Abstract: Example secure runtime systems and methods are described. In one implementation, a secure runtime system is configured to execute multiple applications in a secure manner. The secure runtime is associated with a secure enclave defined by a hardware device. A secure application loader is configured to load an application into the secure runtime system and an OS bridge is configured to provide OS services to the application.
Type:
Grant
Filed:
July 18, 2019
Date of Patent:
August 1, 2023
Assignee:
Anjuna Security, Inc.
Inventors:
Yan Michalevsky, Boris Mittleberg, Jun Chen, Daljeet Singh Chhabra
Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to define a parent application executing on a secure runtime hardware resource. A state snapshot of the secure runtime hardware resource is maintained. A fork request for a child application to be derived from the parent application is received. An updated state snapshot of the state snapshot is formed. The child application is instantiated. Encrypted state is transferred from the parent application to the child application. The encrypted state is used to derive an encryption key shared by the parent application and the child application. The encrypted state in the child application is decrypted using the encryption key to spawn an independent child application operative as an additional secure runtime instance. The parent application on the secure runtime hardware resource and the child application operative as the additional secure runtime instance are executed independently.
Type:
Grant
Filed:
March 2, 2021
Date of Patent:
June 7, 2022
Assignee:
Anjuna Security, Inc.
Inventors:
Yan Michalevsky, Boris Mittelberg, Thomas Aprelev