CN112148296B - Compiling and running method and device and compiling and running device - Google Patents

Compiling and running method and device and compiling and running device Download PDF

Info

Publication number
CN112148296B
CN112148296B CN202010834099.0A CN202010834099A CN112148296B CN 112148296 B CN112148296 B CN 112148296B CN 202010834099 A CN202010834099 A CN 202010834099A CN 112148296 B CN112148296 B CN 112148296B
Authority
CN
China
Prior art keywords
file
trusted computing
environment
computing environment
compiling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010834099.0A
Other languages
Chinese (zh)
Other versions
CN112148296A (en
Inventor
张登辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202010834099.0A priority Critical patent/CN112148296B/en
Publication of CN112148296A publication Critical patent/CN112148296A/en
Application granted granted Critical
Publication of CN112148296B publication Critical patent/CN112148296B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation

Abstract

The embodiment of the invention provides a compiling and running method and device and a compiling and running device. The method comprises the following steps: compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment; and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment. The embodiment of the invention can ensure that the SGX application program can run in an SGX environment or a non-SGX environment through one-time development and compilation, thereby improving the performability of the SGX application program and reducing the program development cost.

Description

Compiling and running method and device and compiling and running device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a compiling and running method and apparatus, and a compiling and running apparatus.
Background
SGX (instruction set Extensions) is an extension of the Intel instruction set architecture, and can guarantee confidentiality and integrity of key code and data by providing an Enclave (secure area), i.e., an encrypted trusted execution area in a memory, on a computing platform.
However, the SGX application can only run on a machine having an SGX software and hardware environment, and cannot run on a machine in a normal environment. However, currently, most machines are not configured with SGX software and hardware environments, so that the operating environment of the SGX application has a large limitation and is low in performability.
Disclosure of Invention
The embodiment of the invention provides a compiling and running method and device and a compiling and running device, which can enable an SGX application program to run in an SGX environment or a non-SGX environment through one-time development and compiling, improve the performability of the SGX application program and reduce the program development cost.
In order to solve the above problem, an embodiment of the present invention discloses a compiling and running method, where the method includes:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
On the other hand, the embodiment of the invention discloses a compiling and running device, which comprises:
the compiling module is used for compiling the trusted computing source code to obtain a compiled executable program, and the executable program comprises a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment;
and the execution module is used for operating the executable program, identifying the current operating environment in the operating process, loading the first dynamic link file if the current operating environment is a trusted computing environment, and loading the second dynamic link file if the current operating environment is an untrusted computing environment.
In yet another aspect, an embodiment of the present invention discloses an apparatus for compiling operations, including a memory, and one or more programs, where the one or more programs are stored in the memory, and configured to be executed by one or more processors, the one or more programs including instructions for:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
In yet another aspect, an embodiment of the present invention discloses a machine-readable medium having stored thereon instructions, which, when executed by one or more processors, cause an apparatus to perform a compile operation method as described in one or more of the preceding.
The embodiment of the invention has the following advantages:
the embodiment of the invention compiles the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment. Therefore, in the process of running the executable program, the current running environment can be identified, and the correct dynamic link file can be selected according to the current running environment. Specifically, if the current operating environment is a trusted computing environment, the first dynamic link file is loaded, and if the current operating environment is an untrusted computing environment, the second dynamic link file is loaded. According to the embodiment of the invention, the application program source code developed by the trusted computing can be operated in any machine of the trusted computing environment or the untrusted computing environment only by once development and compiling, so that the application program developed based on the trusted computing is not limited by the operating environment any more, and has higher performability. In addition, by the embodiment of the invention, a set of application programs supporting the non-trusted computing environment does not need to be re-developed, so that the development cost can be reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of the steps of one embodiment of a method of compiling a run of the invention;
FIG. 2 is a schematic diagram of the present invention for unlinking an executable program from a secondary dependent file of an SGX environment;
FIG. 3 is a complete flow diagram of the present invention for compiling trusted computing source code;
FIG. 4 is a block diagram of an embodiment of a compiler apparatus according to the present invention;
FIG. 5 is a block diagram of an apparatus 800 for a compile operation of the present invention;
fig. 6 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Method embodiment
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a compiling and running method according to the present invention is shown, where the method may specifically include the following steps:
step 101, compiling a trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
and 102, operating the executable program, identifying a current operating environment in the operating process, loading the first dynamic link file if the current operating environment is a trusted computing environment, and loading the second dynamic link file if the current operating environment is an untrusted computing environment.
Wherein, the trusted computing source code refers to the source code of the application program developed for trusted computing. Trusted computing is computing widely used in computing and communication systems based on hardware security module support to improve the security of the whole system.
