It has become increasingly important for developers (e.g., software application developers) to ensure data confidentiality and data integrity for their uses, especially when their programs involve sensitive data. Sophisticated security threats cost governments and private organizations considerable sums of capitol from delays and expenditures for preventing/mitigating these threats. As these organizations shift towards using cloud-based services over a network and away from maintaining on-premises hardware, an adversary has more opportunities to exploit a software vulnerability and jeopardize the security of other organizations. Due to the cloud computing environment's hierarchical privilege structure, programs that operate on such computing bases may inherit software vulnerabilities from privileged software code, such as an operating system component or a hypervisor component.
Various code-partitioning schemes provide a considerable number of opportunities for malicious attacks and reduce the benefits and practicality of executing these portions in a separate execution environment with a different privilege level. Large amounts of trusted code also inhibit any meaningful examination as to correctness. Furthermore, the code-partitioning schemes often require substantially manual tasks that prove to be error-prone and slow.
It is with respect to these and other considerations that the present improvements have been needed.