Computing system using single operating system to provide normal security services and high security services, and methods thereof

US 9,207,968 B2
Filed: 11/03/2009
Issued: 12/08/2015
Est. Priority Date: 11/03/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computing system provides normal security services and high security services with a single operating system, comprising:

normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and

a processor, building an operating core switched between a normal state and secure state via a secure application programming interface, a driver layer and a monitor,wherein;

the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services;

the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services;

the secure application programming interface is called by a pseudo normal thread executed while the computing system is in the normal security environment;

the driver layer is invoked by the secure application programming interface to call a world switch instruction;

the monitor is activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to the high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment; and

the secure thread relates to one of the high security services,wherein the pseudo normal thread having a one-to-one relation with the secure thread is executed in the normal security environment to work as a temporary of the secure thread to gain resources through scheduling, the pseudo normal thread is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing normal security services and high security services with a single operating system in a computing system is disclosed. A secure thread is only accessible while the computing system is in a high security environment, and relates to one of the high security services. A pseudo normal thread is to be executed while the computing system in a normal security environment, and it works as a temporary of the secure thread, and is forwarded to a thread ordering service to gain access to resources of the computing system. When the pseudo normal thread gains access to the computing system resources, the computing system is changed to the high security environment to execute the secure thread.

7 Citations

20 Claims

1. A computing system provides normal security services and high security services with a single operating system, comprising:
- normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and
  
  a processor, building an operating core switched between a normal state and secure state via a secure application programming interface, a driver layer and a monitor,wherein;
  
  the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services;
  
  the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services;
  
  the secure application programming interface is called by a pseudo normal thread executed while the computing system is in the normal security environment;
  
  the driver layer is invoked by the secure application programming interface to call a world switch instruction;
  
  the monitor is activated by the world switch instruction from the driver layer to save context of the pseudo normal thread, change the computing system to the high security environment, obtain a secure thread corresponding to the pseudo normal thread, create or restore context of the secure thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment; and
  
  the secure thread relates to one of the high security services,wherein the pseudo normal thread having a one-to-one relation with the secure thread is executed in the normal security environment to work as a temporary of the secure thread to gain resources through scheduling, the pseudo normal thread is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computing system as claimed in claim 1, wherein:
    - the monitor is further activated by a world switch instruction from the high security environment to save the context of the secure thread, change the computing system to the normal security environment, obtain the pseudo normal thread, restore the context of the pseudo normal thread, and return to the normal security environment.
  - 3. The computing system as claimed in claim 1, wherein, when an interrupt occurred while the computing system is in the high security environment, the monitor is activated to save the context of the secure thread, obtain the pseudo normal thread, restore the context of the pseudo normal thread, change the computing system to the normal security environment and inform the computing system of the interrupt, and call a normal interrupt service routine (normal ISR), working in the normal security environment, to handle the interrupt.
  - 4. The computing system as claimed in claim 3, wherein the monitor activated by the interrupt further modifies a thread mapping table storing a relation between the pseudo normal thread and secure thread to annotate that the secure thread has been interrupted.
  - 5. The computing system as claimed in claim 3, wherein the monitor activated by the interrupt further rolls back a program counter (PC) of the pseudo normal thread to an instruction before the called world switch instruction.
  - 6. The computing system as claimed in claim 5, wherein the operating core in the normal state further forwards the pseudo normal thread to a thread ordering service after the normal ISR and, when the pseudo normal thread gains access to resources of the computing system in the thread ordering service, the pseudo normal thread is resumed to repeat the world switch instruction to resume the secure thread.
  - 7. The computing system as claimed in claim 1, further comprising a secure interrupt service routine (secure ISR) working in the high security environment, wherein, when an interrupt occurs while the computing system is in the high security environment, the secure ISR is activated to save the context of the secure thread, obtain the pseudo normal thread, restore the context of the pseudo normal thread, change the computing system to the normal security environment and inform the computing system of the interrupt, and call a normal interrupt service routine (normal ISR), working in the normal security environment, to handle the interrupt.
  - 8. The computing system as claimed in claim 7, wherein the activated secure ISR further modifies a thread mapping table storing relation between the pseudo normal thread and secure thread to annotate that the secure thread has been interrupted.
  - 9. The computing system as claimed in claim 7, wherein the activated secure ISR further rolls back a program counter (PC) of the pseudo normal thread to an instruction before the called world switch instruction.
  - 10. The computing system as claimed in claim 9, wherein the operating core in the normal state further forwards the pseudo normal thread to a thread ordering service after the normal ISR and, when the pseudo normal thread gains access to resources of the computing system in the thread ordering service, the pseudo normal thread is resumed to repeat the world switch instruction to resume the secure thread.
  - 11. The computing system as claimed in claim 1, wherein the secure thread corresponding to the pseudo normal thread is obtained by checking a thread mapping table, and the thread mapping table stores relations between pseudo normal threads and secure thread.

