TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT

Organization Name

Intel Corporation

Inventor(s)

Mingwei Zhang of Hillsboro OR (US)

Mingqiu Sun of Beaverton OR (US)

Ravi L. Sahita of Portland OR (US)

Chunhui Zhang of Hillsboro OR (US)

Xiaoning Li of Portland OR (US)

TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT - A simplified explanation of the abstract

This abstract first appeared for US patent application 18526279 titled 'TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT

Simplified Explanation

The patent application describes technologies for untrusted code execution using a computing device with sandbox support. The device executes code in a native domain in a non-privileged, native processor mode. It can switch to a sandbox domain using a sandbox jump instruction, where code is executed in a non-privileged, sandbox processor mode. The processor restricts access to memory outside the sandbox domain and may block prohibited instructions. A sandbox exit instruction allows the device to return to the native domain. The device can configure the sandbox domain using processor instructions.

• Computing device with sandbox support for untrusted code execution
• Execution of code in native and sandbox domains in different processor modes
• Restriction of memory access and prohibited instructions in sandbox mode
• Ability to switch between native and sandbox domains
• Configuration of sandbox domain using processor instructions

Potential Applications

The technology can be applied in secure software development, online content filtering, and malware analysis.

Problems Solved

1. Mitigating security risks associated with executing untrusted code 2. Preventing unauthorized access to system resources

Benefits

1. Enhanced security for executing untrusted code 2. Improved isolation of code execution environments

Potential Commercial Applications

Secure software development tools, cloud computing platforms, and cybersecurity solutions can benefit from this technology.

Possible Prior Art

One possible prior art is the use of virtual machines to isolate code execution environments, but the described technology offers a more lightweight and efficient solution for untrusted code execution.

Unanswered Questions

How does this technology compare to traditional sandboxing techniques?

The article does not provide a direct comparison with traditional sandboxing techniques in terms of performance, resource utilization, or security effectiveness.

What are the potential limitations of this technology in real-world applications?

The article does not address potential limitations such as compatibility issues with existing software, overhead introduced by sandboxing, or vulnerabilities that may arise from misconfigurations.

Original Abstract Submitted

Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.