Trusted binary translation
First Claim
Patent Images
1. A computing apparatus comprising:
- a processor;
a memory; and
a trusted execution environment (TEE), comprising a memory enclave and processor instructions for accessing the memory enclave; and
one or more logic elements, including at least one hardware logic element, comprising a binary translation engine for operating within the TEE, and including a trusted compiler, runtime, or interpreter operable for;
receiving a trusted first signed object in a first format, the first signed object signed by a certificate;
translating the first signed object into a trusted second object in a second format;
consulting a certificate expiration or revocation list to determine that the certificate is not expired; and
after determining that the certificate is not expired, signing the second object.
13 Assignments
0 Petitions
Accused Products
Abstract
In an example, a computing device may include a trusted execution environment (TEE) for executing signed and verified code. The device may receive a trusted binary object in a first form, but the object may need to be converted to a second format, either on-the-fly, or in advance. This may include, for example, a bytecode interpreter, script interpreter, runtime engine, compiler, just-in-time compiler, or other species of binary translator. The binary translator may be run from the TEE, and the output may then be signed by the TEE and treated as a new trusted binary.
-
Citations
20 Claims
-
1. A computing apparatus comprising:
-
a processor; a memory; and a trusted execution environment (TEE), comprising a memory enclave and processor instructions for accessing the memory enclave; and one or more logic elements, including at least one hardware logic element, comprising a binary translation engine for operating within the TEE, and including a trusted compiler, runtime, or interpreter operable for; receiving a trusted first signed object in a first format, the first signed object signed by a certificate; translating the first signed object into a trusted second object in a second format; consulting a certificate expiration or revocation list to determine that the certificate is not expired; and after determining that the certificate is not expired, signing the second object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more tangible, non-transitory computer-readable mediums having stored thereon instructions that, when executed, are operable to provide a binary translation engine including a trusted compiler, runtime, or interpreter operable for:
-
establishing a trusted execution environment (TEE) within a memory enclave; receiving into the enclave a first signed object in a first format, the first signed object signed by a certificate; translating the first signed object into a trusted second object in a second format within the enclave; consulting a certificate expiration or revocation list to determine that the certificate is not expired; and after determining that the certificate is not expired, signing the second object within the enclave. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of providing a binary translation engine including a trusted compiler, runtime, or interpreter, comprising:
-
establishing a memory enclave within a computer memory; receiving into the memory enclave a trusted first signed object in a first format, the first signed object signed by a certificate; translating, within the enclave, the first signed object into a trusted second object in a second format; consulting a certificate expiration or revocation list to determine that the certificate is not expired; and after determining that the certificate is not expired, signing, within the enclave, the second object. - View Dependent Claims (20)
-
Specification