (en) Exploit prevention based on generation of random chaotic execution context
US10990664B2 (en) Eliminating and reporting kernel instruction alteration
Ho Kernel Memory Leakage Detection for Intrusion Detection Systems (IDS)
Retamosa et al. Assessment of Mobile Security Platforms.
Joosen Application Security Trends and Challenges

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20230105

P11 Amendment of application requested

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P11-P100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: AMENDMENT RECEIVED - RESPONSE TO EXAMINER'S REQUISITION

Effective date: 20240923

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20250116

U00 Fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U00-U101 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE REQUEST RECEIVED

Effective date: 20250221

MFA Maintenance fee for application paid

Free format text: FEE DESCRIPTION TEXT: MF (APPLICATION, 7TH ANNIV.) - STANDARD

Year of fee payment: 7

U11 Full renewal or maintenance fee paid

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U11-U102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE FEE PAYMENT DETERMINED COMPLIANT

Effective date: 20250226

Free format text: ST27 STATUS EVENT CODE: A-2-2-U10-U11-U102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: MAINTENANCE FEE PAYMENT PAID IN FULL

Effective date: 20250226

P11 Amendment of application requested

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P11-P102 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: AMENDMENT DETERMINED COMPLIANT

Effective date: 20250515

P13 Application amended

Free format text: ST27 STATUS EVENT CODE: A-2-2-P10-P13-X000 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: APPLICATION AMENDED

Effective date: 20250515

D22 Grant of ip right intended

Free format text: ST27 STATUS EVENT CODE: A-2-2-D10-D22-D128 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: ALLOWANCE REQUIREMENTS DETERMINED COMPLIANT

Effective date: 20250827

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W100 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: LETTER SENT

Effective date: 20250827

D00 Search and/or examination requested or commenced

Free format text: ST27 STATUS EVENT CODE: A-2-2-D10-D00-D164 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: RESPONSE TO NOTICE OF ALLOWANCE

Effective date: 20250908

D22 Grant of ip right intended

Free format text: ST27 STATUS EVENT CODE: A-2-4-D10-D22-D143 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: PRE-GRANT

Effective date: 20251202

W00 Other event occurred

Free format text: ST27 STATUS EVENT CODE: A-2-2-W10-W00-W111 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: CORRESPONDENT DETERMINED COMPLIANT

Effective date: 20251202

Q17 Modified document published

Free format text: ST27 STATUS EVENT CODE: A-4-4-Q10-Q17-Q103 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: DOCUMENT PUBLISHED

Effective date: 20260203

F11 Ip right granted following substantive examination

Free format text: ST27 STATUS EVENT CODE: A-4-4-F10-F11-X000 (AS PROVIDED BY THE NATIONAL OFFICE); EVENT TEXT: GRANT BY ISSUANCE

Effective date: 20260210