Abstract: Example secure runtime systems and methods are described. In one implementation, a secure runtime system is configured to execute multiple applications in a secure manner. The secure runtime is associated with a secure enclave defined by a hardware device. A secure application loader is configured to load an application into the secure runtime system and an OS bridge is configured to provide OS services to the application.

Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to define a parent application executing on a secure runtime hardware resource. A state snapshot of the secure runtime hardware resource is maintained. A fork request for a child application to be derived from the parent application is received. An updated state snapshot of the state snapshot is formed. The child application is instantiated. Encrypted state is transferred from the parent application to the child application. The encrypted state is used to derive an encryption key shared by the parent application and the child application. The encrypted state in the child application is decrypted using the encryption key to spawn an independent child application operative as an additional secure runtime instance. The parent application on the secure runtime hardware resource and the child application operative as the additional secure runtime instance are executed independently.