Method and System for Providing Secure System Execution on Hardware Supporting Secure Application Execution
First Claim
Patent Images
1. A system for providing secure execution of an application comprising:
- at least one processor and a memory;
at least one enclave, said enclave comprising a hardware-enforced protected region of an address space of the memory; and
an emulator comprising code that is executable on the at least one processor, is loaded into an emulator enclave, and emulates the functions of the application.
2 Assignments
0 Petitions
Accused Products
Abstract
An application such as a virtual machine are executed securely using a software-based, full-system emulator within a hardware-protected enclave, such as an SGX enclave. The emulator may thereby be secure even against a malicious underlying host operating system. In some cases, paging is used to allow even a large application may run within a small enclave using paging. Where the application itself uses enclaves, these guest enclaves may themselves be emulated within an emulator enclave such that the guest enclave(s) are nested as sibling enclaves by the emulator.
-
Citations
20 Claims
-
1. A system for providing secure execution of an application comprising:
-
at least one processor and a memory; at least one enclave, said enclave comprising a hardware-enforced protected region of an address space of the memory; and an emulator comprising code that is executable on the at least one processor, is loaded into an emulator enclave, and emulates the functions of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 12, 13)
-
- 8. A method for providing secure execution of an application comprising emulating the functions of the application with emulator code running within an emulator enclave and executable on at least one processor, said emulator enclave comprising a hardware-enforced protected region of an address space of a memory.
- 15. A non-transitory computer-readable storage medium storing instructions, the instructions, when executed by a processor, causing the processor to securely execute an application by emulating the functions of the application with emulator code running within an emulator enclave, said emulator enclave comprising a hardware-enforced protected region of an address space of a memory.
Specification