	US 12,248,558 B2
	System and method for providing provable end-to-end guarantees on commodity heterogeneous interconnected computing platforms
Amit Vasudevan, Pittsburgh, PA (US)
Assigned to Carnegie Mellon University, Pittsburgh, PA (US)
Filed by CARNEGIE MELLON UNIVERSITY, Pittsburgh, PA (US)
Filed on Apr. 1, 2024, as Appl. No. 18/623,417.
Application 18/623,417 is a continuation of application No. 17/683,786, filed on Mar. 1, 2022, granted, now 12,093,367.
Claims priority of provisional application 63/274,051, filed on Nov. 1, 2021.
Claims priority of provisional application 63/214,345, filed on Jun. 24, 2021.
Claims priority of provisional application 63/183,291, filed on May 3, 2021.
Prior Publication US 2024/0289432 A1, Aug. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/44 (2013.01); G06F 9/48 (2006.01); G06F 11/3604 (2025.01); G06F 21/60 (2013.01)

CPC G06F 21/44 (2013.01) [G06F 9/4812 (2013.01); G06F 11/3608 (2013.01); G06F 21/602 (2013.01); G06F 2221/2141 (2013.01)]

31 Claims

1. A cyber-physical system having provable end-to-end guarantees comprising:

two or more heterogeneous interconnected computing platforms, each platform having one or more unverified components and one or more modular provable objects retrofit with the unverified components that contribute to the one or more end-to-end guarantees; and

wherein each computing platform has a prime object acting as a root-of-trust to protect and report on the one or more modular provable objects on the computing platform;

wherein a collection of prime objects across the computing platforms protect and report on the one or more modular provable objects within and across the computing platforms, thereby contributing to end-to-end guarantees at runtime; and

wherein the prime objects verify a memory address space on each of the computing platforms and instantiate the modular provable objects for each platform in a verified memory address space.