MX2009004893A - Compilacion de codigo ejecutable en un espacio de direccion menos confiable. - Google Patents

Compilacion de codigo ejecutable en un espacio de direccion menos confiable.

Info

Publication number
MX2009004893A
MX2009004893A MX2009004893A MX2009004893A MX2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A MX 2009004893 A MX2009004893 A MX 2009004893A
Authority
MX
Mexico
Prior art keywords
address space
code
application program
jit compiler
operating
Prior art date
Application number
MX2009004893A
Other languages
English (en)
Inventor
David Charles Wrighton
Robert Sadao Unoki
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of MX2009004893A publication Critical patent/MX2009004893A/es

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/54Link editing before load time
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45516Runtime code conversion or optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis
    • G06F8/436Semantic checking
    • G06F8/437Type checking

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Devices For Executing Special Programs (AREA)
  • Storage Device Security (AREA)

Abstract

Programas de aplicación inseguros que implementan código manejado pueden ejecutarse en una forma segura. En particular, un sistema operativo puede ser configurado para ejecutar un programa de aplicación en modo de usuario, pero controlar compilación de código manejado a través de un compilador de tipo JIT seguro que opera en modo de núcleo. El sistema operativo también puede designar una ubicación de memoria individual para accederse a través de múltiples espacios de dirección con diferentes grupos de permiso. Un programa de aplicación que opera en modo de usuario puede ser ejecutado en el espacio de dirección de lectura/ejecución, mientras el compilador JIT opera en un espacio de dirección de lectura/escritura. Cuando encuentra uno o más indicadores a código de lenguaje intermedio, el tiempo de funcionamiento de aplicación puede enviar una o más solicitudes de compilación a un componente de seguridad de modo de núcleo, que valida las solicitudes. Si se validan, el compilador JIT compilará el código de lenguaje intermedio solicitado, y el programa de aplicación puede acceder al código compilado desde un montículo de memoria compartida.
MX2009004893A 2006-11-28 2007-11-27 Compilacion de codigo ejecutable en un espacio de direccion menos confiable. MX2009004893A (es)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/564,249 US20080127142A1 (en) 2006-11-28 2006-11-28 Compiling executable code into a less-trusted address space
PCT/US2007/085664 WO2008067329A1 (en) 2006-11-28 2007-11-27 Compiling executable code into a less-trusted address space

Publications (1)

Publication Number Publication Date
MX2009004893A true MX2009004893A (es) 2009-05-19

Family

ID=39469533

Family Applications (1)

Application Number Title Priority Date Filing Date
MX2009004893A MX2009004893A (es) 2006-11-28 2007-11-27 Compilacion de codigo ejecutable en un espacio de direccion menos confiable.

Country Status (13)

Country Link
US (2) US20080127142A1 (es)
EP (1) EP2115580A4 (es)
JP (1) JP2010511227A (es)
KR (1) KR20090093967A (es)
CN (1) CN101553784A (es)
AU (1) AU2007325237B2 (es)
BR (1) BRPI0719800A2 (es)
CA (1) CA2665027A1 (es)
IL (1) IL198058A0 (es)
MX (1) MX2009004893A (es)
RU (1) RU2439665C2 (es)
TW (1) TW200830184A (es)
WO (1) WO2008067329A1 (es)

