Customized execution environment
First Claim
Patent Images
1. A customized execution engine (CE2) comprising:
- code and data sections of an application; and
code and data sections of a set of system services, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and techniques for implementing a custom execution environment (CE2) and a related loader are provided. According to one embodiment, the CE2 includes code and data sections of an application and code and data sections of a set of system services. The set of system services has direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture. According to one embodiment, the system services are designed for maximum simplicity, fastest possible speed, and elimination of security vulnerabilities.
102 Citations
32 Claims
-
1. A customized execution engine (CE2) comprising:
-
code and data sections of an application; and
code and data sections of a set of system services, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
- 9. A method comprising a customized execution environment (CE2) loader organizing available physical pages of a physical memory of a computer system, employing one or more processors implementing a parallel protected architecture, into the largest possible pages based upon a map of the physical memory, employing a predetermined plurality of page sizes supported by a processor of the computer system.
-
13. A method comprising:
a customized execution engine (CE2) loader establishing a new root of trust and extending a chain of trust from the new root into a CE2 by;
validating one or more digital signatures associated with firmware of a computer system, validating one or more digital signatures associated with the CE2 loader, and launching system services and application of the CE2 after successful completion of said validating and validation of one or more digital signatures associated with code and data sections of the CE2. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. A method comprising:
-
a customized execution environment (CE2) providing, on each processor of a computer system over which the CE2 has full control, only a single thread for execution of an application and a set of system services within the CE2; and
the application performing both normal application tasks and tasks that occur as a result of events external to the application using only the single thread on each processor. - View Dependent Claims (20, 21)
-
-
22. A method comprising:
-
a caller executing within a customized execution environment (CE2);
the caller invoking a system service call of the CE2; and
the system service call causing a call return address associated with the system service call by the application to be verified. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method comprising:
-
a customized execution environment (CE2) providing a minimum set of I/O drivers for a particular application;
an I/O driver of the minimum set of I/O drivers operating solely using virtual addresses and generating encoded directives specifying steps needed to perform an I/O operation; and
the I/O driver calling platform control services to control an I/O device, the platform control services using physical addresses by following encoded directives supplied by the I/O driver. - View Dependent Claims (32)
-
Specification