CN111291383B - Physical address space access isolation method between any entities on SoC, SoC and computer equipment - Google Patents
Physical address space access isolation method between any entities on SoC, SoC and computer equipment Download PDFInfo
- Publication number
- CN111291383B CN111291383B CN202010223469.7A CN202010223469A CN111291383B CN 111291383 B CN111291383 B CN 111291383B CN 202010223469 A CN202010223469 A CN 202010223469A CN 111291383 B CN111291383 B CN 111291383B
- Authority
- CN
- China
- Prior art keywords
- access
- soc
- address
- matching
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a physical address space access isolation method between any entities on a system on chip (SoC), the SoC and computer equipment. The invention can realize the access isolation of any entity and fine-grained physical address required by the SoC trusted execution environment, support the safe access isolation of any main equipment or software entity, and support the fine-grained isolation with variable number and variable size of target address intervals.
Description
Technical Field
The invention relates to a trusted execution environment technology of SoC, in particular to a physical address space access isolation method between any entities on SoC, SoC and computer equipment, which are used for access isolation of fine-grained physical addresses between any entities required by the trusted execution environment of SoC.
Background
Soc (system on chip) is a chip called system on chip, which integrates modules such as a processor, a bus, a memory, and peripheral devices, and can independently complete processing of specific applications. The original purpose of the trusted execution environment TEE (trusted execution environment) is to provide an isolated, secure and trusted operating system or environment outside the normal operating system or operating environment, and run on an isolated hardware basis, and the secure operating system or environment is called TEE.
The ARM company introduced the TEE scheme of TrustZone. In order to realize isolation and control of access rights of hardware resources, the scheme adds an additional control signal (NS bit) to each read-write channel on a standard AXI bus to indicate whether the current read-write operation is a secure operation or a non-secure operation. The NS bit of the write channel, AWPROT [1], being 0 indicates a secure write transaction operation and being 1 indicates a non-secure write transaction operation. The NS bit of the read channel, ARPROT [1], a 0 indicates a secure read transaction and a 1 indicates a non-secure read transaction. Although the technology can separate the secure and non-secure software entities, when a plurality of software entities considered to be secure exist in a system or environment, the entities cannot be isolated.
Intel corporation introduced the TEE protocol for SGX (software guard extensions). In order to realize the safety control of the access authority of the hardware resource, the scheme encrypts data and code spaces of different enclave entities. Although it can completely isolate all applications or software entities, including between secure entities, between secure and non-secure entities, and between non-secure entities, it will increase the cost of implementing software and hardware due to the complex encryption method used.
RISC-V is a fifth generation instruction set architecture released by university of Berkeley, USA, and the architecture is completely open source and can adopt a modular design mode to support multiple instruction set extensions. RISC-V Foundation organization introduced the hardware resource access isolation specification of PMP (physical Memory protection) for the TEE related application development requirements of RISC-V processors. The technology provides 16 CSRs which can be used by software entities in M mode, and can support mutual isolation of the software entities in 16 independent S or U modes. The 16 entities supported by this technique are relatively few for the various current application scenarios. And one OS in S mode runs a plurality of U mode software entities, and based on this technology, the software entities in a plurality of U modes cannot be isolated, which is a common application scenario in various fields.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides a physical address space access isolation method between any entities on the SoC, the SoC and computer equipment.
In order to solve the technical problems, the invention adopts the technical scheme that:
a physical address space access isolation method between any entities on SoC includes the following implementation steps:
1) querying a preset security policy table aiming at an atomic instruction processed by an instruction pipeline, wherein the security policy table comprises a source address of a preset software entity and access authority information corresponding to a destination address;
2) determining whether to allow the atomic instruction to access a buffer or a bus according to a matching result obtained by the query, ending and exiting;
optionally, the detailed steps of step 1) include:
1.1) extracting a source address and a destination address of the atomic instruction after the instruction pipeline processing;
1.2) using the source address and the destination address as keywords to inquire a preset security policy table, wherein the security policy table comprises the source address of a preset software entity and access authority information corresponding to the destination address.
