| CPC G06F 21/577 (2013.01) [G06F 8/41 (2013.01); G06F 21/14 (2013.01); G06F 21/51 (2013.01); G06F 21/602 (2013.01); G06F 11/3676 (2013.01)] | 20 Claims |
|
1. A method of operating a trusted execution environment for analyzing source code received, by a recipient, from a vendor, the method comprising:
receiving an encrypted source code into the trusted execution environment;
receiving supplied data into the trusted execution environment, wherein the supplied data is validation data supplied by the vendor or specification data supplied by the recipient;
using a secure key stored within the trusted execution environment to decrypt the encrypted source code within the trusted execution environment to produce a decrypted source code;
analyzing the decrypted source code within the trusted execution environment to determine a trust metric for the decrypted source code;
compiling the decrypted source code within the trusted execution environment to produce generated executable code;
outputting the generated executable code from the trusted execution environment, or receiving a supplied executable code into the trusted execution environment and comparing the supplied executable code to the generated executable code to determine a verification metric for the supplied executable code; and
disallowing the decrypted source code from being communicated to an external entity outside of the trusted execution environment,
wherein the analyzing the decrypted source code to determine a trust metric comprises:
performing analysis on the decrypted source code and/or code derived from said decrypted source code and/or an object derived from said decrypted source code, within the trusted execution environment, to generate test data; and
comparing the supplied data to the test data within the trusted execution environment; and
wherein the trust metric comprises an indicator dependent on a similarity between the supplied data and the test data.
|