Patent application number | Description | Published |
20090282474 | METHOD FOR SAFELY EXECUTING AN UNTRUSTED NATIVE CODE MODULE ON A COMPUTING DEVICE - A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control-flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects. | 11-12-2009 |
20090282477 | METHOD FOR VALIDATING AN UNTRUSTED NATIVE CODE MODULE - A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects. | 11-12-2009 |
20100013842 | WEB-BASED GRAPHICS RENDERING SYSTEM - Some embodiments of the present invention provide a system that renders graphics in a computing system that includes a plugin associated with a web browser in the computing system and a web application configured to execute in the web browser. During operation, the web application specifies a graphics model and provides the graphics model to the plugin. Next, the plugin generates a graphics-processing unit (GPU) command stream from the graphics model. Finally, the plugin sends the GPU command stream to a GPU of the computing system, which renders an image corresponding to the graphics model. | 01-21-2010 |
20100017461 | METHOD AND SYSTEM FOR EXECUTING APPLICATIONS USING NATIVE CODE MODULES - Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application. | 01-21-2010 |
20100118038 | HARDWARE-ACCELERATED GRAPHICS FOR WEB APPLICATIONS USING NATIVE CODE MODULES - Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system writes a set of rendering commands to a command buffer using the native code module and concurrently reads the rendering commands from the command buffer. Finally, the system renders an image for use by the web application by executing the rendering commands using a graphics-processing unit (GPU). | 05-13-2010 |
20100121893 | FILESYSTEM ACCESS FOR WEB APPLICATIONS AND NATIVE CODE MODULES - One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. | 05-13-2010 |
20100122271 | SAFE BROWSER PLUGINS USING NATIVE CODE MODULES - Some embodiments provide a system that executes a plugin for a web browser. During operation, the system obtains the plugin as a native code module and executes the native code module in a secure runtime environment. Next, the system enables communication between the native code module and the web browser by providing an interface bridge between the native code module and the web browser. | 05-13-2010 |
20110087870 | COMPUTING DEVICE WITH DEVELOPER MODE - Methods and apparatus for implementing modes of operation of computing device are disclosed. An example apparatus includes a mode-selection input device having a first state and a second state. The example apparatus also includes firmware operably coupled with the mode-selection input device. In the example apparatus, when the mode-selection input device is in the first state, the firmware is configured to cause the computing device to operate in a first mode of operation, a user mode. In the example apparatus, when the mode-selection input device is in the second state, the firmware is configured to cause the computing device to operate in second mode of operation, a developer mode. | 04-14-2011 |
20130033508 | Hardware-Accelerated Graphics for Web Applications Using Native Code Modules - Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system writes a set of rendering commands to a command buffer using the native code module and concurrently reads the rendering commands from the command buffer. Finally, the system renders an image for use by the web application by executing the rendering commands using a graphics-processing unit (GPU). | 02-07-2013 |
20130120418 | Web-Based Graphics Rendering System - Some embodiments of the present invention provide a system that renders graphics in a computing system that includes a plugin associated with a web browser in the computing system and a web application configured to execute in the web browser. During operation, the web application specifies a graphics model and provides the graphics model to the plugin. Next, the plugin generates a graphics-processing unit (GPU) command stream from the graphics model. Finally, the plugin sends the GPU command stream to a GPU of the computing system, which renders an image corresponding to the graphics model. | 05-16-2013 |
20130159394 | Safe Browser Plugins Using Native Code Modules - Some embodiments provide a system that executes a plugin for a web browser. During operation, the system obtains the plugin as a native code module and executes the native code module in a secure runtime environment. Next, the system enables communication between the native code module and the web browser by providing an interface bridge between the native code module and the web browser. | 06-20-2013 |
20130185787 | Safely Executing an Untrusted Native Code Module on a Computing Device - A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects. | 07-18-2013 |
20130275471 | FILESYSTEM ACCESS FOR WEB APPLICATIONS AND NATIVE CODE MODULES - One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. | 10-17-2013 |
20140310315 | Filesystem Access for Web Applications and Native Code Modules - One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. | 10-16-2014 |
20140359765 | Method for Validating an Untrusted Native Code Module - A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects. | 12-04-2014 |