Optionally, after the step 1.1) and before the step 1.2), a step of detecting whether the extracted source address and destination address meet a preset specification is further included, if the extracted source address and destination address meet the preset specification, the step 1.2) is executed by skipping, and if not, an exception is reported and the process is exited.
Optionally, the detailed step of determining whether to allow the atomic instruction to access the bus according to the access right in step 2) includes:
2.1A) judging whether the matching result obtained by query contains matching items, if not, judging that the atomic instruction is not allowed to access the bus, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2A) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3A) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, skipping to execute the next step;
2.4A) judging whether a preset mask short-priority strategy is true, if true, finding out an entry with the shortest mask from a plurality of matching entries as a final matching entry, acquiring an access authority in the final matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, reporting an exception and exiting;
2.5A) if the atomic instruction access bus is allowed, normally completing the bus access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is not allowed, and the exception is reported and the operation is finished.
Optionally, the detailed step of deciding whether to allow the atomic instruction to access the buffer according to the access right in step 2) includes:
2.1B) judging whether the matching result obtained by the query contains a matching item, if the matching item does not exist, judging that the atomic instruction is not allowed to access the buffer, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2B) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3B) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, and determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, skipping to execute the next step;
2.4B) judging whether the preset mask short-priority strategy is true, if true, finding out the entry with the shortest mask from the plurality of matching entries as the final matching entry, acquiring the access authority in the final matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, reporting an exception and exiting;
2.5B) if the atomic instruction access buffering is allowed, jump to perform step 2.6B); otherwise, not allowing the buffer access of the atomic instruction, reporting the exception, and ending;
2.6B) judging whether the buffer is hit, if so, normally finishing the buffer access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is normally finished, and the operation is finished.
Optionally, step 1) is preceded by a step of generating a security policy table in advance, and the detailed steps include: all software entities to be operated on the SoC bus master equipment are addressed in a unified way, and the software entities on each master equipment occupy a source address; addressing the memory space, the IO space, the register space and the like according to the normal SoC physical address, wherein each address space occupies a destination address; the source address and the destination address are used as index entries of a security policy table, each index entry corresponds to a security policy, the security policy represents the access authority of an entity represented by the source address to the destination address, the access authority comprises three characteristics of WRX, wherein W is writing, R is reading, and X is executing.
Optionally, the source address is composed of a source address mask smask and a source address sadd unique within an address interval represented by the source address mask smask; the destination address is composed of a destination address mask dmask and a destination address dadd unique within an address range represented by the destination address mask dmask, and { sadd & smask, dadd & dmask } serves as an index entry of the security policy table.
Optionally, step 1) is preceded by a step of labeling a source address for each bus access instruction of the software entity in advance before executing the software entity, and the detailed steps include: the method comprises the steps of compiling the conventional binary code of a current software entity by adopting a compiler of a target processor, and compiling the generated binary code for the second time by adopting a special back-end compiler, wherein the second compiling process mainly comprises retrieval and marking processing, the retrieval is used for finding each instruction which can trigger bus access operation, and the marking is used for adding a source address marking instruction before each retrieved instruction so as to mark the source address of the instruction.
In addition, the invention also provides a SoC, which at least comprises a processor and a bus access control module, wherein the SoC is programmed or configured to execute the steps of the physical address space access isolation method between any entities on the SoC, or a computer program which is programmed or configured to execute the physical address space access isolation method between any entities on the SoC is stored in a memory of the SoC.
In addition, the invention also provides a computer device, which is provided with a SoC, wherein the SoC is programmed or configured to execute the steps of the physical address space access isolation method between any entities on the SoC, or a computer program which is programmed or configured to execute the physical address space access isolation method between any entities on the SoC is stored in a memory of the SoC.
