COMPUTING SYSTEM USING SINGLE OPERATING SYSTEM TO PROVIDE NORMAL SECURITY SERVICES AND HIGH SECURITY SERVICES, AND METHODS THEREOF
First Claim
1. A computing system provides normal security services and high security services with a single operating system, comprising:
- a secure application programming interface (secure API) for the high security services, called by a pseudo normal thread executed while the computing system is in a normal security environment;
a driver layer invoked by the secure API, calling a world switch instruction;
a monitor, activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to a high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment,wherein, the secure thread relates to one of the high security services.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread.
58 Citations
20 Claims
-
1. A computing system provides normal security services and high security services with a single operating system, comprising:
-
a secure application programming interface (secure API) for the high security services, called by a pseudo normal thread executed while the computing system is in a normal security environment; a driver layer invoked by the secure API, calling a world switch instruction; a monitor, activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to a high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment, wherein, the secure thread relates to one of the high security services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of using a single operating system (OS) in a computing system to provide normal security services and high security services, comprising:
-
providing a secure thread only accessible while the computing system is in a high security environment, wherein the secure thread relates to one of the high security services; providing a pseudo normal thread to be executed while the computing system is in a normal security environment to work as a temporary of the secure thread; forwarding the pseudo normal thread to a thread ordering service of the OS; and when the pseudo normal thread gains access to resources of the computing system in the thread ordering service, changing the computing system to the high security environment to execute the secure thread. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computing system provides normal security services and high security services with a single operating system, comprising:
-
a thread ordering service, scheduling resources to queued normal threads and a pseudo normal thread, wherein the pseudo normal thread is executed while the computing system is in a normal security environment and the pseudo normal thread is a temporary of a secure thread only accessible while the computing system is in a high security environment; a monitor, activated by a world switch instruction when the pseudo normal thread gains access to the resources, to save context of the pseudo normal thread, change the computing system to a high security environment, obtain a secure thread corresponding to the pseudo computing system that has been changed to the high security environment. - View Dependent Claims (20)
-
Specification