The embodiment of the invention compiles the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a so (shared object) file, and the so file is a dynamic link file under a linux system. In order to achieve the purpose that the trusted computing source code can be operated everywhere after being compiled once, in the embodiment of the invention, a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment are generated in the process of compiling the trusted computing source code. In this way, in the process of running the executable program, the current running environment can be identified, if the current running environment is a trusted computing environment, the first dynamic link file is loaded, and if the current running environment is an untrusted computing environment, the second dynamic link file is loaded.
Therefore, by the embodiment of the invention, the application program source code developed by the trusted computing can be operated in any machine of the trusted computing environment or the untrusted computing environment only by once development and compiling, so that the application program developed by the trusted computing is not limited by the operating environment any more, and has higher performability. In addition, by the embodiment of the invention, a set of application programs supporting the non-trusted computing environment does not need to be re-developed, so that the development cost can be reduced.
It is understood that the machine includes, but is not limited to: the mobile phone comprises a server, a smart phone, a recording pen, a tablet computer, an electronic book reader, an MP3 (Moving Picture Experts Group Audio Layer III) player, an MP4 (Moving Picture Experts Group Audio Layer IV) player, a laptop, a vehicle-mounted computer, a desktop computer, a set-top box, a smart television, a wearable device, a computing node in a ciphertext computing system and the like.
In an optional embodiment of the invention, the trusted computing environment comprises an instruction set extension SGX environment.
For SGX application source code, in order to keep attack surface to a minimum, the code is usually divided into a trusted part and an untrusted part, wherein the trusted part can be used for completing data processing or calculation, and the untrusted part can be used for completing data reading and writing or network transmission.
For the SGX application source code, after an executable program is obtained through once compiling, in the process of running the executable program, if the current running environment is a trusted computing environment (such as an SGX environment), the executable program is loaded into a first dynamic link file, and the executable program is executed in a secure area (Enclave); if the current operating environment is an untrusted computing environment (e.g., a non-SGX environment), the executable program is loaded into a second dynamically linked file and the executable program is executed in normal memory.
It should be noted that the trusted computing environment is not limited by the embodiments of the present invention. For example, the trusted computing environment may also be an ARM TrustZone. The principle of ARM TrustZone is to artificially divide the system operating Environment into a TEE (Trusted Execution Environment) and a REE (Rich Execution Environment, generally referred to as a common Execution Environment), and all the secure resources can only be accessed by the TEE. It will be appreciated that trusted computing source code developed for different trusted computing may correspond to different trusted computing environments. For convenience of description, in the embodiments of the present invention, a trusted computing source code is used as an SGX application source code developed based on SGX trusted computing, a trusted computing environment is used as an SGX environment for example, and application scenarios of other trusted computing environments may be referred to each other.
The embodiment of the present invention does not limit the specific type of the trusted computing source code, and in an optional embodiment of the present invention, the trusted computing source code may be a ciphertext computing system source code. Of course, the embodiment of the present invention does not limit the specific application type of the trusted computing source code, for example, the trusted computing source code may also be a source code of another application developed based on trusted computing, such as a source code of a DRM (Digital Rights Management) application.
The ciphertext computing system can perform computing operations such as addition, subtraction, multiplication, division, averaging and the like on ciphertext data based on a ciphertext computing protocol, perform comparison operations on the ciphertext data, perform model training and prediction such as machine learning and artificial intelligence by using the ciphertext data, perform database query operations on the ciphertext data, and the like.
It should be noted that the specific type of the ciphertext computing system is not limited by the embodiment of the present invention. Different ciphertext computing systems may have different ciphertext computing protocols, which may include any of the following: the cryptograph calculation protocol based on SS (Secret Sharing), GC (Garble Circuit), and HE (Homomorphic Encryption).
In an optional embodiment of the present invention, before the compiling the trusted computing source code in step 101, the method may further include: configuring a compiling script for a compiling environment of the trusted computing source code; the compiling the trusted computing source code in step 101 includes: compiling the trusted computing source code through the compiling script to respectively generate a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment.
After developing the trusted computing source code based on trusted computing, the trusted computing source code may be compiled using a compilation tool to obtain an executable program. For example, for SGX application source code, it may be compiled using a Bazel compilation tool to obtain an executable program.
Generally, the engineering of the SGX application source code to be compiled can be built in Bazel and requires duplicate copies of the Makefile as well as various SGX configuration files. Wherein, the Makefile describes the rules of compiling, linking and the like of the whole project. In addition, the executable program obtained by compiling the SGX application source code through Makefile cannot operate correctly in a non-SGX environment.
In order to realize that an executable program obtained by a compiling tool through once compiling a trusted computing source code can run everywhere, the compiling script is configured for the compiling environment of the trusted computing source code before the trusted computing source code is compiled. Specifically, taking the Bazel compiling tool as an example, the embodiment of the present invention may define a new compiling script enclave _ library in the sgx/Bazel/sgx. Through the compiling script, the SGX application source code does not need to be compiled by using Makefile, so that the SGX application source code can be better integrated with the existing architecture of the Bazel environment, and the SGX application source code can be compiled by the compiling script to generate a first dynamic link file in the SGX environment and a second dynamic link file in the non-SGX environment.
It should be noted that the compiling tool is Bazel, and the path sgx/Bazel/sgx.bzl configuring the compiling script is an implementation manner of the present invention. In a specific application, the embodiment of the present invention does not limit the compiling tool and the path of the compiling script. For example, a corresponding compiling script can be configured under a preset path in a Make or Cmake environment of a compiling tool, so that the function of running at one-time compiling place of the SGX application program source code is realized.
