Native code module security for 64-bit instruction set architectures

摘要

Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that maintain control flow integrity for the native code module and constrain store instructions in the native code module by bounding a valid memory region of the native code module with one or more guard regions.

主权项

1. A method comprising:
receiving, by a computing device, a native code module, wherein the computing device includes a processor implementing an instruction set architecture that has a particular addressing mode that derives store addresses from (i) respective values of a stack pointer of the processor or a base pointer of the processor, (ii) a 32-bit displacement, and (iii) a scaled 32-bit index, and wherein the native code module includes one or more store instructions that each use the particular addressing mode to compute respective store addresses; loading, by the computing device, the native code module into a memory of the computing device, including loading the native code module in a valid memory region for the native code module; executing the native code module in a secure runtime environment in the computing device, including:
bounding the valid memory region with one or more guard regions;enforcing storage of valid data addresses in a stack pointer and a base pointer;masking the scaled 32-bit index; andafter masking the scaled 32-bit index, executing the one or more store instructions without performing any additional masking operations on the stack pointer, the base pointer or the scaled 32-bit index.