DEFENSE-IN-DEPTH SECURITY FOR BYTECODE EXECUTABLES
First Claim
Patent Images
1. A method comprising:
- assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and another file executable on the processor only through an interpretation process;
executing the defense-in-depth process on the processor to perform a sequence of security tasks, failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and
providing the other file to the interpretation process to execute a target process on the processor upon the processor resources being allocated thereto.
1 Assignment
0 Petitions
Accused Products
Abstract
Defense-in Depth security defines a set of graduated security tasks, each of which performs a task that must complete before another task can complete. Only when these tasks complete successfully and in the order prescribed by Defense-in-Depth security criteria is a final process allowed to execute. Through such Defense-in-Depth security measures, vulnerable software, such as bytecode, can be verified as unaltered and executed in a secure environment that prohibits unsecured access to the underlying code.
45 Citations
20 Claims
-
1. A method comprising:
-
assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and another file executable on the processor only through an interpretation process; executing the defense-in-depth process on the processor to perform a sequence of security tasks, failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and providing the other file to the interpretation process to execute a target process on the processor upon the processor resources being allocated thereto. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a source memory to store a plurality of files; a destination memory to store the files as assembled and delivered in a data package; and a processor communicatively coupled to the destination memory and configured to; accept the data package and store a set of the files therefrom in the destination memory; execute a set processor instructions of a defense-in-depth process to perform a sequence of security tasks, failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and provide a bytecode file to the interpretation process to execute a target process on the processor upon the processor resources being allocated thereto. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processor, are operable to cause the processor to:
-
accept a data package and store a set of the files therefrom in a destination memory; execute a defense-in-depth process to perform a sequence of security tasks, failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and provide a bytecode file to the interpretation process to execute a target process on the processor upon the processor resources being allocated thereto. - View Dependent Claims (19, 20)
-
Specification