In an example of the present invention, the following parameters may be defined in the compiled script enclave _ library: name, edl, trusted _ hdr, trusted _ src, untrusted _ src, hdrs, untrusted _ deps.
The name is the name of a lib library, and the lib library is a library file obtained by compiling SGX application program source codes by a compiling script enclave _ library; EDL is EDL (secure definition Language) interface description file; the trusted _ hdr is a C function interface statement corresponding to the interface description file, and can provide support for a compiling process under a non-trusted computing environment in the trusted _ src; the trusted _ src is an implementation file of each trusted interface, and the compiled script enclave _ library can compile codes in the trusted _ src into two sets of dynamic link files in an SGX environment and a non-SGX environment; untrusted _ src is a packaging file of two sets of dynamic link files in an SGX environment and a non-SGX environment; hdrs is an interface file exposed by untrusted _ src, can be a function declaration, and can also be a class definition; untrusted _ deps is a third party library of untrusted code calls.
Further, in order to improve development efficiency, in the embodiment of the present invention, a commonly used SGX header file is embedded in the compile script enclave _ library, and the commonly used SGX header file does not need to be defined again here.
In an optional embodiment of the present invention, the compiling the trusted computing source code may specifically include: in the process of compiling the trusted computing source code, link relation between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment is released in a dynamic loading mode, the dependent file comprises a primary dependent file or a secondary dependent file, the primary dependent file comprises a shared library file on which the executable program directly depends, and the secondary dependent file comprises a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
When compiling the trusted computing source code, the compiling tool firstly judges whether the function related in the executable program file can be found in the source code of the executable program file and the source code of the shared library file which depends on the executable program file. The functions related to the executable program file comprise functions called by the executable program file and functions called by the shared library file depended by the executable program file. Therefore, if a certain executable program file needs to call a function in a certain shared library file, the shared library file needs to be specified as a dependent file of the executable program file in the Makefile of the executable program file, otherwise, when the compiler compiles the executable program file, the compiler may fail to compile due to the fact that the function in the shared library cannot be found.
In order to avoid the situation that the SGX application program runs abnormally due to the fact that the dependent file of the SGX environment cannot be found in a non-SGX environment, in the process of compiling the SGX application program source code, the embodiment of the invention adopts a dynamic link mode to remove the link relation between the executable program and the dependent file of the SGX environment, identifies the current running environment in the program running process, dynamically loads the dependent file of the SGX environment only when the current running environment is the SGX environment, and does not need to load the dependent file of the SGX environment in the non-SGX environment. Therefore, the executable program can normally run in a non-SGX environment, and the situation that the executable program cannot run due to the fact that the dependent file is lost when the program is started is avoided.
For an executable program, if it needs to rely on another file (e.g., a database) at runtime, then the file is the dependent file for the application. The dependency files of the executable program may include a primary dependency file and a secondary dependency file. The first-level dependent file comprises a shared library file on which the executable program directly depends, and the second-level dependent file comprises a shared library file on which the first-level dependent file directly depends and a shared library file on which the first-level dependent file indirectly depends. The primary dependent file of the SGX-based executable program refers to a user so file, and the user so file directly or indirectly depends on the SGX library file. The secondary dependent file refers to an SGX library file.
The embodiment of the invention can remove the link relation between the executable program and the dependent file of the SGX environment in two ways. The first way is to unlink the executable program from the primary dependent files of the SGX environment. The second way is to unlink the executable program from the secondary dependent files of the SGX environment.
In both modes, the link relation between the executable program and the dependent file of the SGX environment is released in a dynamic loading mode. The first way loads the user so file at program run time by dlopen (dynamic load) and the second way loads the SGX library file at program run time by dlopen (dynamic load).
In the first mode, the primary dependent file refers to a user so file, and the user so file directly or indirectly depends on the SGX library file, so that the executable program cannot normally run due to the lack of a correct user so file in a non-SGX environment. By releasing the link relation between the executable program and the primary dependent file of the SGX environment, the correct user so file is loaded according to the running environment in a dynamic loading mode when the program runs, so that the executable program can be correctly executed in the non-SGX environment. However, the first method needs to copy the interface function exposed by each user so file through stub function (stub function), and the user so file varies from application to application, so the number of user so files is large, resulting in high development cost and low feasibility. The duplication refers to the fact that function forwarding related to hardware is achieved through a customized stub function, and therefore the situation that operation is wrong due to the fact that hardware conditions of an operation environment are not met (if the SGX hardware environment is not provided) is avoided.
In the second mode, various SGX functions only need to be subjected to stub duplication once, the dependent files of the SGX environment or the dependent files of the non-SGX environment are loaded in a dynamic loading mode according to the running environment during program running, so that fewer so files needing to be loaded dynamically are required, and the development cost can be greatly reduced. Thus, in particular implementations, the second approach may be preferred.
