Defense-in-depth security for bytecode executables
First Claim
Patent Images
1. A method comprising:
- assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and a non-native executable file executable on the processor only through an interpretation process, wherein the interpretation process provides an environment in which to execute the non-native executable file;
executing the defense-in-depth process on the processor to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and
providing the non-native executable file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks, to execute a target process on the processor upon which the processor resources are being allocated.
1 Assignment
0 Petitions
Accused Products
Abstract
Defense-in Depth security defines a set of graduated security tasks, each of which performs a task that must complete before another task can complete. Only when these tasks complete successfully and in the order prescribed by Defense-in-Depth security criteria is a final process allowed to execute. Through such Defense-in-Depth security measures, vulnerable software, such as bytecode, can be verified as unaltered and executed in a secure environment that prohibits unsecured access to the underlying code.
37 Citations
21 Claims
-
1. A method comprising:
-
assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and a non-native executable file executable on the processor only through an interpretation process, wherein the interpretation process provides an environment in which to execute the non-native executable file; executing the defense-in-depth process on the processor to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and providing the non-native executable file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks, to execute a target process on the processor upon which the processor resources are being allocated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a source memory to store a plurality of files; a destination memory to store the files as assembled and delivered in a data package; and a processor communicatively coupled to the destination memory and configured to; accept the data package and store a set of the files therefrom in the destination memory; execute a set of processor instructions of a defense-in-depth process to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and provide a bytecode file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks by the defense-in-depth process, to execute a target process on the processor upon which the processor resources are being allocated. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processor, are operable to cause the processor to:
-
accept a data package and store a set of files therefrom in a destination memory; execute a defense-in-depth process to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and provide a bytecode file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks by the defense-in-depth process, to execute a target process on the processor upon which the processor resources are being allocated. - View Dependent Claims (19, 20, 21)
-
Specification