会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Method for validating an untrusted native code module
    • 用于验证不可信的本地代码模块的方法
    • US09058483B2
    • 2015-06-16
    • US12117634
    • 2008-05-08
    • J. Bradley ChenMatthew T. HarrenMatthew PapakiposDavid C. SehrBennet S. Yee
    • J. Bradley ChenMatthew T. HarrenMatthew PapakiposDavid C. SehrBennet S. Yee
    • G06F21/00G06F21/51
    • G06F21/577G06F21/51
    • A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
    • 验证本地代码模块的系统。 在操作期间,系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块:(1)确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和(2)确定本地代码模块中的指令沿着字节边界排列,使得指定的字节边界集合总是包含有效指令,并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行,并拒绝验证失败的本机代码模块。 通过验证本地代码模块,系统便于在计算设备上的安全运行时环境中安全执行本地代码模块,从而为不受信任的程序二进制代码执行本机代码性能,而不会产生不必要的副作用。
    • 5. 发明申请
    • Machine-Specific Instruction Set Translation
    • 机器特定指令集翻译
    • US20150195376A1
    • 2015-07-09
    • US13751729
    • 2013-01-28
    • David C. SehrJ. Bradley ChenBennet S. YeeRobert MuthJan VoungDerek L. Schuff
    • David C. SehrJ. Bradley ChenBennet S. YeeRobert MuthJan VoungDerek L. Schuff
    • H04L29/06
    • H04L67/42H04L41/08H04L67/06
    • Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.
    • 为机器特定的指令集转换提供了方法,系统和计算机程序产品。 一个示例性方法包括识别计算设备,每个设备具有安装的相应的软件组件,所述软件组件包括用于将便携式格式的程序转换为特定于机器的指令集的翻译器组件,以及用于执行翻译为 使用基于软件的故障隔离的计算设备上的机器特定指令集; 识别具有给定硬件配置的计算设备; 以及将另一个翻译器组件和另一个沙盒组件传输到每个所识别的计算设备。 具有给定硬件配置的所识别的计算设备中的每一个被配置为接收组件并且配置其软件组件以使用所接收的组件来代替相应的组件。
    • 6. 发明授权
    • Computing device with untrusted user execution mode
    • 具有不可信用户执行模式的计算设备
    • US08850573B1
    • 2014-09-30
    • US12886960
    • 2010-09-21
    • J. Bradley ChenBennet S. YeeDavid C. Sehr
    • J. Bradley ChenBennet S. YeeDavid C. Sehr
    • H04L29/06G06F12/14G06F7/04G06F17/30H04N7/16G06F17/00G06F12/16G06F11/00G08B23/00
    • G06F21/126G06F9/30145G06F9/30189G06F12/1491G06F21/74G06F2221/2105G06F2221/2141G06F2221/2149
    • Methods and apparatus for executing untrusted application code are disclosed. An example apparatus includes an execution mode state indicator with a plurality of states. In the example apparatus, the execution mode state indicator is configured such that placing the execution mode state indicator in a first state causes the processor to operate in a first execution mode and placing the execution mode state indicator in a second state causes the processor to operate in a second execution mode. The example apparatus also includes an instruction processing module that is configured to implement a set of instructions in the first execution mode and designate one or more instructions of the set of instructions as illegal instructions in the second execution mode. The example apparatus further includes a memory system that, in the second execution mode, is configured to restrict access to a set of memory addresses accessible by the processor in the first execution mode to a subset of the set of memory addresses.
    • 公开了用于执行不可信应用代码的方法和装置。 示例性装置包括具有多个状态的执行模式状态指示符。 在示例性装置中,执行模式状态指示符被配置为使得将执行模式状态指示符置于第一状态使得处理器以第一执行模式操作并且将执行模式状态指示符置于第二状态使得处理器操作 在第二执行模式。 示例性装置还包括指令处理模块,其被配置为在第一执行模式中实现一组指令,并将指令集中的一个或多个指令指定为第二执行模式中的非法指令。 该示例设备还包括存储器系统,其在第二执行模式中被配置为限制对处理器在第一执行模式中可访问的一组存储器地址的访问到该组存储器地址的子集。
    • 9. 发明申请
    • METHOD FOR VALIDATING AN UNTRUSTED NATIVE CODE MODULE
    • 用于验证未被引用的本地代码模块的方法
    • US20090282477A1
    • 2009-11-12
    • US12117634
    • 2008-05-08
    • J. Bradley ChenMatthew T. HarrenMatthew PapakiposDavid C. SehrBennet S. Yee
    • J. Bradley ChenMatthew T. HarrenMatthew PapakiposDavid C. SehrBennet S. Yee
    • G06F21/22
    • G06F21/577G06F21/51
    • A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
    • 验证本地代码模块的系统。 在操作期间,系统接收由不可信的本地程序代码组成的本地代码模块。 该系统通过以下方式来验证本地代码模块:(1)确定本地代码模块中的代码不包括任何受限制的指令和/或不访问计算设备的受限特征; 和(2)确定本地代码模块中的指令沿着字节边界排列,使得指定的字节边界集合总是包含有效指令,并且控制流指令具有有效目标。 系统允许成功验证的本地代码模块执行,并拒绝验证失败的本机代码模块。 通过验证本地代码模块,系统便于在计算设备上的安全运行时环境中安全执行本地代码模块,从而为不受信任的程序二进制代码执行本机代码性能,而不会产生不必要的副作用。