Referring to FIG. 2, a schematic diagram of the present invention for unlinking an executable program from a secondary dependent file of an SGX environment is shown. As shown in fig. 2, it is assumed that the primary dependency file of an executable program foo based on SGX (foo is the name of the program) includes: so, libtest _ enclave.so, and libboost.so, the second level dependency file includes: so, libsgx _ urts. so, libutil. so, and the like. In the compiling process, the link relation between the executable program foo and the secondary dependent file libsgx _ urs is released, and whether the libsgx _ urs is required to be loaded or not is selected according to the running environment in a dynamic loading mode when the executable program foo runs, so that the situation that the executable program foo cannot run due to the fact that the libsgx _ urs are not found when the executable program foo is started in a non-SGX environment can be avoided.
In an optional embodiment of the present invention, before the compiling the trusted computing source code in step 101, the method may further include:
step S11, abstracting the general methods in the trusted environment and the untrusted environment to obtain a general method library;
and step S12, writing the trusted computing source code by utilizing the general method library.
In the embodiment of the invention, in the process of developing the SGX application program, a developer can develop two sets of source codes aiming at an SGX environment and a non-SGX environment for a code part related to the SGX environment. In this way, during the compiling process, when the code part related to the SGX environment is compiled, the first dynamic link file in the SGX environment and the second dynamic link file in the non-SGX environment can be compiled.
However, the two source codes of the SGX environment and the non-SGX environment have the same logic of implementation although the syntax of the development language is different. If a developer separately develops two sets of source codes for an SGX environment and a non-SGX environment, the developer needs to perform a large amount of repeated coding work, so that not only is the development cost high, but also the development efficiency is influenced.
In order to reduce repeated coding work of developers, the embodiment of the invention abstracts the general methods in the trusted environment and the untrusted environment to obtain a general method library. The general method library can be regarded as an abstract middle layer, and the abstract middle layer comprises definitions of general methods in a trusted environment and an untrusted environment, and the general methods are encapsulation of methods for realizing the same logic in the trusted environment and the untrusted environment. For example, two sets of methods for realizing the same logic under the trusted environment and the untrusted environment can be packaged in the untrusted _ src file, and a unified external interface is provided through hdrs, so that a developer can write trusted computing source codes through the unified external interface instead of writing two sets of source codes for the SGX environment and the non-SGX environment. Therefore, repeated coding work of developers can be reduced, the cost can be reduced, and the development efficiency can be improved.
And then, compiling the trusted computing source code into two sets of dynamic link files under the SGX environment and the non-SGX environment by compiling the script enclave _ library.
In an optional embodiment of the invention, the generic method library comprises a first abstract method and a second abstract method, the first abstract method having a same implementation method in the trusted computing environment and the untrusted computing environment, and the second abstract method having a different implementation method in the trusted computing environment and the untrusted computing environment.
Further, the general method library may include a file read-write class and an encryption and decryption library.
In particular implementations, when an executable program is run, a process is typically initiated to accomplish a particular task. Different processes may call the same function to realize the same function, for example, most executable programs generally include file read-write operations, so that the file read-write operations in the trusted computing environment and the file read-write operations in the untrusted computing environment may be abstracted into a uniform file read-write class, and added to the universal method library. In addition, the cryptograph computing system usually needs to perform encryption and decryption operations, so the embodiment of the invention can abstract the encryption and decryption operations under the trusted computing environment and the encryption and decryption operations under the untrusted computing environment into a unified encryption and decryption library and add the unified encryption and decryption library into the universal method library.
In practical application, some operation implementation methods are the same in a trusted computing environment and an untrusted computing environment, for example, file read-write operations have the same implementation methods in the trusted computing environment and the untrusted computing environment; and some operations are implemented differently in the trusted computing environment than in the untrusted computing environment, for example, the encryption/decryption operations have different implementations in the trusted computing environment than in the untrusted computing environment. Therefore, the embodiment of the invention packages the same implementation method in the trusted computing environment and the untrusted computing environment into the first abstract method, and packages different implementation methods in the trusted computing environment and the untrusted computing environment into the second abstract method.
The first abstract method can be extended in common _ common. cpp (common code file), and the same code in the common _ common. cpp file can be directly compiled during compiling to obtain a first dynamic link file in an SGX environment and a second dynamic link file in a non-SGX environment. The second abstract method can be extended in untrusted _ enclave.cpp (untrusted modern code file), because the function name related to the SGX environment is different from the function name related to the non-SGX environment, two implementation codes under the SGX environment and the non-SGX environment need to be developed respectively during development, and the two implementation codes under the SGX environment and the non-SGX environment are compiled respectively during compiling, so that the first dynamic link file under the SGX environment and the second dynamic link file under the non-SGX environment are obtained.
It can be understood that the above-mentioned general method library including the file read-write class and the encryption/decryption library is only an example of the embodiment of the present invention, and the embodiment of the present invention does not limit the method included in the general method library. For example, the general method library may further include general implementation methods such as a serialization operation, an deserialization operation, a certificate application process, and a remote authentication process.
