Method and apparatus for secure execution of code

US 7,930,738 B1
Filed: 06/02/2005
Issued: 04/19/2011
Est. Priority Date: 06/02/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

executing a trusted section of code on a computer, said executing comprising executing one or more instructions to explicitly raise a privilege level of the trusted section of code to an elevated privilege level, wherein;

the elevated privilege level is necessary to execute a restricted function that is not executable by the trusted section of code before raising the privilege level to the elevated level, andthe raising of privilege level is dependent, at least in part, on determining that the trusted section of code is trusted to raise the privilege level to the elevated level; and

;

while the privilege level of the trusted section of code is at the elevated level, the trusted section of code invoking a given function comprising a second section of code, wherein the second section of code does not inherit from the trusted section, the elevated privilege level necessary to execute the restricted function.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates secure execution of code. During operation, the system executes a section of code. Upon executing an instruction that raises a privilege of the section of code, the system checks if the section of code is trusted, wherein trusted code is allowed to raise the privilege and non-trusted code is not allowed to raise the privilege. If so, the system raises the privilege of the section of code and executes the section of code. After the section of code is executed, the system then lowers the privilege of the section of code.

273 Citations

20 Claims

1. A method, comprising:
- executing a trusted section of code on a computer, said executing comprising executing one or more instructions to explicitly raise a privilege level of the trusted section of code to an elevated privilege level, wherein;
  
  the elevated privilege level is necessary to execute a restricted function that is not executable by the trusted section of code before raising the privilege level to the elevated level, andthe raising of privilege level is dependent, at least in part, on determining that the trusted section of code is trusted to raise the privilege level to the elevated level; and
  
  ;
  
  while the privilege level of the trusted section of code is at the elevated level, the trusted section of code invoking a given function comprising a second section of code, wherein the second section of code does not inherit from the trusted section, the elevated privilege level necessary to execute the restricted function.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein raising the privilege level involves setting a privilege bit for the trusted section of code on a call stack of a computer program.
  - 3. The method of claim 1, wherein the determination that the trusted section of code is trusted is dependent, at least in part, on determining that a function comprising the trusted section of code is indicated as explicitly trusted in a core library that cannot be modified by the trusted section of code.
  - 4. The method of claim 1, further comprising:
    - executing one or more instructions in the second section of code to explicitly raise a level of privilege of the second section of code to the elevated privilege level necessary to execute the restricted function;
      
      wherein the raising is dependent, at least in part, on a determination that the second section of code is trusted to raise the privilege level to the elevated level;
      
      wherein the determination that the second section of code is trusted is dependent, at least in part, on;
      
      determining that the function comprising the second section of code is a trust propagator; and
      
      determining that the trusted section of code that invoked the function is trusted.
  - 5. The method of claim 1, wherein the trusted section of code or the second section of code is written in a scripting language that is executed by an interpreter.
  - 6. The method of claim 5, wherein the scripting language is JavaScript.
  - 7. The method of claim 1, wherein the trusted section of code or the second section of code is embedded in an Adobe®
    - Portable Document Format (PDF) document.

8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method comprising:
- executing a trusted section of code on a computer, said executing comprising executing one or more instructions to explicitly raise a privilege level of the trusted section of code to an elevated privilege level, wherein;
  
  the elevated privilege level is necessary to execute a restricted function that is not executable by the trusted section of code before raising the privilege level to the elevated level, andthe raising of privilege level is dependent, at least in part, on determining that the trusted section of code is trusted to raise the privilege level to the elevated level; and
  
  ;
  
  while the privilege level of the trusted section of code is at the elevated level, the trusted section of code invoking a given function comprising a second section of code, wherein the second section of code does not inherit from the trusted section, the elevated privilege level necessary to execute the restricted function.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein raising the privilege level involves setting a privilege bit for the trusted section of code on a call stack of a computer program.
  - 10. The computer-readable storage medium of claim 8, wherein the determination that the trusted section of code is trusted is dependent, at least in part, on determining that a function comprising the trusted section of code is indicated as explicitly trusted in a core library that cannot be modified by the trusted section of code.
  - 11. The computer-readable storage medium of claim 8, wherein the method further comprises:
    - executing one or more instructions in the second section of code to explicitly raise a level of privilege of the second section of code to the elevated privilege level necessary to execute the restricted function;
      
      wherein the raising is dependent, at least in part, on a determination that the second section of code is trusted to raise the privilege level to the elevated level;
      
      wherein the determination that the second section of code is trusted is dependent, at least in part, on;
      
      determining that the function comprising the second section of code is a trust propagator; and
      
      determining that the trusted section of code that invoked the function is trusted.
  - 12. The computer-readable storage medium of claim 8, wherein the trusted section of code or the second section of code is written in a scripting language that is executed by an interpreter.
  - 13. The computer-readable storage medium of claim 12, wherein the scripting language is JavaScript.
  - 14. The computer-readable storage medium of claim 8, wherein the trusted section of code or the second section of code is embedded in an Adobe®
    - Portable Document Format (PDF) document.

15. A computer, comprising:
- a computer-readable storage medium storing instructions thereon for implementing a method comprising;
  
  executing a trusted section of code on a computer, said executing comprising executing one or more instructions to explicitly raise a privilege level of the trusted section of code to an elevated privilege level, wherein;
  
  the elevated privilege level is necessary to execute a restricted function that is not executable by the trusted section of code before raising the privilege level to the elevated level, andthe raising of privilege level is dependent, at least in part, on determining that the trusted section of code is trusted to raise the privilege level to the elevated level; and
  
  ;
  
  while the privilege level of the trusted section of code is at the elevated level, the trusted section of code invoking a given function comprising a second section of code, wherein the second section of code does not inherit from the trusted section, the elevated privilege level necessary to execute the restricted function.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer of claim 15, wherein raising the privilege level involves setting a privilege bit for the trusted section of code on a call stack of a computer program.
  - 17. The computer of claim 15, wherein the determination that the trusted section of code is trusted is dependent, at least in part, on determining that a function comprising the trusted section of code is indicated as explicitly trusted in a core library that cannot be modified by the trusted section of code.
  - 18. The computer of claim 15, wherein the method further comprises:
    - executing one or more instructions in the second section of code to explicitly raise a level of privilege of the second section of code to the elevated privilege level necessary to execute the restricted function;
      
      wherein the raising is dependent, at least in part, on a determination that the second section of code is trusted to raise the privilege level to the elevated level;
      
      wherein the determination that the second section of code is trusted is dependent, at least in part, on;
      
      determining that the function comprising the second section of code is a trust propagator; and
      
      determining that the trusted section of code that invoked the function is trusted.
  - 19. The computer of claim 15, wherein the trusted section of code or the second section of code is written in a scripting language that is executed by an interpreter.
  - 20. The computer of claim 15, wherein the trusted section of code or the second section of code is embedded in an Adobe®
    - Portable Document Format (PDF) document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Petersen, Scott E.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US11/144,512
Time in Patent Office

2,147 Days
Field of Search

726/16
US Class Current

726/16
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 2221/2105 Dual mode as a secondary as...

Method and apparatus for secure execution of code

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

273 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure execution of code

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

273 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links