Virtualization Technology News and Information
Patent Issued for Transforming Untrusted Applications into Trusted Executables through Static Previrtualization
According to news reporting originating from Alexandria, Virginia, by VerticalNews journalists, a patent by the inventors Shankar, Natarajan (Los Altos, CA); Dean, Richard Drews (Arlington, VA), filed on October 26, 2011, was published online on November 12, 2013.

The assignee for this patent, patent number 8584248, is SRI International (Menlo Park, CA).

Reporters obtained the following quote from the background information supplied by the inventors: "Systems often receive software applications that come from untrusted sources. Such systems would like to know or guarantee that such applications will do no harm to the system if and when installed. One approach involves the use of proof carrying code (PCC) whereby an application provider produces a proof that the application does no harm and conforms to the security policies of a system. The proof is then checked by a trusted third party. A similar approach involves including a type guarantee in the application which is then checked by a trusted third party.

"The concept of virtualization, as applied to computer systems and data networks, provides an abstract view of hardware and operating system resources. Virtualization allows multiple computing channels to access shared resources while providing an illusion of exclusivity. With the proliferation of data centers and cloud computing, virtualization is used to execute multiple independent programs on shared servers. Virtualization can be used to run guest operating systems on host ones, to isolate processes or to make applications portable, for platform emulation, and to aid in debugging. Virtualization can also be used to ensure security by restricting the privileges associated with a specific host partition. Although the above arrangements achieve several noteworthy objectives, and are suitable for use in various computer and network designs, such arrangements still leave many vulnerabilities and inefficiencies in place that threaten the security and speed of a host system. In addition, these techniques may still allow applications to access unauthorized data and to perform unauthorized device operations when running on a host system."

In addition to obtaining background information on this patent, VerticalNews editors also obtained the inventors' summary information for this patent: "In one embodiment, the present disclosure discloses a method for transforming untrusted applications into trusted executables through static previrtualization. For example, the method receives an untrusted application and extracts a system call from the untrusted application. The method then determines if the system call is privileged or non-privileged. If the system call is privileged, the method replaces the system call with a hypercall. If the system call is non-privileged, it is replaced with a library call. The method repeats this process for additional system calls in the untrusted application to create a trusted executable. The method then forwards the trusted executable."

For more information, see this patent: Shankar, Natarajan; Dean, Richard Drews. Transforming Untrusted Applications into Trusted Executables through Static Previrtualization. U.S. Patent Number 8584248, filed October 26, 2011, and published online on November 12, 2013. Patent URL:
Published Thursday, November 21, 2013 6:52 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2013>