Referring to fig. 3, a complete flow diagram of compiling trusted computing source code, which is ciphertext computing system source code, is shown in the present invention. As shown in fig. 3, where the evidence _ t.h is a dynamically generated trusted code interface header file, the evidence _ evidence.h is a c-language interface file corresponding to the evidence _ t.h, the evidence _ unit.h is an interface function exposed to the outside by the trusted code, the evidence.h is an interface file exposed to the ciphertext computing system, the evidence _ untrusted. cpp is an implementation code and an encapsulation code of the untrusted interface, the evidence.cpp is a trusted implementation code file, the evidence _ util _ t.c is a dynamically generated universal trusted code interface file, the evidence _ common.cpp is a universal code file, the untrusted code is an untrusted code modern file, the evidence _ unit _ u.c is a dynamically generated universal untrusted code interface file, the evidence.a is a compiled trusted code library, and the sgx _ zecc _ library is a compiled in a dynamically generated trusted code library, and the dynamically generated trust code is compiled in a dynamically generated trusted code library built by the other trusted system (e.g. dynamically signed library).
To sum up, the embodiment of the present invention compiles the trusted computing source code to obtain a compiled executable program, where the executable program includes a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment. Therefore, in the process of running the executable program, the current running environment can be identified, and the correct dynamic link file can be selected according to the current running environment. Specifically, if the current operating environment is a trusted computing environment, the first dynamic link file is loaded, and if the current operating environment is an untrusted computing environment, the second dynamic link file is loaded. According to the embodiment of the invention, the application program source code developed by the trusted computing can be operated in any machine of the trusted computing environment or the untrusted computing environment only by once development and compiling, so that the application program developed based on the trusted computing is not limited by the operating environment any more, and has higher performability. In addition, by the embodiment of the invention, a set of application programs supporting the non-trusted computing environment does not need to be re-developed, so that the development cost can be reduced.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Device embodiment
Referring to fig. 4, a block diagram of a compiling and running device according to an embodiment of the present invention is shown, where the device may specifically include:
the compiling module 401 is configured to compile a trusted computing source code to obtain a compiled executable program, where the executable program includes a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
an executing module 402, configured to run the executable program, identify a current running environment in a running process, load the first dynamic link file if the current running environment is a trusted computing environment, and load the second dynamic link file if the current running environment is an untrusted computing environment.
Optionally, the apparatus further comprises:
the method abstraction module is used for abstracting the general methods in the trusted environment and the untrusted environment to obtain a general method library;
and the code construction module is used for compiling the trusted computing source code by utilizing the general method library.
Optionally, the common method library includes a first abstract method having a same implementation method in the trusted computing environment and the untrusted computing environment, and a second abstract method having a different implementation method in the trusted computing environment and the untrusted computing environment.
Optionally, the general method library includes a file read-write class and an encryption and decryption library.
Optionally, the compiling module is specifically configured to, in a process of compiling a trusted computing source code, release a link relationship between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment in a dynamic loading manner, where the dependent file includes a primary dependent file or a secondary dependent file, the primary dependent file includes a shared library file on which the executable program directly depends, and the secondary dependent file includes a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
Optionally, the apparatus further comprises:
the script configuration module is used for configuring a compiling script for the compiling environment of the trusted computing source code;
the compiling module is specifically configured to compile the trusted computing source code through the compiling script, and generate a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment respectively.
Optionally, the trusted computing environment comprises an instruction set extension SGX environment.
Optionally, the trusted computing source code is a ciphertext computing system source code.
According to the embodiment of the invention, the application program source code developed by the trusted computing can be operated in any machine of the trusted computing environment or the untrusted computing environment only by once development and compiling, so that the application program developed based on the trusted computing is not limited by the operating environment any more, and has higher performability. In addition, by the embodiment of the invention, a set of application programs supporting the non-trusted computing environment does not need to be re-developed, so that the development cost can be reduced.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
An embodiment of the present invention provides an apparatus for compiling operations, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs configured to be executed by one or more processors include instructions for: compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment; and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
FIG. 5 is a block diagram illustrating an apparatus 800 for a compile run according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 5, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. Processing element 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above, the one or more processors 820 including components for trusted computing. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 6 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. The application program 1942 includes a trusted part and an untrusted part, the trusted part can be used for completing data processing or calculation, and the untrusted part can be used for completing data reading and writing or network transmission. Memory 1932 and storage medium 1930 can be transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the compiling execution method shown in fig. 1.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a compilation execution method, the method comprising: compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment; and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
The embodiment of the invention discloses A1 and a compiling and running method, which comprises the following steps:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
A2, before the compiling the trusted computing source code according to the method of A1, the method further comprising:
abstracting the general method under the trusted environment and the non-trusted environment to obtain a general method library;
and writing the trusted computing source code by using the general method library.