12. A method of using a single operating system (OS) in a computing system to provide normal security services and high security services, comprising:
- providing a secure thread only accessible while the computing system is in a high security environment, wherein the secure thread relates to one of the high security services;
  
  providing a pseudo normal thread having a one-to-one relation with the secure thread to be executed while the computing system is in a normal security environment to work as a temporary of the secure thread to gain resources through scheduling, as a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources;
  
  forwarding the pseudo normal thread to a thread ordering service of the OS; and
  
  when the pseudo normal thread gains access to resources of the computing system in the thread ordering service, changing the computing system to the high security environment to execute the secure thread.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method as claimed in claim 12, further comprising:
    - providing a secure application programming interface (secure API) for the high security services, wherein the secure API is called by the pseudo normal thread;
      
      providing a driver layer, invoked by the secure API to call a world switch instruction to activate the step of changing the computer system from the normal security environment to the high security environment, andwherein, the step of changing the computer system from the normal security environment to the high security environment comprises;
      
      saving context of the pseudo normal thread;
      
      changing the computing system to the high security environment;
      
      checking a thread mapping table storing a relation between the pseudo normal thread and the secure thread to obtain the secure thread;
      
      creating or restoring context of the secure thread; and
      
      dispatching the secure thread to be executed by the computing system.
  - 14. The method as claimed in claim 13, further comprising:
    - executing a world switch instruction at the end of the secure thread to change the computing system from the high security environment to the normal security environment,wherein, the step of changing the computer system from the high security environment to the normal security environment comprises;
      
      saving the context of the secure thread;
      
      changing the computing system to the normal security environment;
      
      obtaining the pseudo normal thread; and
      
      restoring the context of the pseudo normal thread.
  - 15. The method as claimed in claim 13, further comprising the following steps when an interrupt occurs while the computing system is in the high security environment:
    - saving the context of the secure thread;
      
      obtaining the pseudo normal thread;
      
      restoring the context of the pseudo normal thread;
      
      changing the computing system to the normal security environment and inform the computing system of the interrupt; and
      
      calling a normal interrupt service routine (normal ISR) working in the normal security environment to handle the interrupt.
  - 16. The method as claimed in claim 15, further modifying the thread mapping table to annotate that the secure thread has been interrupted.
  - 17. The method as claimed in claim 15, further rolling back a program counter (PC) of the pseudo normal thread to an instruction before the called world switch instruction when an interrupt occurs while the computing system is in the high security environment.
  - 18. The method as claimed in claim 17, further comprising:
    - forwarding the pseudo normal thread to the thread ordering service again after the normal ISR; and
      
      resuming the pseudo normal thread to repeat the world switch instruction to resume the secure thread when the pseudo normal thread gains access to resources of the computing system again in the thread ordering service.

19. A computing system provides normal security services and high security services with a single operating system, comprising:
- normal devices and secure devices, wherein part of the secure devices are dedicated for the high security services; and
  
  a processor, building an operating core switched between a normal state and secure state via a thread ordering service and a monitor,wherein;
  
  the operating core built by the processor accesses the normal devices when being in the normal state, to form a normal security environment by the computing system for the normal security services;
  
  the operating core built by the processor accesses the secure devices when being in the secure state, to form a high security environment by the computing system for the high security services;
  
  the thread ordering service schedules resources to queued normal threads and a pseudo normal thread, wherein the pseudo normal thread is executed while the computing system is in the normal security environment and the pseudo normal thread is a temporary of a secure thread only accessible while the computing system is in the high security environment;
  
  the monitor is activated by a world switch instruction when the pseudo normal thread gains access to the resources, to save context of the pseudo normal thread, change the computing system to the high security environment, obtain the secure thread corresponding to the pseudo normal thread, and dispatch the secure thread to be executed by the computing system that has been changed to the high security environment,wherein the pseudo normal thread has a one-to-one relation with the secure thread and is a substitute of the corresponding secure thread to queue with other normal threads for accessing the resources.
- View Dependent Claims (20)
- - 20. The computing system as claimed in claim 19, wherein:
    - the monitor is further activated by a world switch instruction from the high security environment to save context of the secure thread, change the computing system to the normal security environment, obtain the pseudo normal thread, restore the context of the pseudo normal thread, and return to the normal security environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MediaTek, Inc.
Original Assignee
MediaTek, Inc.
Inventors
Yen, Hsien-Chun, Huang, Jing-Kuang
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
COSBY, LAWRENCE V

Application Number

US12/611,223
Publication Number

US 20110107426A1
Time in Patent Office

2,226 Days
Field of Search

726/23
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2105   Dual mode as a secondary as...

G06F 9/468   Specific access rights for ...

G06F 9/4812   by interrupt, e.g. masked

G06F 9/4843   by program, e.g. task dispa...

Computing system using single operating system to provide normal security services and high security services, and methods thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computing system using single operating system to provide normal security services and high security services, and methods thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links