APPARATUS AND METHOD FOR SECURE AND CONSISTENT RUNTIME BASED CONFIDENTIAL EXECUTION OF APPLICATION SERVICES

摘要

PURPOSE: A runtime providing apparatus and a method for application service sealing execution provide a security virtualization interface layer for application service data requiring security consumption, and thereby maximize security of application service execution or application service data consumption. CONSTITUTION: A security virtualization interface layer (310) has an application service received through a user space (300) use hardware resources (450) and kernel services (432) of the lower part of a kernel space (340). A container parser (410) separates a virtualization security code and an application service from a service container received from a service providing server (100). A security virtualization interface generator (412) uses the virtualization security code and service policy to produce security virtualization interface. A virtualization service injector (414) stacks the application service in a VM (Virtual Machine) (420) through the security virtualization interface layer according to a policy in the security virtualization interface. [Reference numerals] (AA) Start; (BB) End; (S500) Receive a service container; (S502) Classification by Information in the service container; (S504) Deliver a virtualization security code and relevant information to an SVIF generator; (S506) Deliver a service(service data) to a VS injector; (S508) Generate a virtual interface after requesting and receiving a service policy; (S510) Separate application for the service required?; (S512) Request and receive the application; (S514) Inject the application service(application) to a virtual machine using a security virtualization interface; (S516) Is the security virtualization interface using code verification abnormal?; (S518) Request the implement or consumption of the application service(application); (S520) Stop the application service(application)