User-level segmentation mechanism that facilitates safely executing untrusted native code
First Claim
Patent Images
1. A computing device that uses segmentation to safely execute native code, comprising:
- a processing element that executes the native code; and
a memory configured to store code and data for the processing element;
a segmentation mechanism within the processing element which limits the native code executing on the processing element to accessing a specified segment of memory;
an instruction-processing unit within the processing element, wherein the instruction-processing unit is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory;
a descriptor table in the memory that comprises memory segment descriptors that define one or more segments in the memory, wherein upon executing the user-level instruction, the instruction-processing unit accesses the descriptor table; and
a secure runtime environment that enforces code integrity, control flow integrity, and data integrity for native code executing on the processing element, wherein the secure runtime environment is configured to limit the ability of native code to access the user-level segmentation mechanism and to use the user-level segmentation mechanism to enforce control flow and data integrity for the native code module.
2 Assignments
0 Petitions
Accused Products
Abstract
A system that uses segmentation to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a segmentation mechanism which limits the native code executing on the processing element to accessing a specified segment of memory. The processing element also includes an instruction-processing unit, which is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory.
45 Citations
17 Claims
-
1. A computing device that uses segmentation to safely execute native code, comprising:
-
a processing element that executes the native code; and a memory configured to store code and data for the processing element; a segmentation mechanism within the processing element which limits the native code executing on the processing element to accessing a specified segment of memory; an instruction-processing unit within the processing element, wherein the instruction-processing unit is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory; a descriptor table in the memory that comprises memory segment descriptors that define one or more segments in the memory, wherein upon executing the user-level instruction, the instruction-processing unit accesses the descriptor table; and a secure runtime environment that enforces code integrity, control flow integrity, and data integrity for native code executing on the processing element, wherein the secure runtime environment is configured to limit the ability of native code to access the user-level segmentation mechanism and to use the user-level segmentation mechanism to enforce control flow and data integrity for the native code module. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for using segmentation to safely execute native code, comprising:
-
receiving native code to be executed on a processing element; executing a user-level instruction which configures a user-level segmentation mechanism in the processing element to limit the native code to accessing a specified memory segment, wherein executing the user-level instruction involves accessing a descriptor table in a memory that comprises memory segment descriptors that define one or more segments in the memory; and executing the received native code received on the processing element; wherein receiving the native code involves loading the native code into a secure runtime environment which enforces code integrity, control flow integrity, and data integrity for the native code, wherein the secure runtime environment limits the ability of the native code to access the user-level segmentation mechanism, and wherein executing the user-level instruction involves executing the user-level instruction through the secure runtime environment. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium storing instructions that when executed by a computing device cause the computing device to perform a method for using segmentation to safely execute native code, comprising:
-
receiving native code to be executed on a processing element; executing a user-level instruction which configures a user-level segmentation mechanism in the processing element to limit the native code to accessing a specified memory segment, wherein executing the user-level instruction involves accessing a descriptor table in a memory that comprises memory segment descriptors that define one or more segments in the memory; and executing the received native code received on the processing element; wherein receiving the native code involves loading the native code into a secure runtime environment which enforces code integrity, control flow integrity, and data integrity for the native code, wherein the secure runtime environment limits the ability of the native code to access the user-level segmentation mechanism, and wherein executing the user-level instruction involves executing the user-level instruction through the secure runtime environment. - View Dependent Claims (13, 14, 15, 16, 17)
wherein the processing element includes a status bit that indicates whether the user-level segmentation mechanism can be configured; and wherein the computer-readable storage medium further comprises checking the status bit, and if necessary unsetting the enable bit, to ensure that the native code module cannot configure the user-level segmentation mechanism.
-
-
15. The computer-readable storage medium of claim 12, wherein the method further comprises validating that the native code module does not include instructions which can configure the user-level segmentation mechanism.
-
16. The computer-readable storage medium of claim 12, wherein receiving the native code involves receiving the native code from a web browser which downloaded the native code from a remote website.
-
17. The computer-readable storage medium of claim 12, wherein the processing element includes a feature bit that indicates whether the processing element supports user-level memory segmentation.
Specification