Abstract: A security program code generator is configured to automatically generate program code used to perform one or more validation checks of components operating in user mode. In one implementation, for example, the program code generator receives one or more files that include declarative values and parameters regarding one or more function calls made by any user mode component. The program code generator then takes the file of declarative call descriptions and automatically generates a user mode stub and a kernel mode stub for each function call of interest to be handled by a kernel mode component. The file(s) that include the user mode stub and the kernel mode stub can then be compiled and linked into the operating system components.

Abstract: Sensitive data structures, such as type data structures, can be used by untrusted application programs without necessarily exposing the sensitive data structures directly. For example, untrusted components, such as application programs that may or may not be type safe, can be allowed to operate in a lower-privilege mode. In addition, the application programs can be associated with an address space with limited permissions (e.g., read-only) to a shared memory heap. Requests by the untrusted components for sensitive data structures can then be handled by trusted components operating in a higher-privilege mode, which may have broader permissions to the shared memory heap. If the requests by the untrusted components are deemed to be valid, the results of the requests can be shared with the lower-privilege mode components through the shared memory heap.

Abstract: Unsafe application programs that implement managed code can be executed in a secure fashion. In particular, an operating system can be configured to execute an application program in user mode, but handle managed code compilation through a type-safe JIT compiler operating in kernel mode. The operating system can also designate a single memory location to be accessed through multiple address spaces with different permission sets. An application program operating in user mode can be executed in the read/execute address space, while the JIT compiler operates in a read/write address space. When encountering one or more pointers to intermediate language code, the application runtime can send one or more compilation requests to a kernel mode security component, which validates the requests. If validated, the JIT compiler will compile the requested intermediate language code, and the application program can access the compiled code from a shared memory heap.

Abstract: A security program code generator is configured to automatically generate program code used to perform one or more validation checks of components operating in user mode. In one implementation, for example, the program code generator receives one or more files that include declarative values and parameters regarding one or more function calls made by any user mode component. The program code generator then takes the file of declarative call descriptions and automatically generates a user mode stub and a kernel mode stub for each function call of interest to be handled by a kernel mode component. The file(s) that include the user mode stub and the kernel mode stub can then be compiled and linked into the operating system components.

Abstract: Sensitive data structures, such as type data structures, can be used by untrusted application programs without necessarily exposing the sensitive data structures directly. For example, untrusted components, such as application programs that may or may not be type safe, can be allowed to operate in a lower-privilege mode. In addition, the application programs can be associated with an address space with limited permissions (e.g., read-only) to a shared memory heap. Requests by the untrusted components for sensitive data structures can then be handled by trusted components operating in a higher-privilege mode, which may have broader permissions to the shared memory heap. If the requests by the untrusted components are deemed to be valid, the results of the requests can be shared with the lower-privilege mode components through the shared memory heap.