GENERATING SECURITY VALIDATION CODE AUTOMATICALLY

US 20080127303A1
Filed: 11/28/2006
Published: 05/29/2008
Est. Priority Date: 11/28/2006
Status: Active Grant

First Claim

Patent Images

1. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a method of automatically generating program code, which, when compiled and executed, performs one or more security validation checks of one or more low-trust component requests that are to be handled by one or more kernel mode components, comprising the steps for:

receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components;

automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security program code generator is configured to automatically generate program code used to perform one or more validation checks of components operating in user mode. In one implementation, for example, the program code generator receives one or more files that include declarative values and parameters regarding one or more function calls made by any user mode component. The program code generator then takes the file of declarative call descriptions and automatically generates a user mode stub and a kernel mode stub for each function call of interest to be handled by a kernel mode component. The file(s) that include the user mode stub and the kernel mode stub can then be compiled and linked into the operating system components.

Citations

19 Claims

1. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a method of automatically generating program code, which, when compiled and executed, performs one or more security validation checks of one or more low-trust component requests that are to be handled by one or more kernel mode components, comprising the steps for:
- receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components;
  
  automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, wherein the file further comprises one or more declarative type descriptions that correspond to one or more parameters of each of the one or more declarative call descriptions.
  - 3. The method as recited in claim 1, further comprising passing the one or more sets of program code to a compiler, wherein the compiler creates binary code representing the set of security validation functions.
  - 4. The method as recited in claim 1, wherein the one or more sets of program code are generated in a C or C# programming language, and wherein the compiler is a corresponding C or C# compiler.
  - 5. The method as recited in claim 1, wherein the one or more declarative call descriptions include a reference to one or more parameters to be passed by a low-trust component when making the one or more requests.
  - 6. The method as recited in claim 1, wherein the one or more sets of program code include program code for a kernel mode stub and a user mode stub.
  - 7. The method as recited in claim 6, wherein the kernel mode stub is linked to the one or more high-trust components, and the user mode stub is linked to the one or more low-trust components.
  - 8. The method as recited in claim 7, wherein the user mode stub is configured to transform one or more parameters of the one or more requests so that the one or more parameters can be read and validated by the kernel mode stub.
  - 9. The method as recited in claim 7, wherein the kernel mode stub is configured to determine, upon receiving the one or more requests from the user mode stub, if the operating system is in an appropriate state to handle the one or more requests.
  - 10. The method as recited in claim 9, wherein the kernel mode stub is further configured to allocate one or more memory buffers corresponding to any of one or more parameters received from the user mode stub.
  - 11. The method as recited in claim 10, wherein the kernel mode stub is further configured to copy one or more memory buffers allocated in user mode into the one or more memory buffers allocated by the kernel mode stub.
  - 12. The method as recited in claim 11, wherein the kernel mode stub is further configured to validate each of the one or more parameters received from the user mode stub.
  - 13. The method as recited in claim 12, wherein the kernel mode stub is further configured to perform the steps for:
    - performing after-call logic;
      
      copying data in the one or more kernel mode memory buffers into the one or more memory buffers allocated in user mode; and
      
      freeing the one or more kernel mode memory buffers.

14. In a computerized environment in which one or more functions are designated as needing to be handled by one or more high-trust components, a method of automatically generating one or more security validation checks to be used by a high-trust component of an operating system in response to one or more requests from a low-trust component, comprising the acts of:
- generating one or more program code instructions to be compiled into one or more operating system components, including at least one of a kernel mode component and a user mode component;
  
  identifying one or more function calls to be handled by a kernel mode component, wherein the one or more function calls are requested by a user mode component;
  
  preparing one or more security input files, the one or more security input files including one or more declarative call descriptions for each of the one or more function calls;
  
  passing the one or more security input files to a security validation code generator, wherein one or more security output files are created; and
  
  compiling the one or more security output files.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method as recited in claim 14, wherein the one or more security output files include program code corresponding to a user mode stub and a kernel mode stub for each of the one or more function calls made.
  - 16. The method as recited in claim 15, further comprising an act of linking the compiled data of the one or more security output files to the one or more operating system component.
  - 17. The method as recited in claim 14, wherein the one or more security input files further include one or more declarative type descriptions.
  - 18. The method as recited in claim 17, wherein the security validation code generator performs the act of matching each parameter of at least one of the one or more declarative call descriptions to at least one of the one or more declarative type descriptions.

19. At a security validation code generator in a computerized environment having an operating system with one or more low-trust components and one or more high-trust components, a computer program storage product having computer-executable instructions stored thereon that, when executed, cause one or more processors to perform a method comprising:
- receiving a file comprising one or more declarative call descriptions of corresponding one or more function calls to be handled by one or more high-trust components in response to one or more requests from one or more low-trust components;
  
  automatically generating one or more sets of program code for each of the one or more declarative call descriptions, wherein the one or more sets of program code describe one or more security validation checks to be performed on the one or more requests before passing the one or more requests from a low-trust component to a high-trust component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Unoki, Robert Sadao, Wrighton, David Charles

Granted Patent

US 8,479,283 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 8/315   Object-oriented languages

GENERATING SECURITY VALIDATION CODE AUTOMATICALLY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

GENERATING SECURITY VALIDATION CODE AUTOMATICALLY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links