Compared with the prior art, the invention has the following advantages: according to the method, a preset security policy table is inquired by aiming at an atomic instruction processed by an instruction pipeline, wherein the security policy table comprises a source address of a preset software entity and access authority information corresponding to a destination address; the invention supports the safety access isolation between any software entities and can isolate the access of the software entity of the main equipment to the physical address space.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
Fig. 2 is a schematic view of an access control processing flow in the embodiment of the present invention.
Fig. 3 is a flowchart illustrating different processing manners for accessing a buffer or a bus in a main processing flow according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of an SoC logic structure in the embodiment of the present invention.
Detailed Description
As shown in fig. 1, the implementation steps of the method for isolating access to a physical address space between any entities on the SoC of this embodiment include:
1) querying a preset security policy table aiming at the atomic instruction processed by the instruction pipeline, wherein the security policy table comprises a source address of a preset software entity and access authority information corresponding to a destination address;
2) determining whether to allow the atomic instruction to access a buffer or a bus according to a matching result obtained by the query, ending and exiting;
in this embodiment, the detailed steps of step 1) include:
1.1) extracting a source address and a destination address of the atomic instruction after the instruction pipeline processing;
1.2) using the source address and the destination address as keywords to inquire a preset security policy table, wherein the security policy table comprises the source address of a preset software entity and access authority information corresponding to the destination address. The security policy table is inquired through the source address and the destination address of the bus access request on the SoC to obtain the access authority of each bus request, so that physical address access isolation between any entities and at the bus request level on the SoC is achieved.
In this embodiment, the step 2) determines whether to allow the atomic instruction to access the buffer or the bus according to the matching result obtained by the query, specifically, the step is performed by a buffer access controller and a bus access controller, where the buffer access controller is configured to determine whether to allow the atomic instruction to access the buffer according to the access authority, and the bus access controller is configured to determine whether to allow the atomic instruction to access the bus according to the access authority.
As shown in fig. 2 and fig. 3, the detailed step of determining whether to allow the atomic instruction to access the bus according to the access right in step 2) of this embodiment includes:
2.1A) judging whether the matching result obtained by query contains matching items, if not, judging that the atomic instruction is not allowed to access the bus, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2A) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3A) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, skipping to execute the next step;
2.4A) judging whether a preset mask short-priority strategy is true, if true, finding out an entry with the shortest mask from a plurality of matching entries as a final matching entry, acquiring an access authority in the final matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, reporting an exception and exiting;
2.5A) if the atomic instruction access bus is allowed, normally completing the bus access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is not allowed, and the exception is reported and the operation is finished.
As shown in fig. 2 and fig. 3, the detailed step of determining whether to allow the atomic instruction to access the buffer according to the access right in step 2) of this embodiment includes:
2.1B) judging whether the matching result obtained by the query contains a matching item, if the matching item does not exist, judging that the atomic instruction is not allowed to access the buffer, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2B) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3B) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, and determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, skipping to execute the next step;
2.4B) judging whether the preset mask short-priority strategy is true, if true, finding out the entry with the shortest mask from the plurality of matching entries as the final matching entry, acquiring the access authority in the final matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, reporting an exception and exiting;
2.5B) if the atomic instruction access buffering is allowed, jump to perform step 2.6B); otherwise, not allowing the buffer access of the atomic instruction, reporting the exception, and ending;
2.6B) judging whether the buffer is hit, if so, normally finishing the buffer access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is normally finished, and the operation is finished.
As shown in fig. 2, after step 1.1) and before step 1.2) of this embodiment, a step of detecting whether the extracted source address and destination address meet the preset specification is further included, if the extracted source address and destination address meet the preset specification, the step 1.2 is skipped to be executed, otherwise, an exception is reported and the method is exited.