A3, the method of A2, wherein the common method library includes a first abstract method and a second abstract method, the first abstract method having the same implementation method in the trusted computing environment and the untrusted computing environment, and the second abstract method having a different implementation method in the trusted computing environment and the untrusted computing environment.
A4, according to the method in A2, the general method library comprises a file read-write class and an encryption and decryption library.
A5, according to the method of A1, compiling trusted computing source code, including:
in the process of compiling the trusted computing source code, link relation between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment is released in a dynamic loading mode, the dependent file comprises a primary dependent file or a secondary dependent file, the primary dependent file comprises a shared library file on which the executable program directly depends, and the secondary dependent file comprises a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
A6, before the compiling the trusted computing source code according to the method of A1, the method further comprising:
configuring a compiling script for a compiling environment of the trusted computing source code;
the compiling the trusted computing source code comprises:
compiling the trusted computing source code through the compiling script to respectively generate a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment.
A7, the trusted computing environment comprising an instruction set extension (SGX) environment, according to the method of any one of A1 to A6.
A8, the trusted computing source code being ciphertext computing system source code according to the method of any one of A1 to A6.
The embodiment of the invention discloses B9, a compiling and running device, which comprises:
the compiling module is used for compiling the trusted computing source code to obtain a compiled executable program, and the executable program comprises a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment;
and the execution module is used for operating the executable program, identifying the current operating environment in the operating process, loading the first dynamic link file if the current operating environment is a trusted computing environment, and loading the second dynamic link file if the current operating environment is an untrusted computing environment.
B10, the apparatus of B9, the apparatus further comprising:
the method abstraction module is used for abstracting the general methods in the trusted environment and the untrusted environment to obtain a general method library;
and the code construction module is used for compiling the trusted computing source code by utilizing the general method library.
B11, the apparatus of B10, the common method library including a first abstract method having a same implementation method in the trusted computing environment and the untrusted computing environment, and a second abstract method having a different implementation method in the trusted computing environment and the untrusted computing environment.
B12, according to the device of B10, the general method library comprises a file read-write class and an encryption and decryption library.
B13, the apparatus according to B9, where the compiling module is specifically configured to, in a process of compiling a trusted computing source code, release a link relationship between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment in a dynamic loading manner, where the dependent file includes a primary dependent file or a secondary dependent file, the primary dependent file includes a shared library file on which the executable program directly depends, and the secondary dependent file includes a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
B14, the apparatus of B9, the apparatus further comprising:
the script configuration module is used for configuring a compiling script for the compiling environment of the trusted computing source code;
the compiling module is specifically configured to compile the trusted computing source code through the compiling script, and generate a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment respectively.
B15, the apparatus of any of B9-B14, the trusted computing environment comprising an instruction set extension SGX environment.
B16, according to the device of any one of B9 to B14, the trusted computing source code is ciphertext computing system source code.
The embodiment of the invention discloses C17, an apparatus for compiling operation, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs configured to be executed by the one or more processors comprise instructions for:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
and running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment.
C18, the device of C17, the device also configured to execute the one or more programs by one or more processors including instructions for:
abstracting the general method under the trusted environment and the non-trusted environment to obtain a general method library;
and writing the trusted computing source code by using the general method library.
C19, the apparatus of C18, the common method library including a first abstract method having a same implementation method in the trusted computing environment and the untrusted computing environment, and a second abstract method having a different implementation method in the trusted computing environment and the untrusted computing environment.
C20, according to the device of C18, the general method library comprises a file read-write class and an encryption and decryption library.
C21, the compiling trusted computing source code according to the apparatus of C17, comprising:
in the process of compiling the trusted computing source code, link relation between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment is released in a dynamic loading mode, the dependent file comprises a primary dependent file or a secondary dependent file, the primary dependent file comprises a shared library file on which the executable program directly depends, and the secondary dependent file comprises a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
C22, the device of C17, the device also configured to execute the one or more programs by one or more processors including instructions for:
configuring a compiling script for a compiling environment of the trusted computing source code;
the compiling the trusted computing source code comprises:
compiling the trusted computing source code through the compiling script to respectively generate a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment.
C23, the apparatus of any of C17 to C22, the trusted computing environment comprising an instruction set extension SGX environment.
C24, the apparatus according to any one of C17 to C22, wherein the trusted computing source code is ciphertext computing system source code.
The embodiment of the invention discloses D25, a machine readable medium having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform a compile operation method as described in any one of A1 to A8.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The compiling and running method, the compiling and running device and the device for compiling and running provided by the invention are introduced in detail, specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the above embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (19)

