Computing system using single operating system to provide normal security services and high security services, and methods thereof
First Claim
1. A computing system provides normal security services and high security services with a single operating system, comprising:
- normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and
a processor, building an operating core switched between a normal state and secure state via a secure application programming interface, a driver layer and a monitor,wherein;
the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services;
the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services;
the secure application programming interface is called by a pseudo normal thread executed while the computing system is in the normal security environment;
the driver layer is invoked by the secure application programming interface to call a world switch instruction;
the monitor is activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to the high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment; and
the secure thread relates to one of the high security services,wherein the pseudo normal thread having a one-to-one relation with the secure thread is executed in the normal security environment to work as a temporary of the secure thread to gain resources through scheduling, the pseudo normal thread is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread.
7 Citations
20 Claims
-
1. A computing system provides normal security services and high security services with a single operating system, comprising:
-
normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and a processor, building an operating core switched between a normal state and secure state via a secure application programming interface, a driver layer and a monitor, wherein; the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services; the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services; the secure application programming interface is called by a pseudo normal thread executed while the computing system is in the normal security environment; the driver layer is invoked by the secure application programming interface to call a world switch instruction; the monitor is activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to the high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment; and the secure thread relates to one of the high security services, wherein the pseudo normal thread having a one-to-one relation with the secure thread is executed in the normal security environment to work as a temporary of the secure thread to gain resources through scheduling, the pseudo normal thread is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of using a single operating system (OS) in a computing system to provide normal security services and high security services, comprising:
-
providing a secure thread only accessible while the computing system is in a high security environment, wherein the secure thread relates to one of the high security services; providing a pseudo normal thread having a one-to-one relation with the secure thread to be executed while the computing system is in a normal security environment to work as a temporary of the secure thread to gain resources through scheduling, as a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources; forwarding the pseudo normal thread to a thread ordering service of the OS; and when the pseudo normal thread gains access to resources of the computing system in the thread ordering service, changing the computing system to the high security environment to execute the secure thread. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computing system provides normal security services and high security services with a single operating system, comprising:
-
normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and a processor, building an operating core switched between a normal state and secure state via a thread ordering service and a monitor, wherein; the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services; the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services; the thread ordering service schedules resources to queued normal threads and a pseudo normal thread, wherein the pseudo normal thread is executed while the computing system is in the normal security environment and the pseudo normal thread is a temporary of a secure thread only accessible while the computing system is in the high security environment; the monitor is activated by a world switch instruction when the pseudo normal thread gains access to the resources, to save context of the pseudo normal thread, change the computing system to the high security environment, obtain the secure thread corresponding to the pseudo normal thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment, wherein the pseudo normal thread has a one-to-one relation with the secure thread and is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources. - View Dependent Claims (20)
-
Specification