Integration of Untrusted Framework Components With a Secure Operating System Environment
First Claim
1. A media processing device having software and hardware resources for performing media delivery operations, comprising:
- a secure operating system environment;
a software framework to support at least one application; and
a secure access interface configured to regulate communications between the secure operating system environment and the software framework, and to provide restricted access to at least a portion of the software and hardware resources for performing media delivery operations.
7 Assignments
0 Petitions
Accused Products
Abstract
A set top box or like device incorporating an untrusted software framework as a client of a secure operating system kernel. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment having a secure kernel. The software framework can be executed using a variety of process isolation techniques depending on performance and isolation requirements. A secure access client/server interface may also be provided to support interactions between the untrusted software framework (and applications utilizing the untrusted software framework) and secure or trusted portions of the device. The secure access interface can be configured to perform operations such as handle validation, heap pointer validation, non-pointer parameter validation, heap isolation, and resource release relating to terminated processes. In further embodiments, a software framework aggregator is used to support a plurality of additional software frameworks for use in the set top box.
27 Citations
20 Claims
-
1. A media processing device having software and hardware resources for performing media delivery operations, comprising:
-
a secure operating system environment; a software framework to support at least one application; and a secure access interface configured to regulate communications between the secure operating system environment and the software framework, and to provide restricted access to at least a portion of the software and hardware resources for performing media delivery operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method used in a media delivery device having a secure operating system kernel and an untrusted software framework, comprising:
-
establishing a privileged operating system environment to perform secure media processing operations supported by the secure operating system kernel; establishing a restricted operating system environment to support the untrusted software framework, the restricted operating system environment utilizing process isolation; and executing at least a portion of the untrusted software framework in the restricted operating system environment. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A media processing device comprising:
-
processing circuitry; a software framework to support software applications; and an operating system executed by the processing circuitry, the operating system configured to establish at least one restricted operating system environment that utilizes process isolation, the software framework executed in the at least one restricted operating system environment. - View Dependent Claims (18, 19, 20)
-
Specification