1. A compilation execution method, the method comprising:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment;
before the compiling the trusted computing source code, the method further comprises:
abstracting the general method under the trusted computing environment and the non-trusted computing environment to obtain a general method library; the general method library comprises a file read-write class and an encryption and decryption library, wherein file read-write operation in the file read-write class has the same implementation method under the trusted computing environment and the untrusted computing environment, and encryption and decryption operation in the encryption and decryption library has different implementation methods under the trusted computing environment and the untrusted computing environment;
and writing the trusted computing source code by using the general method library.
2. The method of claim 1, wherein the common method library includes a first abstract method having a same implementation in the trusted computing environment and the untrusted computing environment and a second abstract method having a different implementation in the trusted computing environment and the untrusted computing environment.
3. The method of claim 1, wherein compiling trusted computing source code comprises:
in the process of compiling the trusted computing source code, link relation between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment is released in a dynamic loading mode, the dependent file comprises a primary dependent file or a secondary dependent file, the primary dependent file comprises a shared library file on which the executable program directly depends, and the secondary dependent file comprises a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
4. The method of claim 1, wherein prior to compiling the trusted computing source code, the method further comprises:
configuring a compiling script for a compiling environment of the trusted computing source code;
the compiling the trusted computing source code comprises:
compiling the trusted computing source code through the compiling script to respectively generate a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment.
5. The method of any of claims 1 to 4, wherein the trusted computing environment comprises an instruction set extension (SGX) environment.
6. The method of any of claims 1 to 4, wherein the trusted computing source code is ciphertext computing system source code.
7. A compilation execution apparatus, comprising:
the compiling module is used for compiling the trusted computing source code to obtain a compiled executable program, and the executable program comprises a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment;
the execution module is used for running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment;
the device further comprises:
the method abstraction module is used for abstracting the general methods in the trusted computing environment and the untrusted computing environment to obtain a general method library; the general method library comprises a file read-write class and an encryption and decryption library, wherein file read-write operation in the file read-write class has the same implementation method under the trusted computing environment and the untrusted computing environment, and encryption and decryption operation in the encryption and decryption library has different implementation methods under the trusted computing environment and the untrusted computing environment;
and the code construction module is used for compiling the trusted computing source code by utilizing the general method library.
8. The apparatus of claim 7, wherein the common method library includes a first abstract method having a same implementation in the trusted computing environment and the untrusted computing environment and a second abstract method having a different implementation in the trusted computing environment and the untrusted computing environment.
9. The apparatus according to claim 7, wherein the compiling module is specifically configured to, in the process of compiling the trusted computing source code, release a link relationship between an executable program corresponding to the trusted computing source code and a dependent file of the trusted computing environment in a dynamic loading manner, where the dependent file includes a primary dependent file or a secondary dependent file, the primary dependent file includes a shared library file on which the executable program directly depends, the secondary dependent file includes a shared library file on which the primary dependent file directly depends, and a shared library file on which the primary dependent file indirectly depends.
10. The apparatus of claim 7, further comprising:
the script configuration module is used for configuring a compiling script for the compiling environment of the trusted computing source code;
the compiling module is specifically configured to compile the trusted computing source code through the compiling script, and generate a first dynamic link file in the trusted computing environment and a second dynamic link file in the untrusted computing environment respectively.
11. The apparatus of any of claims 7 to 10, wherein the trusted computing environment comprises an instruction set extension (SGX) environment.
12. The apparatus of any of claims 7 to 10, wherein the trusted computing source code is ciphertext computing system source code.
13. An apparatus for compiled execution, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured for execution by one or more processors to include instructions for:
compiling the trusted computing source code to obtain a compiled executable program, wherein the executable program comprises a first dynamic link file in a trusted computing environment and a second dynamic link file in an untrusted computing environment;
running the executable program, identifying a current running environment in the running process, loading the first dynamic link file if the current running environment is a trusted computing environment, and loading the second dynamic link file if the current running environment is an untrusted computing environment;
the device is also configured to execute, by one or more processors, the one or more programs including instructions for:
abstracting the general method under the trusted computing environment and the non-trusted computing environment to obtain a general method library; the general method library comprises a file read-write class and an encryption and decryption library, wherein file read-write operation in the file read-write class has the same implementation method under the trusted computing environment and the untrusted computing environment, and encryption and decryption operation in the encryption and decryption library has different implementation methods under the trusted computing environment and the untrusted computing environment;
and writing the trusted computing source code by using the general method library.
14. The apparatus of claim 13, wherein the common method library includes a first abstract method having a same implementation in the trusted computing environment and the untrusted computing environment and a second abstract method having a different implementation in the trusted computing environment and the untrusted computing environment.
15. The apparatus of claim 13, wherein compiling trusted computing source code comprises:
in the process of compiling the trusted computing source code, link relation between an executable program corresponding to the trusted computing source code and a dependent file of a trusted computing environment is released in a dynamic loading mode, the dependent file comprises a primary dependent file or a secondary dependent file, the primary dependent file comprises a shared library file on which the executable program directly depends, and the secondary dependent file comprises a shared library file on which the primary dependent file directly depends and a shared library file on which the primary dependent file indirectly depends.
16. The apparatus of claim 13, wherein the apparatus is also configured to execute the one or more programs by one or more processors includes instructions for:
configuring a compiling script for a compiling environment of the trusted computing source code;
the compiling the trusted computing source code comprises:
compiling the trusted computing source code through the compiling script to respectively generate a first dynamic link file under a trusted computing environment and a second dynamic link file under an untrusted computing environment.
17. The apparatus of any of claims 13 to 16, wherein the trusted computing environment comprises an instruction set extension (SGX) environment.
18. The apparatus of any of claims 13 to 16, wherein the trusted computing source code is ciphertext computing system source code.
19. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform a compile run method as recited in any of claims 1 to 6.
CN202010834099.0A 2020-08-18 2020-08-18 Compiling and running method and device and compiling and running device Active CN112148296B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010834099.0A CN112148296B (en) 2020-08-18 2020-08-18 Compiling and running method and device and compiling and running device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010834099.0A CN112148296B (en) 2020-08-18 2020-08-18 Compiling and running method and device and compiling and running device

