Processor extensions and software verification to support type-safe language environments running with untrusted code

Assignee

• Intel Corporation · US

Inventors

• Bratin Saha · San Jose, US
• Weldon Washburn · San Jose, US
• James P. Held · Portland, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/53
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Processor extensions and software verification to support type-safe language environments running with untrusted code. Code and data spaces are partitioned into trusted and untrusted regions. Type-safe code is loaded into the trusted region of the code space, while non-type-safe code is loaded into the untrusted region of the code space. The trusted region of the data space is allocated to the type-safe code. The untrusted region of the data space is allocated to the non-type-safe code. Hardware-based truth tables are employed for defining allowable and disallowable code sequences and memory access operations. For code sequences, allowable operations are based on the location (i.e., region) of a code sequence including a current instruction and a prior instruction. For memory access, the location of the requesting instruction and data requested are considered. Disallowed code sequence or memory access operations cause the processor to generate a safe access protection trap. In response to the safe access protection trap, a software-based dynamic verifier applies a security policy to determine whether to allow the operation to proceed.