In this embodiment, step 1) further includes a step of generating a security policy table in advance, and the detailed steps include: all software entities to be operated on the SoC bus master equipment are addressed in a unified way, and the software entities on each master equipment occupy a source address; addressing the memory space, the IO space, the register space and the like according to the normal SoC physical address, wherein each address space occupies a destination address; the source address and the destination address are used as index entries of a security policy table, each index entry corresponds to a security policy, the security policy represents the access authority of an entity represented by the source address to the destination address, the access authority comprises three characteristics of WRX, wherein W is writing, R is reading, and X is executing.
In the embodiment, the source address is composed of a source address mask smask and a unique source address sadd in an address interval represented by the source address mask smask; the destination address is composed of a destination address mask dmask and a destination address dadd which is unique within an address interval represented by the destination address mask dmask, and { sadd&smask,dadd&dmask serves as an index entry of the security policy table. Security policy table item represented in N masks using optimally addressed (sadd, dadd) keysN(sadd&smask,dadd&dmask, WRX), and according to the query result, M (M)>= N) access to physical address space by master software entities is isolated; by the method, fine-grained separation with variable target address intervals and variable sizes is supported, based on the optimally addressed target address, a plurality of independent address intervals can be represented according to mask configuration, and the granularity of a single interval can be any 2XByte (x)>=0) granularity of address space.
In this embodiment, before step 1), a step of labeling a source address for each bus access instruction of the software entity in advance before executing the software entity is further included, and the detailed steps include: the method comprises the steps of performing conventional binary code compiling on a current software entity by adopting a compiler of a target processor, performing second compiling on the generated binary code by adopting a special back-end compiler, wherein the second compiling process mainly comprises retrieval and marking processing, the retrieval is used for finding out each instruction (such as a loading instruction load, a recovery instruction store and the like) which can trigger bus access operation, and the marking is used for adding a source address marking instruction in front of each retrieved instruction so as to mark out the source address of the instruction. In this embodiment, the source address labeling instruction is: addr, mark source. Addr represents the source address of the instruction. The specific steps of sending the information of the two instructions to the bus access control module as an atomic operation by the processor are as follows: the processor (MCU, DSP, etc.) takes the two instructions as atomic instructions to carry out the operations of fetching, decoding, transmitting, etc., and after the target address in the instruction is processed by normal TLB/MMU, etc., the processed related information is sent to the bus access control module and the buffer access control module.
After receiving the information of the atomic instruction, the bus access control module and the buffer access control module extract a source address sadd and a target address dadd from the information as keywords of query operation, perform query operation on a security policy table stored in the bus or the Cache access control module, and determine whether to allow the atomic instruction to access the buffer or the bus according to matching results obtained by the query.
There are three cases of the matching result obtained by the query: if the operation required by the current request meets the authority given by the security policy in the matching process, the bus is accessed through and sent to the conventional bus; if the operation required by the current request does not accord with the authority given by the security policy, the abnormal interrupt is submitted; if not, an abort is submitted. In addition, matching may be further subdivided into a case of matching one entry or multiple entries, and if there are multiple entries, an entry with the highest priority needs to be selected as a final matching entry according to a preset rule, as detailed in the foregoing steps 2.3A) and 2.3B).
In summary, in the method for access isolation of physical address space between any entities on SoC of this embodiment, a security policy table after mapping a software entity and a hardware address is generated, a source address is labeled for each bus access instruction of the software entity, a processor sends information of two instructions as an atomic operation to a bus access control module, the bus access control module extracts the source address and a destination address of a bus access request and performs an inquiry, and determines whether the request allows access to the bus according to an inquiry-obtained policy, so that access isolation of physical addresses of any entities and fine granularity required by a trusted execution environment of the SoC can be realized, secure access isolation between any host device or software entities is supported, and fine granularity isolation with variable number and variable size of destination address intervals is supported.
