TRUSTED LANGUAGE RUNTIME ON A MOBILE PLATFORM
First Claim
1. A computer-implemented execution system, comprising:
- an untrusted execution environment of a mobile device where an operating system and untrusted code of an application execute;
a trusted execution environment of the mobile device where trusted code of the application executes, the trusted code isolated from inspection and modification by the untrusted code;
a secure communications component of the mobile device that provides a secure communications channel between the trusted and untrusted execution environments; and
a processor that executes computer-executable instructions associated with at least one of the untrusted execution environment, trusted execution environment, or secure communications component.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.
101 Citations
20 Claims
-
1. A computer-implemented execution system, comprising:
-
an untrusted execution environment of a mobile device where an operating system and untrusted code of an application execute; a trusted execution environment of the mobile device where trusted code of the application executes, the trusted code isolated from inspection and modification by the untrusted code; a secure communications component of the mobile device that provides a secure communications channel between the trusted and untrusted execution environments; and a processor that executes computer-executable instructions associated with at least one of the untrusted execution environment, trusted execution environment, or secure communications component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented execution method, comprising acts of:
-
creating a trusted execution environment in a mobile device using processor-based isolation extensions; establishing a secure communications channel between the trusted execution environment and an untrusted execution environment; running a portion of trusted code of an untrusted application in the trusted execution environment; communicating a call to the portion of trusted code in the trusted execution environment over the secure communications channel, the call generated in response to an invoked method of the untrusted application; returning arguments and values to the untrusted execution environment over the secure communications channel, based on the call; and utilizing a processor that executes instructions stored in memory to perform at least one of the acts of creating, establishing, running, communicating, or returning. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented execution method, comprising acts of:
-
creating a trusted execution environment in a mobile device using processor-based isolation extensions; defining an interface in a portion of trusted code of an untrusted application, the interface identifies data communicated between the trusted execution environment and an untrusted execution environment; isolating the portion of trusted code from inspection by untrusted application code and operating system of the mobile device using the trusted execution environment; establishing a secure communications channel between the trusted execution environment and the untrusted execution environment using kernel mode device drivers; running the portion of trusted code in the trusted execution environment; communicating a call over the secure communications channel to the portion of trusted code and returning data over the secure communications channel to the untrusted execution environment; and utilizing a processor that executes instructions stored in memory to perform at least one of the acts of creating, defining, isolating, establishing, running, or communicating. - View Dependent Claims (18, 19, 20)
-
Specification