System and method for managing metaverse instances
US-2024364697-A1 · Oct 31, 2024 · US
Method and apparatus for executing a process on a device using memory privileges
US10459851B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10459851-B2 |
| Application number | US-201415510114-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 10, 2014 |
| Priority date | Sep 10, 2014 |
| Publication date | Oct 29, 2019 |
| Grant date | Oct 29, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and apparatus for executing a process on a device, the device including one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege. The method includes obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, and wherein the portion of the memory has an associated second type of privilege that is different from the first type of privilege.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for executing a process on a device, the device comprising one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege, the method comprising: obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, wherein a second type of privilege that is different from the first type of privilege has been associated with the portion of memory; wherein the first type of privilege and/or the second type of privilege allows and/or prohibits one or more of: (a) opening a file; (b) performing one or more predetermined system calls; (c) reading a file; (d) writing to a file; (e) creating a communications connection. 2. The method of claim 1 , wherein said obtaining is performed at the run time of the process. 3. The method of claim 1 , wherein said obtaining comprises requesting a kernel that is executing on the one or more processors to perform a dynamic memory allocation. 4. The method of claim 3 , wherein said requesting specifies to the kernel the second type of privilege, the kernel being arranged to allocate said portion of the memory and to associate the specified second type of privilege to the portion of the memory. 5. The method of claim 3 , wherein said requesting does not specify to the kernel the second type of privilege, the kernel being arranged to allocate said portion of the memory and, if said requesting occurs at the run time of the process, to associate the second type of privilege to the portion of the memory. 6. The method of claim 1 , wherein said obtaining is performed as part of a just-in-time compiler compiling code for the process into one or more machine language instructions for the just-in-time compiler to store in the portion of the memory. 7. The method of claim 1 , wherein the second type of privilege is one or more of: (a) more prohibitive that the first type of privilege; (b) a predetermined type of privilege; (c) determined based, at least in part, on the first type of privilege. 8. The method of claim 1 , wherein execution of the process is performed by a virtual machine running on the one or more processors or by an interpreter running on the one or more processors. 9. A method for enabling execution of a process on a device, the device comprising one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege, the method comprising: receiving a request for a portion of the memory for use by the process or for use by a further process being created by the process; and in response to the request, providing a portion of the memory that is identified as both writable and executable memory, wherein said providing comprises associating a second type of privilege that is different from the first type of privilege with the portion of the memory; wherein the first type of privilege and/or the second type of privilege allows and/or prohibits one or more of: (a) opening a file; (b) performing one or more predetermined system calls; (c) reading a file; (d) writing to a file; (e) creating a communications connection. 10. The method of claim 9 , wherein said request is received at the run time of the process. 11. The method of claim 9 , wherein said request is a dynamic memory allocation request. 12. The method of claim 11 , wherein said dynamic memory allocation request specifies the second type of privilege. 13. The method of claim 9 , wherein said receiving and providing are performed by a kernel that is executing on the one or more processors. 14. The method of claim 9 , wherein said request is received from a just-in-time compiler when the just-in-time compiler is compiling code for the process into one or more machine language instructions for the just-in-time compiler to store in the requested portion of the memory. 15. The method of claim 9 , wherein the second type of privilege is one or more of: (a) more prohibitive that the first type of privilege; (b) a predetermined type of privilege; (c) determined based, at least in part, on the first type of privilege. 16. The method of claim 7 , wherein execution of the process is performed by a virtual machine running on the one or more processors by an interpreter running on the one or more processors. 17. An apparatus comprising one or more processors and a memory, the one or more processors arranged to execute a process that has an associated first type of privilege, wherein the one or more processors are arranged to obtain a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, wherein a second type of privilege that is different from the first type of privilege has been associated with the portion of the memory; wherein the first type of privilege and/or the second type of privilege allows and/or prohibits one or more of: (a) opening a file; (b) performing one or more predetermined system calls; (c) reading a file; (d) writing to a file; (e) creating a communications connection. 18. An apparatus comprising one or more processors and a memory, the one or more processors arranged to execute a process that has an associated first type of privilege, wherein the one or more processors are arranged to: receive a request for a portion of the memory for use by the process or for use by a further process being created by the process; and in response to the request, provide a portion of the memory that is identified as both writable and executable memory, wherein providing the portion of the memory comprises associating a second type of privilege that is different from the first type of privilege with the portion of the memory; wherein the first type of privilege and/or the second type of privilege allows and/or prohibits one or more of: (a) opening a file; (b) performing one or more predetermined system calls; (c) reading a file; (d) writing to a file; (e) creating a communications connection. 19. A method for executing a process on a device, the device comprising one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege, the method comprising: obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as both writable and executable memory, wherein a second type of privilege that is different from the first type of privilege has been associated with the portion of memory; wherein said obtaining comprises requesting a kernel that is executing on the one or more processors to perform a dynamic memory allocation, wherein said requesting specifies to the kernel the second type of privilege, the kernel being arranged to allocate said portion of the memory and to associate the specified second type of privilege to the portion of the memory. 20. The method of claim 19 , wherein said obtaining is performed at the run time of the process. 21. The method of claim 19 , wherein said requesting does not specify to the kernel the second type of privilege, the kernel being arranged to allocate said portion of the memory and, if said requesting occurs at the run time of the process, to asso
Assignees
Inventors
Classifications
- G06F12/1491Primary
in a hierarchical protection system, e.g. privilege levels, memory rings · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
by adding security routines or objects to programs · CPC title
Involving translation to a different instruction set architecture, e.g. just-in-time translation in a JVM · CPC title
Hypervisor-specific management and integration aspects · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10459851B2 cover?
- A method and apparatus for executing a process on a device, the device including one or more processors for executing the process and a memory, wherein the process has an associated first type of privilege. The method includes obtaining a portion of the memory for use by the process or for use by a further process being created by the process, wherein the portion of the memory is identified as …
- Who is the assignee on this patent?
- Irdeto Bv
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1491. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 29 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).