18526279. TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT simplified abstract (Intel Corporation)
Contents
- 1 TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT
Organization Name
Inventor(s)
Mingwei Zhang of Hillsboro OR (US)
Mingqiu Sun of Beaverton OR (US)
Ravi L. Sahita of Portland OR (US)
Chunhui Zhang of Hillsboro OR (US)
Xiaoning Li of Portland OR (US)
TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT - A simplified explanation of the abstract
This abstract first appeared for US patent application 18526279 titled 'TECHNOLOGIES FOR UNTRUSTED CODE EXECUTION WITH PROCESSOR SANDBOX SUPPORT
Simplified Explanation
The patent application describes technologies for untrusted code execution using a computing device with sandbox support. The device executes code in a native domain in a non-privileged, native processor mode. It can switch to a sandbox domain using a sandbox jump instruction, where code is executed in a non-privileged, sandbox processor mode. The processor restricts access to memory outside the sandbox domain and may block prohibited instructions. A sandbox exit instruction allows the device to return to the native domain. The device can configure the sandbox domain using processor instructions.
- Computing device with sandbox support for untrusted code execution
- Execution of code in native and sandbox domains in different processor modes
- Restriction of memory access and prohibited instructions in sandbox mode
- Ability to switch between native and sandbox domains
- Configuration of sandbox domain using processor instructions
Potential Applications
The technology can be applied in secure software development, online content filtering, and malware analysis.
Problems Solved
1. Mitigating security risks associated with executing untrusted code 2. Preventing unauthorized access to system resources
Benefits
1. Enhanced security for executing untrusted code 2. Improved isolation of code execution environments
Potential Commercial Applications
Secure software development tools, cloud computing platforms, and cybersecurity solutions can benefit from this technology.
Possible Prior Art
One possible prior art is the use of virtual machines to isolate code execution environments, but the described technology offers a more lightweight and efficient solution for untrusted code execution.
Unanswered Questions
How does this technology compare to traditional sandboxing techniques?
The article does not provide a direct comparison with traditional sandboxing techniques in terms of performance, resource utilization, or security effectiveness.
What are the potential limitations of this technology in real-world applications?
The article does not address potential limitations such as compatibility issues with existing software, overhead introduced by sandboxing, or vulnerabilities that may arise from misconfigurations.
Original Abstract Submitted
Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.