BINARY TRANSLATION OF A TRUSTED BINARY WITH INPUT TAGGING
First Claim
1. A computing apparatus comprising:
- a trusted execution environment (TEE);
one or more logic elements comprising an input verification engine (IVE) within the TEE, the IVE operable for;
receiving a trusted binary object;
analyzing the trusted binary object to identify portions that perform input/output operations;
tagging the portions to create a tagged trusted binary with tagged portions; and
providing the portions to a binary translation engine; and
one or more logic elements comprising the binary translation engine (BTE) within the TEE, the BTE operable for;
receiving the tagged trusted binary in a first format;
translating the tagged trusted binary into a second binary object in a second format, wherein translating comprises reserving the tagged portions for execution within an enclave.
12 Assignments
0 Petitions
Accused Products
Abstract
In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.
38 Citations
25 Claims
-
1. A computing apparatus comprising:
-
a trusted execution environment (TEE); one or more logic elements comprising an input verification engine (IVE) within the TEE, the IVE operable for; receiving a trusted binary object; analyzing the trusted binary object to identify portions that perform input/output operations; tagging the portions to create a tagged trusted binary with tagged portions; and providing the portions to a binary translation engine; and one or more logic elements comprising the binary translation engine (BTE) within the TEE, the BTE operable for; receiving the tagged trusted binary in a first format; translating the tagged trusted binary into a second binary object in a second format, wherein translating comprises reserving the tagged portions for execution within an enclave. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer-readable mediums having stored thereon instructions that, when executed, instruct a processor for:
-
providing an input verification engine (IVE) within a TEE, the IVE operable for; receiving a trusted binary object; analyzing the trusted binary object to identify portions that perform input/output operations; tagging the portions to create a tagged trusted binary with tagged portions; and providing the portions to a binary translation engine; and providing the binary translation engine (BTE) within the TEE, the BTE operable for; receiving the tagged trusted binary in a first format; translating the tagged trusted binary into a second binary object in a second format, wherein translating comprises reserving the tagged portions for execution within an enclave. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer-implemented method for execution within a trusted execution environment (TEE), comprising:
-
receiving a trusted binary object; analyzing the trusted binary object to identify portions that perform input/output operations; tagging the portions to create a tagged trusted binary with tagged portions; and translating the tagged trusted binary into a second binary object in a second format, wherein translating comprises reserving the tagged portions for execution within an enclave. - View Dependent Claims (25)
-
Specification