Publications (2)

Publication Number Publication Date
CN112148296A CN112148296A (en) 2020-12-29
CN112148296B true CN112148296B (en) 2022-03-15

Family

ID=73888535

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010834099.0A Active CN112148296B (en) 2020-08-18 2020-08-18 Compiling and running method and device and compiling and running device

Country Status (1)

Country Link
CN (1) CN112148296B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103744684A (en) * 2014-01-24 2014-04-23 中国科学院自动化研究所 Heterogeneous hardware and software collaborative developing method and system
CN103853589A (en) * 2014-02-26 2014-06-11 上海爱数软件有限公司 Cross-platform system compiling and building method
CN110781492A (en) * 2018-07-31 2020-02-11 阿里巴巴集团控股有限公司 Data processing method, device, equipment and storage medium
CN111142935A (en) * 2019-12-31 2020-05-12 奇安信科技集团股份有限公司 Method, apparatus, computer system, and medium for cross-platform running of applications
CN111177712A (en) * 2019-12-31 2020-05-19 杭州趣链科技有限公司 WebAssembly model execution engine based on TEE

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103605930B (en) * 2013-11-27 2016-04-13 湖北民族学院 A kind of dualized file based on HOOK and filtration drive prevents divulging a secret method and system
US9798559B2 (en) * 2014-12-27 2017-10-24 Mcafee, Inc. Trusted binary translation
CN106227576A (en) * 2016-08-18 2016-12-14 北京智芯微电子科技有限公司 The function realizing method of a kind of Java card application and device
CN111258590B (en) * 2020-05-06 2020-08-18 华控清交信息科技(北京)有限公司 Code execution method and device for code execution

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103744684A (en) * 2014-01-24 2014-04-23 中国科学院自动化研究所 Heterogeneous hardware and software collaborative developing method and system
CN103853589A (en) * 2014-02-26 2014-06-11 上海爱数软件有限公司 Cross-platform system compiling and building method
CN110781492A (en) * 2018-07-31 2020-02-11 阿里巴巴集团控股有限公司 Data processing method, device, equipment and storage medium
CN111142935A (en) * 2019-12-31 2020-05-12 奇安信科技集团股份有限公司 Method, apparatus, computer system, and medium for cross-platform running of applications
CN111177712A (en) * 2019-12-31 2020-05-19 杭州趣链科技有限公司 WebAssembly model execution engine based on TEE

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Intel SGX系列(三)飞地开发基础(一);Anhkgg;《https://mp.weixin.qq.com/s?__biz=MzU0NTkxODg3Mg==&mid=2247483665&idx=1&sn=a171da2d89c602d5ead9b37089944927&chksm=fb64dbe6cc1352f0be36c251fe6a3760ae8821855ae7a0cf40be9c4680a1a669778fcd26c4fd&rd2werd=1#wechat_redirect》;20180716;第1-10页 *

Also Published As

Publication number Publication date
CN112148296A (en) 2020-12-29

Similar Documents

Publication Publication Date Title
KR102546601B1 (en) Method and apparatus for protecting kernel control-flow integrity using static binary instrumentaiton
US11748468B2 (en) Dynamic switching between pointer authentication regimes
US9495543B2 (en) Method and apparatus providing privacy benchmarking for mobile application development
CN107766701B (en) Electronic equipment, dynamic library file protection method and device
CN106406956B (en) Application program installation method and device
CN111427622B (en) Execution method and device of script codes in application program
CN111736916A (en) Dynamic expansion method and device based on Java language, electronic equipment and storage medium
CN110609687A (en) Compiling method, device, electronic equipment and storage medium
CN109725943B (en) Program jumping method and device, electronic equipment and storage medium
CN114546639A (en) Service call processing method and device
CN112114814A (en) Compiled file determining method and device and application program generating method and device
CN112148296B (en) Compiling and running method and device and compiling and running device
CN117193944A (en) Application running environment generation method and device, server and storage device
CN111274556A (en) Code obfuscation method, device and storage medium
CN110569037B (en) Data writing method and device
CN110888822B (en) Memory processing method, device and storage medium
CN112445484A (en) Register processing method and device, electronic equipment and storage medium
CN111596949B (en) Method and device for developing application program
CN113867992B (en) Call chain resource isolation method and device, storage medium and electronic equipment
CN111221559B (en) Application updating method, device, storage medium, terminal and server
Zavalyshyn Building private-by-design IoT systems
US11354433B1 (en) Dynamic taint tracking on mobile devices
CN115525878A (en) Resource confusion method and device and electronic equipment
CN116776356A (en) Database encryption method, device, electronic equipment, system and storage medium
CN114546419A (en) Application program installation method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant