MX2009004893A - Compilacion de codigo ejecutable en un espacio de direccion menos confiable. - Google Patents
Compilacion de codigo ejecutable en un espacio de direccion menos confiable.Info
- Publication number
- MX2009004893A MX2009004893A MX2009004893A MX2009004893A MX2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A
- Authority
- MX
- Mexico
- Prior art keywords
- address space
- code
- application program
- jit compiler
- operating
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/54—Link editing before load time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45516—Runtime code conversion or optimisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/52—Program synchronisation; Mutual exclusion, e.g. by means of semaphores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/436—Semantic checking
- G06F8/437—Type checking
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Devices For Executing Special Programs (AREA)
- Storage Device Security (AREA)
Abstract
Programas de aplicación inseguros que implementan código manejado pueden ejecutarse en una forma segura. En particular, un sistema operativo puede ser configurado para ejecutar un programa de aplicación en modo de usuario, pero controlar compilación de código manejado a través de un compilador de tipo JIT seguro que opera en modo de núcleo. El sistema operativo también puede designar una ubicación de memoria individual para accederse a través de múltiples espacios de dirección con diferentes grupos de permiso. Un programa de aplicación que opera en modo de usuario puede ser ejecutado en el espacio de dirección de lectura/ejecución, mientras el compilador JIT opera en un espacio de dirección de lectura/escritura. Cuando encuentra uno o más indicadores a código de lenguaje intermedio, el tiempo de funcionamiento de aplicación puede enviar una o más solicitudes de compilación a un componente de seguridad de modo de núcleo, que valida las solicitudes. Si se validan, el compilador JIT compilará el código de lenguaje intermedio solicitado, y el programa de aplicación puede acceder al código compilado desde un montículo de memoria compartida.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/564,249 US20080127142A1 (en) | 2006-11-28 | 2006-11-28 | Compiling executable code into a less-trusted address space |
PCT/US2007/085664 WO2008067329A1 (en) | 2006-11-28 | 2007-11-27 | Compiling executable code into a less-trusted address space |
Publications (1)
Publication Number | Publication Date |
---|---|
MX2009004893A true MX2009004893A (es) | 2009-05-19 |
Family
ID=39469533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
MX2009004893A MX2009004893A (es) | 2006-11-28 | 2007-11-27 | Compilacion de codigo ejecutable en un espacio de direccion menos confiable. |
Country Status (13)
Country | Link |
---|---|
US (2) | US20080127142A1 (es) |
EP (1) | EP2115580A4 (es) |
JP (1) | JP2010511227A (es) |
KR (1) | KR20090093967A (es) |
CN (1) | CN101553784A (es) |
AU (1) | AU2007325237B2 (es) |
BR (1) | BRPI0719800A2 (es) |
CA (1) | CA2665027A1 (es) |
IL (1) | IL198058A0 (es) |
MX (1) | MX2009004893A (es) |
RU (1) | RU2439665C2 (es) |
TW (1) | TW200830184A (es) |
WO (1) | WO2008067329A1 (es) |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080127142A1 (en) * | 2006-11-28 | 2008-05-29 | Microsoft Corporation | Compiling executable code into a less-trusted address space |
US8281293B2 (en) * | 2007-07-24 | 2012-10-02 | International Business Machines Corporation | Copy-on-write optimization of immutable objects for objects oriented languages |
US8296730B2 (en) * | 2008-03-12 | 2012-10-23 | Microsoft Corporation | Using extension methods to extend COM objects |
