Executing native-code applications in a browser
First Claim
1. A method comprising:
- sending a request to execute an application comprising native code from a computing device;
responsive at least in part to the sending of the request, receiving the native code of the application at the computing device;
assigning, by a monitor process, a portion of memory of the computing device to the application comprising the native code, the portion of the memory being enforced by hardware of the computing device;
making an operating system (OS)-specific kernel call that revokes an ability of the application to communicate kernel calls to an OS by causing an OS kernel to transfer control of intercepting kernel calls to the monitor process;
executing the native code of the application within the portion of the memory being enforced by the hardware;
within the portion of the memory being enforced by the hardware, translating OS-independent calls from the executing application to OS-specific calls based on a table of function pointers and calling conventions for corresponding functions; and
monitoring, by the monitor process, calls made by the application for system services outside of the portion of the memory being enforced by the hardware to determine whether the respective calls are permissible.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.
241 Citations
19 Claims
-
1. A method comprising:
-
sending a request to execute an application comprising native code from a computing device; responsive at least in part to the sending of the request, receiving the native code of the application at the computing device; assigning, by a monitor process, a portion of memory of the computing device to the application comprising the native code, the portion of the memory being enforced by hardware of the computing device; making an operating system (OS)-specific kernel call that revokes an ability of the application to communicate kernel calls to an OS by causing an OS kernel to transfer control of intercepting kernel calls to the monitor process; executing the native code of the application within the portion of the memory being enforced by the hardware; within the portion of the memory being enforced by the hardware, translating OS-independent calls from the executing application to OS-specific calls based on a table of function pointers and calling conventions for corresponding functions; and monitoring, by the monitor process, calls made by the application for system services outside of the portion of the memory being enforced by the hardware to determine whether the respective calls are permissible. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage hardware devices storing computer-executable instructions that, when executed on one or more processors, cause the one or more processors to perform acts comprising:
-
sending a request to execute an application comprising native code from a computing device; responsive at least in part to the sending of the request, receiving the native code of the application at the computing device; assigning, by a monitor process, a portion of memory of the computing device to the application comprising the native code, the portion of the memory being enforced by hardware of the computing device; making an operating system (OS)-specific kernel call that revokes an ability of the application to communicate kernel calls to an OS by causing an OS kernel to transfer control of intercepting kernel calls to the monitor process; executing the native code of the application within the portion of the memory being enforced by the hardware; within the portion of the memory being enforced by the hardware, translating OS-independent calls from the executing application to OS-specific calls based on a table of function pointers and calling conventions for corresponding functions; and monitoring, by the monitor process, calls made by the application for system services outside of the portion of the memory being enforced by the hardware to determine whether the respective calls are permissible. - View Dependent Claims (9, 10, 11)
-
-
12. A system comprising:
-
one or more processors; and one or more computer-readable hardware devices storing computer-executable instructions that, when executed on one or more processors, cause the one or more processors to perform acts comprising; sending a request to execute an application comprising native code from a computing device; responsive at least in part to the sending of the request, receiving the native code of the application at the computing device; assigning, by a monitor process, a portion of memory of the computing device to the application comprising the native code, the portion of the memory being enforced by hardware of the computing device; making an operating system (OS)-specific kernel call that revokes an ability of the application to make kernel calls to an OS by causing an OS kernel to transfer control of intercepting kernel calls to the monitor process; executing the native code of the application within the portion of the memory being enforced by the hardware; within the portion of the memory being enforced by the hardware, translating OS-independent calls from the executing application to OS-specific calls based on a table of function pointers and calling conventions for corresponding functions; and monitoring, by the monitor process, calls made by the application for system services outside of the portion of the memory being enforced by the hardware to determine whether the respective calls are permissible. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification