| CPC G06F 21/57 (2013.01) [G06F 21/52 (2013.01); G06F 2221/033 (2013.01)] | 17 Claims |
|
1. A method comprising performing, by a target computing device:
accessing a plurality of execution safety policies and a plurality of verification rules;
receiving a program and metadata, wherein the program includes safe instructions and verifiable sections of instructions, and wherein the metadata is usable to identify at least one verifiable section of instructions within the program as received by the target computing device and whose operation is to be verified;
identifying, using the metadata, sections of instructions that violate at least one of the execution safety policies, wherein the at least one verifiable section violates an execution safety policy restricting execution outside of the at least one verifiable section from jumping into a verifiable section;
for each of the at least one verifiable sections:
applying, using the metadata, one or more of the verification rules to the verifiable section of instructions to determine whether to execute the verifiable section despite violating at least one of the execution safety policies; and
executing the program as received by the target computing device based on the at least one verifiable section satisfying the plurality of verification rules.
|