US20090319991A1 (en) * | 2008-06-20 | 2009-12-24 | Microsoft Corporation | Managed code type equivalence |
US20100058016A1 (en) * | 2008-08-26 | 2010-03-04 | Jari Nikara | Method, apparatus and software product for multi-channel memory sandbox |
US8180986B2 (en) * | 2008-09-17 | 2012-05-15 | Microsoft Corporation | Memory conflict detection via mapping of the physical heap to control access permissions to the memory |
US8190636B2 (en) * | 2008-09-30 | 2012-05-29 | Nokia Corporation | Method, apparatus and computer program product for providing object privilege modification |
US8276111B2 (en) * | 2008-12-19 | 2012-09-25 | Microsoft Corporation | Providing access to a dataset in a type-safe manner |
US20100199357A1 (en) * | 2009-02-02 | 2010-08-05 | Microsoft Corporation | Secure hosting for untrusted code |
US9117071B2 (en) * | 2009-06-03 | 2015-08-25 | Apple Inc. | Methods and apparatuses for secure compilation |
US8677329B2 (en) | 2009-06-03 | 2014-03-18 | Apple Inc. | Methods and apparatuses for a compiler server |
US8850573B1 (en) * | 2010-04-14 | 2014-09-30 | Google Inc. | Computing device with untrusted user execution mode |
US8495750B2 (en) | 2010-08-31 | 2013-07-23 | International Business Machines Corporation | Filesystem management and security system |
US9147085B2 (en) * | 2010-09-24 | 2015-09-29 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
KR20120031756A (ko) | 2010-09-27 | 2012-04-04 | 삼성전자주식회사 | Cpu와 gpu를 사용하는 이종 시스템에서 가상화를 이용한 어플리케이션 컴파일 및 실행 방법 및 장치 |
US20120159193A1 (en) * | 2010-12-18 | 2012-06-21 | Microsoft Corporation | Security through opcode randomization |
US8646050B2 (en) * | 2011-01-18 | 2014-02-04 | Apple Inc. | System and method for supporting JIT in a secure system with randomly allocated memory ranges |
AU2013202876B2 (en) * | 2011-01-18 | 2016-07-07 | Apple Inc. | System and method for supporting JIT in a secure system with randomly allocated memory ranges |
WO2012103359A2 (en) | 2011-01-27 | 2012-08-02 | Soft Machines, Inc. | Hardware acceleration components for translating guest instructions to native instructions |
EP2668565B1 (en) * | 2011-01-27 | 2019-11-06 | Intel Corporation | Guest instruction to native instruction range based mapping using a conversion look aside buffer of a processor |
KR101895453B1 (ko) | 2011-11-09 | 2018-10-25 | 삼성전자주식회사 | 이기종 컴퓨팅 환경에서 보안 강화 방법 및 장치 |
US9128732B2 (en) * | 2012-02-03 | 2015-09-08 | Apple Inc. | Selective randomization for non-deterministically compiled code |
US9626507B2 (en) * | 2012-04-06 | 2017-04-18 | Google Inc. | Hosted application sandboxing |
CN103377120B (zh) * | 2012-04-24 | 2017-06-30 | 财付通支付科技有限公司 | 一种应用程序测试方法及装置 |
BR112015010016A2 (pt) | 2012-11-07 | 2017-07-11 | Koninklijke Philips Nv | compilador, computador, método de compilação e programa de computador |
US10180824B2 (en) | 2012-12-21 | 2019-01-15 | Koninklijke Philips N.V. | Computing device comprising a table network |
JP6129702B2 (ja) * | 2013-09-24 | 2017-05-17 | 株式会社東芝 | 情報処理装置、情報処理システム、プログラム |
US9336413B2 (en) * | 2013-11-22 | 2016-05-10 | Oracle International Corporation | Method and system for fast permission changes for virtual addresses |
US10691618B2 (en) * | 2013-12-17 | 2020-06-23 | Intel Corporation | Secure enclaves for use by kernel mode applications |
US10311227B2 (en) * | 2014-09-30 | 2019-06-04 | Apple Inc. | Obfuscation of an address space layout randomization mapping in a data processing system |
US10311228B2 (en) | 2014-09-30 | 2019-06-04 | Apple Inc. | Using a fine-grained address space layout randomization to mitigate potential security exploits |
US9930050B2 (en) * | 2015-04-01 | 2018-03-27 | Hand Held Products, Inc. | Device management proxy for secure devices |
