Methods and apparatuses for secure compilation

US 9,117,071 B2
Filed: 06/03/2009
Issued: 08/25/2015
Est. Priority Date: 06/03/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request;

determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler;

determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied;

identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and

storing security attributes with the second executable code in the cache according to the identified one or more compilers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus that provide secure executable codes generated during run time via a trusted compiler server are described. An application can send a service request to the compiler server to request executable codes. The compiler server can determine whether the service request is permitted to be served based on a security policy imposed and the security settings associated with the service request. Availability of certain compilers can be allowed if the application is authorized according to the service request.

Citations

8 Claims

1. A computer implemented method, comprising:
- in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request;
  
  determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler;
  
  determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied;
  
  identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and
  
  storing security attributes with the second executable code in the cache according to the identified one or more compilers.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the compilation request includes a representation of the source code;
      
      the first executable code stored in the cache is associated with the representation of the source code; and
      
      the identification of the first executable code from the cache comprises;
      
      matching the representation of the source code from the compilation request with the representation of the source code associated with the first executable code in the cache.
  - 3. The method of claim 1, wherein the application is running in a separate process associated with a security specification, wherein the first executable code is associated with meta data stored in the cache, and wherein the determination is based on a match between the security specification and the meta data.
  - 4. The method of claim 3, wherein the security specification identifies a user of the application, wherein the meta data identifies an original user of the executable code and wherein the match is successful if the user is the original user.
  - 5. The method of claim 1, wherein determining whether the existing executable code is authorized to be returned to the application comprises determining whether meta data associated with the existing executable code indicates the existing executable code was originally built by a secure compiler.
  - 6. The method of claim 1, wherein the compilation request includes authorization settings that authorize compilation requests from the application to be sent to the one or more compilers, and wherein the identification of the one or more compilers is based on the authorization settings.

7. A machine-readable storage medium having instructions, when executed by a machine, cause the machine to perform a method, the method comprising:
- in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request;
  
  determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler;
  
  determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied;
  
  identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and
  
  storing security attributes with the second executable code in the cache according to the identified one or more compilers.

8. An apparatus, comprising:
- a memory storing executable instructions including an application and a compiler server;
  
  a cache storing a first executable code associated with meta data corresponding to a source code of the application, the first executable compiled from the source code; and
  
  a processor coupled to memory and the cache, the processor being configured to execute the executable instructions from the memory to;
  
  identify the first executable code from a cache in response to receiving a compilation request from an application to compile the source code during run time, the compilation request specifying the source code and a preference to compile the source code,determine the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler,determine, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied,identify, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request, andstore security attributes with the second executable code in the cache according to the identified one or more compilers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Beretta, Robert, Burns, Nicholas William, Begeman, Nathaniel, Miller, Phillip Kent, Stahl, Geoffrey Grant
Primary Examiner(s)
Coppola, Jacob C.

Application Number

US12/477,866
Publication Number

US 20100313189A1
Time in Patent Office

2,274 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

G06F 2221/033   Test or assess software

G06F 9/45516   Runtime code conversion or ...

Methods and apparatuses for secure compilation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatuses for secure compilation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links