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080127142A1 (en) * 2006-11-28 2008-05-29 Microsoft Corporation Compiling executable code into a less-trusted address space
US8281293B2 (en) * 2007-07-24 2012-10-02 International Business Machines Corporation Copy-on-write optimization of immutable objects for objects oriented languages
US8296730B2 (en) * 2008-03-12 2012-10-23 Microsoft Corporation Using extension methods to extend COM objects
US20090319991A1 (en) * 2008-06-20 2009-12-24 Microsoft Corporation Managed code type equivalence
US20100058016A1 (en) * 2008-08-26 2010-03-04 Jari Nikara Method, apparatus and software product for multi-channel memory sandbox
US8180986B2 (en) * 2008-09-17 2012-05-15 Microsoft Corporation Memory conflict detection via mapping of the physical heap to control access permissions to the memory
US8190636B2 (en) * 2008-09-30 2012-05-29 Nokia Corporation Method, apparatus and computer program product for providing object privilege modification
US8276111B2 (en) * 2008-12-19 2012-09-25 Microsoft Corporation Providing access to a dataset in a type-safe manner
US20100199357A1 (en) * 2009-02-02 2010-08-05 Microsoft Corporation Secure hosting for untrusted code
US9117071B2 (en) * 2009-06-03 2015-08-25 Apple Inc. Methods and apparatuses for secure compilation
US8677329B2 (en) 2009-06-03 2014-03-18 Apple Inc. Methods and apparatuses for a compiler server
US8850573B1 (en) * 2010-04-14 2014-09-30 Google Inc. Computing device with untrusted user execution mode
US8495750B2 (en) 2010-08-31 2013-07-23 International Business Machines Corporation Filesystem management and security system
US9147085B2 (en) * 2010-09-24 2015-09-29 Blackberry Limited Method for establishing a plurality of modes of operation on a mobile device
KR20120031756A (ko) 2010-09-27 2012-04-04 삼성전자주식회사 Cpu와 gpu를 사용하는 이종 시스템에서 가상화를 이용한 어플리케이션 컴파일 및 실행 방법 및 장치
US20120159193A1 (en) * 2010-12-18 2012-06-21 Microsoft Corporation Security through opcode randomization
US8646050B2 (en) * 2011-01-18 2014-02-04 Apple Inc. System and method for supporting JIT in a secure system with randomly allocated memory ranges
AU2013202876B2 (en) * 2011-01-18 2016-07-07 Apple Inc. System and method for supporting JIT in a secure system with randomly allocated memory ranges
WO2012103359A2 (en) 2011-01-27 2012-08-02 Soft Machines, Inc. Hardware acceleration components for translating guest instructions to native instructions
EP2668565B1 (en) * 2011-01-27 2019-11-06 Intel Corporation Guest instruction to native instruction range based mapping using a conversion look aside buffer of a processor
KR101895453B1 (ko) 2011-11-09 2018-10-25 삼성전자주식회사 이기종 컴퓨팅 환경에서 보안 강화 방법 및 장치
US9128732B2 (en) * 2012-02-03 2015-09-08 Apple Inc. Selective randomization for non-deterministically compiled code
US9626507B2 (en) * 2012-04-06 2017-04-18 Google Inc. Hosted application sandboxing
CN103377120B (zh) * 2012-04-24 2017-06-30 财付通支付科技有限公司 一种应用程序测试方法及装置
BR112015010016A2 (pt) 2012-11-07 2017-07-11 Koninklijke Philips Nv compilador, computador, método de compilação e programa de computador
US10180824B2 (en) 2012-12-21 2019-01-15 Koninklijke Philips N.V. Computing device comprising a table network
JP6129702B2 (ja) * 2013-09-24 2017-05-17 株式会社東芝 情報処理装置、情報処理システム、プログラム
US9336413B2 (en) * 2013-11-22 2016-05-10 Oracle International Corporation Method and system for fast permission changes for virtual addresses
US10691618B2 (en) * 2013-12-17 2020-06-23 Intel Corporation Secure enclaves for use by kernel mode applications
US10311227B2 (en) * 2014-09-30 2019-06-04 Apple Inc. Obfuscation of an address space layout randomization mapping in a data processing system
US10311228B2 (en) 2014-09-30 2019-06-04 Apple Inc. Using a fine-grained address space layout randomization to mitigate potential security exploits
US9930050B2 (en) * 2015-04-01 2018-03-27 Hand Held Products, Inc. Device management proxy for secure devices
JP6589505B2 (ja) * 2015-09-24 2019-10-16 ヤマハ株式会社 ルータ
FR3047587B1 (fr) * 2016-02-10 2023-01-13 Dolphin Integration Sa Dispositif de traitement muni d'un mode d'acces a des donnees sensibles.
US10303885B2 (en) 2016-03-02 2019-05-28 Apple Inc. Methods and systems for securely executing untrusted software
US10795989B2 (en) * 2017-03-05 2020-10-06 Fortinet, Inc. Secure just-in-time (JIT) code generation
US10572275B2 (en) * 2017-06-15 2020-02-25 Microsoft Technology Licensing, Llc Compatible dictionary layout
US10579520B2 (en) 2017-11-30 2020-03-03 Webroot Inc. Multi-ring shared, traversable, and dynamic advanced database
US10846211B2 (en) * 2018-03-21 2020-11-24 Microsoft Technology Licensing, Llc Testing kernel mode computer code by executing the computer code in user mode
US10983926B2 (en) 2018-08-29 2021-04-20 Red Hat, Inc. Efficient userspace driver isolation for virtual machines
US10754796B2 (en) 2018-08-29 2020-08-25 Red Hat, Inc. Efficient user space driver isolation by CPU page table switching
US11029968B1 (en) * 2019-07-31 2021-06-08 Facebook Technologies, Llc Operating system with a single kernel stack per processor
CN113268349B (zh) * 2021-06-04 2022-02-18 科东(广州)软件科技有限公司 一种计算机内存管理方法、装置、设备及存储介质
US11816203B2 (en) * 2021-11-23 2023-11-14 Malwarebytes Inc. Stack execution detection in a sandbox environment
CN115842927B (zh) * 2023-02-24 2023-06-06 湖北芯擎科技有限公司 一种视频流的安全显示方法、装置和电子设备

