Intel Corporation
DETERMINISTIC TRUSTED EXECUTION CONTAINER THROUGH MANAGED RUNTIME LANGUAGE METADATA

Abstract:

Various embodiments are generally directed to an apparatus, system, and other techniques for executing program code, such as managed runtime language, entirely in a hardware trusted execution environment (TEE) while enforcing and abiding by security requirements. Components in the TEE may receive the program, which may include metadata, perform analysis on the metadata, determine whether any API should be disabled from accessing untrusted resources, and execute an exception if the API attempts to access an untrusted resource. One or more security domains may be used in the TEE along with respective protection keys to enhance and maintain security.