Methods and apparatuses for secure compilation
First Claim
Patent Images
1. A computer implemented method, comprising:
- in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request;
determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler;
determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied;
identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and
storing security attributes with the second executable code in the cache according to the identified one or more compilers.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and an apparatus that provide secure executable codes generated during run time via a trusted compiler server are described. An application can send a service request to the compiler server to request executable codes. The compiler server can determine whether the service request is permitted to be served based on a security policy imposed and the security settings associated with the service request. Availability of certain compilers can be allowed if the application is authorized according to the service request.
-
Citations
8 Claims
-
1. A computer implemented method, comprising:
-
in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request; determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler; determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied; identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and storing security attributes with the second executable code in the cache according to the identified one or more compilers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A machine-readable storage medium having instructions, when executed by a machine, cause the machine to perform a method, the method comprising:
-
in response to receiving a compilation request from an application to compile a source code during run time, the compilation request specifying the source code and a preference to compile the source code, identifying a first executable code from a cache based on the compilation request, the first executable code compiled from the source code specified in the compilation request; determining the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler; determining, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied; identifying, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request; and storing security attributes with the second executable code in the cache according to the identified one or more compilers.
-
-
8. An apparatus, comprising:
-
a memory storing executable instructions including an application and a compiler server; a cache storing a first executable code associated with meta data corresponding to a source code of the application, the first executable compiled from the source code; and a processor coupled to memory and the cache, the processor being configured to execute the executable instructions from the memory to; identify the first executable code from a cache in response to receiving a compilation request from an application to compile the source code during run time, the compilation request specifying the source code and a preference to compile the source code, determine the first executable code was compiled by an insecure compiler, wherein the first executable code is authorized to be returned to the application in response to the compilation request if the first executable code was compiled by a secure compiler, determine, in response to the determining the first executable code was compiled by the insecure compiler, the first executable code is not authorized to be shared according to security constraints, wherein the first executable code is authorized to be shared if the security constraints are satisfied, identify, in response to the determining the first executable code is not authorized to be shared, one or more compilers to build a second executable code for the source code according to the preference of the compilation request, and store security attributes with the second executable code in the cache according to the identified one or more compilers.
-
Specification