Family Cites Families (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4926476A (en) * 1989-02-03 1990-05-15 Motorola, Inc. Method and apparatus for secure execution of untrusted software
US5761477A (en) * 1995-12-04 1998-06-02 Microsoft Corporation Methods for safe and efficient implementations of virtual machines
US6151703A (en) * 1996-05-20 2000-11-21 Inprise Corporation Development system with methods for just-in-time compilation of programs
US6092147A (en) * 1997-04-15 2000-07-18 Sun Microsystems, Inc. Virtual machine with securely distributed bytecode verification
US6275938B1 (en) * 1997-08-28 2001-08-14 Microsoft Corporation Security enhancement for untrusted executable code
US6081665A (en) * 1997-12-19 2000-06-27 Newmonics Inc. Method for efficient soft real-time execution of portable byte code computer programs
US6505300B2 (en) * 1998-06-12 2003-01-07 Microsoft Corporation Method and system for secure running of untrusted content
US6412053B2 (en) * 1998-08-26 2002-06-25 Compaq Computer Corporation System method and apparatus for providing linearly scalable dynamic memory management in a multiprocessing system
US7409694B2 (en) * 1998-09-09 2008-08-05 Microsoft Corporation Highly componentized system architecture with loadable virtual memory manager
US6651171B1 (en) * 1999-04-06 2003-11-18 Microsoft Corporation Secure execution of program code
US6775779B1 (en) * 1999-04-06 2004-08-10 Microsoft Corporation Hierarchical trusted code for content protection in computers
US6622300B1 (en) * 1999-04-21 2003-09-16 Hewlett-Packard Development Company, L.P. Dynamic optimization of computer programs using code-rewriting kernal module
US6560774B1 (en) * 1999-09-01 2003-05-06 Microsoft Corporation Verifier to check intermediate language
US7111307B1 (en) * 1999-11-23 2006-09-19 Microsoft Corporation Method and system for monitoring and verifying software drivers using system resources including memory allocation and access
US6883098B1 (en) * 2000-09-20 2005-04-19 International Business Machines Corporation Method and computer system for controlling access by applications to this and other computer systems
US6978018B2 (en) * 2001-09-28 2005-12-20 Intel Corporation Technique to support co-location and certification of executable content from a pre-boot space into an operating system runtime environment
JP4522705B2 (ja) * 2001-12-13 2010-08-11 独立行政法人科学技術振興機構 ソフトウェア安全実行システム
US7346901B2 (en) * 2001-12-18 2008-03-18 Microsoft Corporation Efficient generic code in a dynamic execution environment
US7234144B2 (en) * 2002-01-04 2007-06-19 Microsoft Corporation Methods and system for managing computational resources of a coprocessor in a computing system
US6952722B1 (en) * 2002-01-22 2005-10-04 Cisco Technology, Inc. Method and system using peer mapping system call to map changes in shared memory to all users of the shared memory
US7124445B2 (en) 2002-06-21 2006-10-17 Pace Anti-Piracy, Inc. Protecting software from unauthorized use by converting source code modules to byte codes
US7296154B2 (en) * 2002-06-24 2007-11-13 Microsoft Corporation Secure media path methods, systems, and architectures
US20040025009A1 (en) * 2002-07-31 2004-02-05 Camber August A. Method and apparatus for acceleration of multimedia content
US7216341B2 (en) * 2003-05-09 2007-05-08 Microsoft Corporation Instrumenting software for enhanced diagnosability
US7219329B2 (en) * 2003-06-13 2007-05-15 Microsoft Corporation Systems and methods providing lightweight runtime code generation
DE10335989B4 (de) * 2003-08-01 2019-07-11 Kw-Software Gmbh Online-Änderungen von CIL-Code-Programmen für die Industrieautomatisierung
US7549145B2 (en) * 2003-09-25 2009-06-16 International Business Machines Corporation Processor dedicated code handling in a multi-processor environment
US7162626B2 (en) * 2003-09-25 2007-01-09 Intel Corporation Use of common language infrastructure for sharing drivers and executable content across execution environments
JP4652680B2 (ja) * 2003-12-22 2011-03-16 パナソニック株式会社 コンパイル方法および装置、ならびにコンパイラ
US7647629B2 (en) 2004-02-03 2010-01-12 Microsoft Corporation Hosted code runtime protection
US7743423B2 (en) * 2004-02-03 2010-06-22 Microsoft Corporation Security requirement determination
JP2007233426A (ja) * 2004-04-05 2007-09-13 Matsushita Electric Ind Co Ltd アプリケーション実行装置
US8607299B2 (en) * 2004-04-27 2013-12-10 Microsoft Corporation Method and system for enforcing a security policy via a security virtual machine
US7380276B2 (en) * 2004-05-20 2008-05-27 Intel Corporation Processor extensions and software verification to support type-safe language environments running with untrusted code
JP2006048186A (ja) * 2004-08-02 2006-02-16 Hitachi Ltd 動的コンパイラの生成コードを保護する言語処理系
US7665077B2 (en) * 2004-10-18 2010-02-16 Microsoft Corporation System and method for sharing objects between applications in a virtual runtime environment
DE102004057490B4 (de) 2004-11-29 2007-02-22 Infineon Technologies Ag Vorrichtung und Verfahren zum Verarbeiten eines Programmcodes
US7587724B2 (en) * 2005-07-13 2009-09-08 Symantec Corporation Kernel validation layer
JP4519738B2 (ja) * 2005-08-26 2010-08-04 株式会社東芝 メモリアクセス制御装置
US8769672B2 (en) * 2006-08-03 2014-07-01 Symantec Corporation Code injection prevention
US20080127142A1 (en) * 2006-11-28 2008-05-29 Microsoft Corporation Compiling executable code into a less-trusted address space