In addition, the present embodiment also provides an SoC, where the SoC at least includes a processor and a bus access control module, and the SoC is programmed or configured to execute the steps of the foregoing physical address space access isolation method between any entities on the SoC, or a memory of the SoC stores a computer program programmed or configured to execute the foregoing physical address space access isolation method between any entities on the SoC. Fig. 4 is an example of an SoC in the present embodiment, which integrates two processor cores, a bus, a DDR3 SDRAM, a PCIE module, and the like. Wherein several software entities running on the processor 1 are denoted ME0xThe processor 2 does not contain a Cache, and a plurality of software entities running on the processor are marked as ME1xJTAG host device is labeled ME3The DMA, although a master-slave interface, does not occupy ME addressing because it does not generate new requests. Several physical address intervals of the slave devices such as PCIE and IIC are labeled as SE. The Cache and bus access control module of the processor 1 may share the security policy table 1, and other bus access control modules share the security policy table 2.
In generating the security policy table, in this embodiment, the ME is compared with the ME in fig. 400The MEs with the same security attribute are coded in a mask representation mode, for example, 6 entities with the same attribute { ME on the processor 1 and the processor 2 can be coded00,ME01,ME02,ME13,ME15,ME16Unified addressing, namely respectively allocating source addresses: {16 ' h0000, 16 ' h0001, 16 ' h0002, 16 ' h0003, 16 ' h0004, 16 ' h0005}, with a source address mask of 16 ' h0007, although two addresses {16 ' h0006, 16 ' h0007} are free, 6 security policy entries may be represented by the index { sadd:16 ' h0000, smask:16 ' h0007 }. When addressing in the physical address space, the address space of each SE is also represented by a mask, e.g. SE11Has an address space of [32 'h 00010000, 32' h 00011111 ]]Then the index of the address intervalIs { dadd:32 'h 00010000, dmask: 32' h 00001111 }. And similarly, all the MEs and the SEs are encoded, and finally the security policy table shown in the table 1 is obtained.
Table 1: a security policy table.
According to access distribution characteristics and access bandwidth requirements on different bus interfaces, splitting the table into two tables: the security policy table 1 and the security policy table 2, index parts { sadd, smask, dadd, dmask } of the two tables are respectively realized by two on-chip high-speed TCAMs, and the access authority is stored by an on-chip SRAM corresponding to each TCAM entry. As shown in FIG. 4, the Cache component and the bus access control module of the processor 1 share the security policy table 1, and the other components share the security policy table 2. For processors with higher performance requirements, the query operation can be realized by a TCAM (ternary content addressable memory); for the MCU with low performance requirement, the query operation can be realized by adopting a HASH linked list and other modes. When a source address is marked for each bus access instruction of a software entity, a compiler of a target processor is adopted to carry out conventional binary compilation on a source code of each software entity, a special markcompiler compiler is adopted to carry out second compilation on a generated binary code, the second compilation process mainly comprises retrieval and marking operations, a retrieved target is each instruction such as load/store which can trigger bus and Cache access operations, and a source address marking instruction mark source. When the processor sends the information of the two instructions to the bus access control module as atomic operation, the processor (MCU, DSP, etc.) takes the two instructions as atomic instruction to perform operations such as instruction fetching, decoding, transmitting, etc., and after normal TLB/MMU processing is performed on the destination address in the instruction, if Cache needs to be accessed, the relevant information is sent to the Cache access control module to judge the access authority; and if the cache does not need to be accessed, the related information is sent to the bus access control module, and the bus access control module judges the authority. When the bus access control module extracts a source address and a destination address of a bus access request and inquires, the bus access control module and the buffer access control module share one security policy table, firstly, the source address and the destination address in the information are detected, whether the source address and the destination address meet the requirements of length and the like, if not, the report is abnormal, and if so, the safety policy table is inquired. And finally, determining whether the request is allowed to access the bus according to the strategy obtained by the query. The results of the query are in the following three cases: if the query result is that no matching item exists, reporting an exception; if the query result is that a matching item exists and only one result exists, reading the item to judge the WRX authority, if the item meets the authority requirement, passing the item, and if the item does not meet the authority requirement, reporting an exception; if the query result shows that a plurality of matching items exist, reading out corresponding items according to the low item priority or the shortest mask priority mode to judge the WRX authority, if the authority is met, passing, and if the authority is not met, reporting an exception.
