Dynamic code insertion and removal for static analysis based sandboxes
US8464349B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 27, 2010 |
| Grant date | Jun 11, 2013 |
| Priority date | — |
| Expiry date | Aug 5, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F9/445
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Methods and apparatus for dynamically adding and deleting new code to previously validated application executing in a secured runtime. New code is written to a portion of secured memory not executable by application. New code is validated to ensure it cannot directly call operating system, address memory outside of secured memory, or modify secured memory state. Indirect branch instructions may only target addresses aligned on fixed size boundaries within the secured memory. Validated code is copied to portion of secured memory executable by application in two stage process that ensures partially copied segments cannot be executed. Validated new code can be deleted once all threads reach safe execution point, provided code was previously inserted as unit or contains no internal targets that can be called by code not also being deleted.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.