JP6589505B2 (ja) * | 2015-09-24 | 2019-10-16 | ヤマハ株式会社 | ルータ |
FR3047587B1 (fr) * | 2016-02-10 | 2023-01-13 | Dolphin Integration Sa | Dispositif de traitement muni d'un mode d'acces a des donnees sensibles. |
US10303885B2 (en) | 2016-03-02 | 2019-05-28 | Apple Inc. | Methods and systems for securely executing untrusted software |
US10795989B2 (en) * | 2017-03-05 | 2020-10-06 | Fortinet, Inc. | Secure just-in-time (JIT) code generation |
US10572275B2 (en) * | 2017-06-15 | 2020-02-25 | Microsoft Technology Licensing, Llc | Compatible dictionary layout |
US10579520B2 (en) | 2017-11-30 | 2020-03-03 | Webroot Inc. | Multi-ring shared, traversable, and dynamic advanced database |
US10846211B2 (en) * | 2018-03-21 | 2020-11-24 | Microsoft Technology Licensing, Llc | Testing kernel mode computer code by executing the computer code in user mode |
US10983926B2 (en) | 2018-08-29 | 2021-04-20 | Red Hat, Inc. | Efficient userspace driver isolation for virtual machines |
US10754796B2 (en) | 2018-08-29 | 2020-08-25 | Red Hat, Inc. | Efficient user space driver isolation by CPU page table switching |
US11029968B1 (en) * | 2019-07-31 | 2021-06-08 | Facebook Technologies, Llc | Operating system with a single kernel stack per processor |
CN113268349B (zh) * | 2021-06-04 | 2022-02-18 | 科东(广州)软件科技有限公司 | 一种计算机内存管理方法、装置、设备及存储介质 |
US11816203B2 (en) * | 2021-11-23 | 2023-11-14 | Malwarebytes Inc. | Stack execution detection in a sandbox environment |
CN115842927B (zh) * | 2023-02-24 | 2023-06-06 | 湖北芯擎科技有限公司 | 一种视频流的安全显示方法、装置和电子设备 |
Family Cites Families (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4926476A (en) * | 1989-02-03 | 1990-05-15 | Motorola, Inc. | Method and apparatus for secure execution of untrusted software |
US5761477A (en) * | 1995-12-04 | 1998-06-02 | Microsoft Corporation | Methods for safe and efficient implementations of virtual machines |
US6151703A (en) * | 1996-05-20 | 2000-11-21 | Inprise Corporation | Development system with methods for just-in-time compilation of programs |
US6092147A (en) * | 1997-04-15 | 2000-07-18 | Sun Microsystems, Inc. | Virtual machine with securely distributed bytecode verification |
US6275938B1 (en) * | 1997-08-28 | 2001-08-14 | Microsoft Corporation | Security enhancement for untrusted executable code |
US6081665A (en) * | 1997-12-19 | 2000-06-27 | Newmonics Inc. | Method for efficient soft real-time execution of portable byte code computer programs |
US6505300B2 (en) * | 1998-06-12 | 2003-01-07 | Microsoft Corporation | Method and system for secure running of untrusted content |
US6412053B2 (en) * | 1998-08-26 | 2002-06-25 | Compaq Computer Corporation | System method and apparatus for providing linearly scalable dynamic memory management in a multiprocessing system |
US7409694B2 (en) * | 1998-09-09 | 2008-08-05 | Microsoft Corporation | Highly componentized system architecture with loadable virtual memory manager |
US6651171B1 (en) * | 1999-04-06 | 2003-11-18 | Microsoft Corporation | Secure execution of program code |
US6775779B1 (en) * | 1999-04-06 | 2004-08-10 | Microsoft Corporation | Hierarchical trusted code for content protection in computers |
US6622300B1 (en) * | 1999-04-21 | 2003-09-16 | Hewlett-Packard Development Company, L.P. | Dynamic optimization of computer programs using code-rewriting kernal module |
US6560774B1 (en) * | 1999-09-01 | 2003-05-06 | Microsoft Corporation | Verifier to check intermediate language |
US7111307B1 (en) * | 1999-11-23 | 2006-09-19 | Microsoft Corporation | Method and system for monitoring and verifying software drivers using system resources including memory allocation and access |