In addition, the present embodiment also provides a computer device, where the computer device is provided with an SoC, and the SoC is programmed or configured to execute the steps of the foregoing method for isolating access to a physical address space between any entities on the SoC, or a memory of the SoC stores a computer program programmed or configured to execute the foregoing method for isolating access to a physical address space between any entities on the SoC.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.
Claims (7)
1. A method for isolating physical address space access between any entities on SoC is characterized by comprising the following implementation steps:
1) querying a preset security policy table aiming at an atomic instruction processed by an instruction pipeline, wherein the security policy table comprises a source address of a preset software entity and access authority information corresponding to a destination address;
2) determining whether to allow the atomic instruction to access a buffer or a bus according to a matching result obtained by the query, ending and exiting;
the detailed steps of the step 1) comprise:
1.1) extracting a source address and a destination address of the atomic instruction after the instruction pipeline processing;
1.2) using a source address and a destination address as keywords to query a preset security policy table, wherein the security policy table comprises the source address of a preset software entity and access authority information corresponding to the destination address;
the method comprises the step of generating a security policy table in advance before the step 1), wherein the detailed steps comprise: all software entities to be operated on the SoC bus master equipment are addressed in a unified way, and the software entities on each master equipment occupy a source address; addressing the memory space, the IO space and the register space according to the normal SoC physical address, wherein each address space occupies a destination address; taking a source address and a destination address as index items of a security policy table, wherein each index item corresponds to a security policy which represents the access authority of an entity represented by the source address to the destination address, and the access authority comprises three characteristics of WRX, wherein W is writing, R is reading and X is executing;
the source address is composed of a source address mask smask and a unique source address sadd in an address interval represented by the source address mask smask; the destination address is composed of a destination address mask dmask and a destination address dadd unique within an address range represented by the destination address mask dmask, and { sadd & smask, dadd & dmask } serves as an index entry of the security policy table.
2. The method for isolating access to the physical address space between any entities on the SoC according to claim 1, wherein after step 1.1) and before step 1.2), the method further comprises a step of detecting whether the extracted source address and destination address meet a preset specification, if the extracted source address and destination address meet the preset specification, the step 1.2 is skipped to execute, and if not, an exception is reported and the method exits.
3. The method as claimed in claim 1, wherein the step 2) of determining whether to allow the atomic instruction to access the bus according to the access right further comprises:
2.1A) judging whether the matching result obtained by query contains matching items, if not, judging that the atomic instruction is not allowed to access the bus, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2A) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3A) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, skipping to execute the next step;
2.4A) judging whether a preset mask short-priority strategy is true, if true, finding out an entry with the shortest mask from a plurality of matching entries as a final matching entry, acquiring an access authority in the final matching entry, determining whether to allow the atomic instruction to access the bus according to the access authority, and skipping to execute the step 2.5A); otherwise, reporting an exception and exiting;
2.5A) if the atomic instruction access bus is allowed, normally completing the bus access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is not allowed, and the exception is reported and the operation is finished.
