Customized execution environment
First Claim
Patent Images
1. A computer-readable medium having a customized execution engine stored therein, the customized execution engine comprising:
- code and data sections of a set of or more applications; and
code and data sections of a set of system services, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture, the set of system services using hardware features that are not used by traditional operating systems, the set of system services limited to only those services required by the set of one or more applications, the set of one or more applications together implementing a control flow structure by using only a single thread of execution in each of one or more processors, the customized execution engine unable to load or to load and execute applications in addition to the set of one or more applications.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and techniques for implementing a custom execution environment (CE2) and a related loader are provided. According to one embodiment, the CE2 includes code and data sections of an application and code and data sections of a set of system services. The set of system services has direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture. According to one embodiment, the system services are designed for maximum simplicity, fastest possible speed, and elimination of security vulnerabilities.
69 Citations
21 Claims
-
1. A computer-readable medium having a customized execution engine stored therein, the customized execution engine comprising:
-
code and data sections of a set of or more applications; and code and data sections of a set of system services, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture, the set of system services using hardware features that are not used by traditional operating systems, the set of system services limited to only those services required by the set of one or more applications, the set of one or more applications together implementing a control flow structure by using only a single thread of execution in each of one or more processors, the customized execution engine unable to load or to load and execute applications in addition to the set of one or more applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
a customized execution environment providing, to a set of one or more applications together implementing a control flow structure, only a single thread of execution on each of one or more processors, the customized execution engine unable to load or to load and execute applications in addition to the set of one or more applications, and a set of system services to the set of one or more applications, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture, the set of system services using hardware features that are not used by traditional operating systems, the set of system services limited to only those services required by the set of one or more applications; and the set of one or more applications performing both normal application tasks and tasks that occur as a result of events external to the application using only the single thread on each of the one or more processors. - View Dependent Claims (9, 10)
-
-
11. A method comprising:
-
a caller executing within a customized execution environment; the caller invoking a system service call of a set of system services provided by the customized execution environment, the set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture, the set of system services using hardware features that are not used by traditional operating systems, the set of system services limited to only those services required by the set of one or more applications, the set of one or more applications together implementing a control flow structure by using only a single thread of execution in each of one or more processors; and the system service call causing a call return address associated with the system service call by the application to be verified. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable medium having a customized execution engine encoded in computer instructions and stored therein, comprising:
-
a customized execution environment that provides; a minimum set of I/O drivers for a particular application, and a set of system services having direct and full control of a set of hardware resources of a computer system containing one or more processors implementing a parallel protected architecture, the set of system services using hardware features that are not used by traditional operating systems, the set of system services limited to only those services required by the set of one or more applications, the set of one or more applications together implementing a control flow structure by using only a single thread of execution in each of one or more processors, the customized execution engine unable to load or to load and execute applications in addition to the set of one or more applications; an I/O driver of a minimum set of I/O drivers operating solely using virtual addresses and generating encoded directives specifying steps needed to perform an I/O operation; and the I/O driver calling platform control services to control an I/O device, the platform control services using physical addresses by following encoded directives supplied by the I/O driver. - View Dependent Claims (21)
-
Specification