Robert H Muth

US Patent:

8561183, Oct 15, 2013

Filed:

Nov 18, 2009

Appl. No.:

12/621286

Inventors:

Robert Muth - New York NY, US
Karl Schmipf - Santa Cruz CA, US
David C. Sehr - Cupertino CA, US
Clifford L. Biffle - Sunnyvale CA, US

Assignee:

Google Inc. - Mountain View CA

International Classification:

G06F 11/00

US Classification:

726 22, 726 23, 726 27, 717124, 717126, 717127, 717154

Abstract:

Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that constrain store instructions in the native code module. The SFI mechanisms also maintain control flow integrity for the native code module by dividing a code region associated with the native code module into equally sized code blocks and data blocks and starting each of the data blocks with an illegal instruction.

US Patent:

20160212243, Jul 21, 2016

Filed:

Mar 28, 2016

Appl. No.:

15/082162

Inventors:

- Mountain View CA, US
J. Bradley Chen - Los Gatos CA, US
Bennet S. Yee - Mountain View CA, US
Robert Muth - New York NY, US
Jan Voung - Oakland CA, US
Derek L. Schuff - Sunnyvale CA, US

International Classification:

H04L 29/06

Abstract:

Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.

US Patent:

20160004858, Jan 7, 2016

Filed:

Mar 16, 2011

Appl. No.:

13/049529

Inventors:

J. Bradley Chen - Los Gatos CA, US
Alan A. Donovan - Brooklyn NY, US
Robert Muth - New York NY, US
David C. Sehr - Cupertino CA, US
Bennet Yee - Mountain View CA, US
Matthew Papakipos - Palo Alto CA, US
Stephen White - Laval, CA

International Classification:

G06F 9/45
G06F 21/60

Abstract:

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for preserving code safety of application code that is received in a portable, instruction-set-neutral format. One aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving a portable code file that is implemented in an instruction-set-neutral and source code independent format; translating the portable code file into native object code for execution on a particular instruction set architecture; generating a native executable for the particular instruction set architecture using the native object code; and validation the native executable using a trusted validator prior to execution of the native executable.

US Patent:

20150195376, Jul 9, 2015

Filed:

Jan 28, 2013

Appl. No.:

13/751729

Inventors:

David C. Sehr - Cupertino CA, US
J. Bradley Chen - Los Gatos CA, US
Bennet S. Yee - Mountain View CA, US
Robert Muth - New York NY, US
Jan Voung - Oakland CA, US
Derek L. Schuff - Sunnyvale CA, US

International Classification:

H04L 29/06

Abstract:

Methods, systems, and computer program products are provided for machine-specific instruction set translation. One example method includes identifying computing devices, each device having a respective software component installed, the software component including a translator component for translating a program in a portable format to a machine-specific instruction set, and a sandbox component for executing programs translated to the machine-specific instruction set on the computing device using software-based fault isolation; identifying computing devices having a given hardware configuration; and transmitting another translator component and another sandbox component to each of the identified computing devices. Each of the identified computing devices having the given hardware configuration is configured to receive the components and to configure its software component to use the received components in lieu of the corresponding components.