Also Published As

Publication number Publication date
AU2007325237B2 (en) 2011-10-27
RU2009120207A (ru) 2010-12-10
US20080126740A1 (en) 2008-05-29
CA2665027A1 (en) 2008-06-05
KR20090093967A (ko) 2009-09-02
AU2007325237A1 (en) 2008-06-05
US20080127142A1 (en) 2008-05-29
RU2439665C2 (ru) 2012-01-10
JP2010511227A (ja) 2010-04-08
WO2008067329A1 (en) 2008-06-05
IL198058A0 (en) 2009-12-24
EP2115580A1 (en) 2009-11-11
EP2115580A4 (en) 2012-03-07
CN101553784A (zh) 2009-10-07
TW200830184A (en) 2008-07-16
BRPI0719800A2 (pt) 2014-04-22
US7673109B2 (en) 2010-03-02

Similar Documents

Publication Publication Date Title
MX2009004893A (es) Compilacion de codigo ejecutable en un espacio de direccion menos confiable.
Woodruff et al. The CHERI capability model: Revisiting RISC in an age of risk
Shi et al. Virtual machine showdown: Stack versus registers
Sehr et al. Adapting Software Fault Isolation to Contemporary {CPU} Architectures
Tullsen et al. Storageless value prediction using prior register values
US9250937B1 (en) Code randomization for just-in-time compilers
Rigger et al. Bringing low-level languages to the JVM: Efficient execution of LLVM IR on Truffle
Levy et al. Ownership is theft: Experiences building an embedded OS in Rust
Pai et al. Fast and efficient automatic memory management for GPUs using compiler-assisted runtime coherence scheme
CN104823161B (zh) 生成无运算符代码的编译器
Azevedo et al. Java annotation-aware just-in-time (ajit) complilation system
Zhao et al. Dynamic memory optimization using pool allocation and prefetching
TW200620105A (en) Microprocessor instruction using address index values to enable access of a virtual buffer in circular fashion
CA2453776A1 (en) Compiler optimization
d'Antras et al. Optimizing indirect branches in dynamic binary translators
Li et al. Compiler-directed scratchpad memory management via graph coloring
Stepanian et al. Inlining java native calls at runtime
Qian et al. Comparison and analysis of the three programming models in google android
Yurichev Reverse engineering for beginners
Venkat Breaking the ISA Barrier in Modern Computing
Park et al. Advanced ahead-of-time compilation for javascript engine: work-in-progress
Mingxing et al. compiler-assisted value correlation for Indirect Branch Prediction
Yang et al. Support OpenCL 2.0 Compiler on LLVM for PTX Simulators
Park et al. Work-in-progress: advanced ahead-of-time compilation for javascript engine
Okabe et al. Systems demonstration: Writing netbsd sound drivers in haskell

Legal Events

Date Code Title Description
FA Abandonment or withdrawal