US6883098B1 (en) * | 2000-09-20 | 2005-04-19 | International Business Machines Corporation | Method and computer system for controlling access by applications to this and other computer systems |
US6978018B2 (en) * | 2001-09-28 | 2005-12-20 | Intel Corporation | Technique to support co-location and certification of executable content from a pre-boot space into an operating system runtime environment |
JP4522705B2 (ja) * | 2001-12-13 | 2010-08-11 | 独立行政法人科学技術振興機構 | ソフトウェア安全実行システム |
US7346901B2 (en) * | 2001-12-18 | 2008-03-18 | Microsoft Corporation | Efficient generic code in a dynamic execution environment |
US7234144B2 (en) * | 2002-01-04 | 2007-06-19 | Microsoft Corporation | Methods and system for managing computational resources of a coprocessor in a computing system |
US6952722B1 (en) * | 2002-01-22 | 2005-10-04 | Cisco Technology, Inc. | Method and system using peer mapping system call to map changes in shared memory to all users of the shared memory |
US7124445B2 (en) | 2002-06-21 | 2006-10-17 | Pace Anti-Piracy, Inc. | Protecting software from unauthorized use by converting source code modules to byte codes |
US7296154B2 (en) * | 2002-06-24 | 2007-11-13 | Microsoft Corporation | Secure media path methods, systems, and architectures |
US20040025009A1 (en) * | 2002-07-31 | 2004-02-05 | Camber August A. | Method and apparatus for acceleration of multimedia content |
US7216341B2 (en) * | 2003-05-09 | 2007-05-08 | Microsoft Corporation | Instrumenting software for enhanced diagnosability |
US7219329B2 (en) * | 2003-06-13 | 2007-05-15 | Microsoft Corporation | Systems and methods providing lightweight runtime code generation |
DE10335989B4 (de) * | 2003-08-01 | 2019-07-11 | Kw-Software Gmbh | Online-Änderungen von CIL-Code-Programmen für die Industrieautomatisierung |
US7549145B2 (en) * | 2003-09-25 | 2009-06-16 | International Business Machines Corporation | Processor dedicated code handling in a multi-processor environment |
US7162626B2 (en) * | 2003-09-25 | 2007-01-09 | Intel Corporation | Use of common language infrastructure for sharing drivers and executable content across execution environments |
JP4652680B2 (ja) * | 2003-12-22 | 2011-03-16 | パナソニック株式会社 | コンパイル方法および装置、ならびにコンパイラ |
US7647629B2 (en) | 2004-02-03 | 2010-01-12 | Microsoft Corporation | Hosted code runtime protection |
US7743423B2 (en) * | 2004-02-03 | 2010-06-22 | Microsoft Corporation | Security requirement determination |
JP2007233426A (ja) * | 2004-04-05 | 2007-09-13 | Matsushita Electric Ind Co Ltd | アプリケーション実行装置 |
US8607299B2 (en) * | 2004-04-27 | 2013-12-10 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
US7380276B2 (en) * | 2004-05-20 | 2008-05-27 | Intel Corporation | Processor extensions and software verification to support type-safe language environments running with untrusted code |
JP2006048186A (ja) * | 2004-08-02 | 2006-02-16 | Hitachi Ltd | 動的コンパイラの生成コードを保護する言語処理系 |
US7665077B2 (en) * | 2004-10-18 | 2010-02-16 | Microsoft Corporation | System and method for sharing objects between applications in a virtual runtime environment |
DE102004057490B4 (de) | 2004-11-29 | 2007-02-22 | Infineon Technologies Ag | Vorrichtung und Verfahren zum Verarbeiten eines Programmcodes |
US7587724B2 (en) * | 2005-07-13 | 2009-09-08 | Symantec Corporation | Kernel validation layer |
JP4519738B2 (ja) * | 2005-08-26 | 2010-08-04 | 株式会社東芝 | メモリアクセス制御装置 |
US8769672B2 (en) * | 2006-08-03 | 2014-07-01 | Symantec Corporation | Code injection prevention |
US20080127142A1 (en) * | 2006-11-28 | 2008-05-29 | Microsoft Corporation | Compiling executable code into a less-trusted address space |
-
2006
- 2006-11-28 US US11/564,249 patent/US20080127142A1/en not_active Abandoned
- 2006-12-07 US US11/567,871 patent/US7673109B2/en active Active
-
2007
