| 发明名称 | Virtual environment having harvard architecture | ||
| 摘要 | Methods, systems, and apparatus, including computer programs encoded on computer storage media, relating to software execution. One of the methods includes executing, on a computer including a single memory for storing data and instructions, a virtual environment including a data memory and an instruction memory, the instruction memory configured to be unreadable by instructions stored in the instruction memory; receiving, at the virtual environment, a software module comprising multiple instructions; and performing validation of the software module including: identifying, in the software module one or more calls to the single memory; and verifying that the one or more calls to the single memory are in the data memory. | ||
| 申请公布号 | US9372704(B2) | 申请公布日期 | 2016.06.21 |
| 申请号 | US201314141906 | 申请日期 | 2013.12.27 |
| 申请人 | Google Inc. | 发明人 | Sehr David C.;Chen J. Bradley;Yee Bennet S. |
| 分类号 | G06F21/00;G06F9/455;G06F21/53 | 主分类号 | G06F21/00 |
| 代理机构 | Fish & Richardson P.C. | 代理人 | Fish & Richardson P.C. |
| 主权项 | 1. A method comprising: executing a virtual environment on a computer that provides a single type of memory for storing both data and instructions of software modules, wherein the virtual environment provides separate types of memory for storing data and instructions of software modules, the separate types of memory including: (i) a data memory in which the virtual environment prevents content stored in the data memory from being executed, and(ii) an instruction memory in which the virtual environment prevents content stored in the instruction memory from being read by instructions stored in the instruction memory; receiving, at the virtual environment, a first software module that includes a plurality of instructions; performing validation of the first software module, including: (i) identifying, in the first software module, one or more calls to the single type of memory of the computer, and(ii) verifying that the one or more calls to the single type of memory are calls to the data memory of the virtual environment, including replacing at least one of the one or more calls to the single type of memory with at least one call to the data memory of the virtual environment to prevent a return-oriented programming attack; loading the first software module into the instruction memory in response to validating the first software module; and running the first software module in the virtual environment. | ||
| 地址 | Mountain View CA US | ||