- 2007-10-24 TW TW096139915A patent/TW200830184A/zh unknown
- 2007-11-27 RU RU2009120207/08A patent/RU2439665C2/ru not_active IP Right Cessation
- 2007-11-27 WO PCT/US2007/085664 patent/WO2008067329A1/en active Application Filing
- 2007-11-27 JP JP2009538535A patent/JP2010511227A/ja not_active Withdrawn
- 2007-11-27 CN CNA2007800439290A patent/CN101553784A/zh active Pending
- 2007-11-27 MX MX2009004893A patent/MX2009004893A/es not_active Application Discontinuation
- 2007-11-27 CA CA002665027A patent/CA2665027A1/en not_active Abandoned
- 2007-11-27 KR KR1020097010902A patent/KR20090093967A/ko not_active IP Right Cessation
- 2007-11-27 BR BRPI0719800-0A2A patent/BRPI0719800A2/pt not_active IP Right Cessation
- 2007-11-27 EP EP07854801A patent/EP2115580A4/en not_active Withdrawn
- 2007-11-27 AU AU2007325237A patent/AU2007325237B2/en not_active Ceased
-
2009
- 2009-04-07 IL IL198058A patent/IL198058A0/en unknown
Also Published As
Publication number | Publication date |
---|---|
AU2007325237B2 (en) | 2011-10-27 |
RU2009120207A (ru) | 2010-12-10 |
US20080126740A1 (en) | 2008-05-29 |
CA2665027A1 (en) | 2008-06-05 |
KR20090093967A (ko) | 2009-09-02 |
AU2007325237A1 (en) | 2008-06-05 |
US20080127142A1 (en) | 2008-05-29 |
RU2439665C2 (ru) | 2012-01-10 |
JP2010511227A (ja) | 2010-04-08 |
WO2008067329A1 (en) | 2008-06-05 |
IL198058A0 (en) | 2009-12-24 |
EP2115580A1 (en) | 2009-11-11 |
EP2115580A4 (en) | 2012-03-07 |
CN101553784A (zh) | 2009-10-07 |
TW200830184A (en) | 2008-07-16 |
BRPI0719800A2 (pt) | 2014-04-22 |
US7673109B2 (en) | 2010-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
MX2009004893A (es) | Compilacion de codigo ejecutable en un espacio de direccion menos confiable. | |
Woodruff et al. | The CHERI capability model: Revisiting RISC in an age of risk | |
Shi et al. | Virtual machine showdown: Stack versus registers | |
Sehr et al. | Adapting Software Fault Isolation to Contemporary {CPU} Architectures | |
Tullsen et al. | Storageless value prediction using prior register values | |
US9250937B1 (en) | Code randomization for just-in-time compilers | |
Rigger et al. | Bringing low-level languages to the JVM: Efficient execution of LLVM IR on Truffle | |
Levy et al. | Ownership is theft: Experiences building an embedded OS in Rust | |
Pai et al. | Fast and efficient automatic memory management for GPUs using compiler-assisted runtime coherence scheme | |
CN104823161B (zh) | 生成无运算符代码的编译器 | |
Azevedo et al. | Java annotation-aware just-in-time (ajit) complilation system | |
Zhao et al. | Dynamic memory optimization using pool allocation and prefetching | |
TW200620105A (en) | Microprocessor instruction using address index values to enable access of a virtual buffer in circular fashion | |
CA2453776A1 (en) | Compiler optimization | |
d'Antras et al. | Optimizing indirect branches in dynamic binary translators | |
Li et al. | Compiler-directed scratchpad memory management via graph coloring | |
Stepanian et al. | Inlining java native calls at runtime | |
Qian et al. | Comparison and analysis of the three programming models in google android | |
Yurichev | Reverse engineering for beginners | |
Venkat | Breaking the ISA Barrier in Modern Computing | |
Park et al. | Advanced ahead-of-time compilation for javascript engine: work-in-progress | |
Mingxing et al. | compiler-assisted value correlation for Indirect Branch Prediction | |
Yang et al. | Support OpenCL 2.0 Compiler on LLVM for PTX Simulators | |
Park et al. | Work-in-progress: advanced ahead-of-time compilation for javascript engine | |
Okabe et al. | Systems demonstration: Writing netbsd sound drivers in haskell |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FA | Abandonment or withdrawal |