4. The method as claimed in claim 1, wherein the step 2) of determining whether to allow the atomic instruction to access the buffer according to the access right further comprises:
2.1B) judging whether the matching result obtained by the query contains a matching item, if the matching item does not exist, judging that the atomic instruction is not allowed to access the buffer, reporting an exception, ending and exiting; otherwise, skipping to execute the next step;
2.2B) judging whether the matching result contains a matching entry, if so, acquiring the access authority in the matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, judging that the matching result contains a plurality of matching entries, and skipping to execute the next step;
2.3B) judging whether the preset address low-priority strategy is true, if true, finding out the item with the lowest address from the plurality of matching items as the final matching item, acquiring the access authority in the final matching item, and determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, skipping to execute the next step;
2.4B) judging whether the preset mask short-priority strategy is true, if true, finding out the entry with the shortest mask from the plurality of matching entries as the final matching entry, acquiring the access authority in the final matching entry, determining whether to allow the atomic instruction to access the buffer according to the access authority, and skipping to execute the step 2.5B); otherwise, reporting an exception and exiting;
2.5B) if the atomic instruction access buffering is allowed, jump to perform step 2.6B); otherwise, not allowing the buffer access of the atomic instruction, reporting the exception, and ending;
2.6B) judging whether the buffer is hit, if so, normally finishing the buffer access of the atomic instruction, and ending; otherwise, the bus access of the atomic instruction is normally finished, and the operation is finished.
5. The method for isolating access to a physical address space between any entities on the SoC of claim 1, wherein step 1) is preceded by a step of labeling a source address for each bus access instruction of the software entity in advance before executing the software entity, and the detailed steps include: the method comprises the steps of compiling the conventional binary code of a current software entity by adopting a compiler of a target processor, and compiling the generated binary code for the second time by adopting a special back-end compiler, wherein the second compiling process mainly comprises retrieval and marking processing, the retrieval is used for finding each instruction which can trigger bus access operation, and the marking is used for adding a source address marking instruction before each retrieved instruction so as to mark the source address of the instruction.
6. An SoC comprising at least a processor and a bus access control module, wherein the SoC is programmed or configured to perform the steps of the method for isolating physical address space access between any entities on the SoC as claimed in any one of claims 1 to 5, or wherein a memory of the SoC has stored therein a computer program programmed or configured to perform the method for isolating physical address space access between any entities on the SoC as claimed in any one of claims 1 to 5.
7. A computer device with a SoC, wherein the SoC is programmed or configured to perform the steps of the method for isolating physical address space access between any entities on the SoC as claimed in any one of claims 1 to 5, or a computer program is stored in a memory of the SoC and programmed or configured to perform the method for isolating physical address space access between any entities on the SoC as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010223469.7A CN111291383B (en) | 2020-03-26 | 2020-03-26 | Physical address space access isolation method between any entities on SoC, SoC and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010223469.7A CN111291383B (en) | 2020-03-26 | 2020-03-26 | Physical address space access isolation method between any entities on SoC, SoC and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111291383A CN111291383A (en) | 2020-06-16 |
| CN111291383B true CN111291383B (en) | 2022-03-22 |
Family
ID=71031125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010223469.7A Active CN111291383B (en) | 2020-03-26 | 2020-03-26 | Physical address space access isolation method between any entities on SoC, SoC and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111291383B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113254071B (en) * | 2021-05-27 | 2021-10-01 | 超验信息科技(长沙)有限公司 | Method, system, computer equipment and storage medium for realizing jump link instruction |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115018A (en) * | 2007-09-17 | 2008-01-30 | 中兴通讯股份有限公司 | Method for controlling equipment access |
| CN101605097A (en) * | 2009-07-22 | 2009-12-16 | 赛尔网络有限公司 | IPv6/IPv4 address hierarchical access right control method and access control gateway |
| CN107516052A (en) * | 2017-08-14 | 2017-12-26 | 致象尔微电子科技(上海)有限公司 | A kind of internal storage access partition method |
| CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11277390B2 (en) * | 2015-01-26 | 2022-03-15 | Listat Ltd. | Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce |
-
2020
- 2020-03-26 CN CN202010223469.7A patent/CN111291383B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115018A (en) * | 2007-09-17 | 2008-01-30 | 中兴通讯股份有限公司 | Method for controlling equipment access |
| CN101605097A (en) * | 2009-07-22 | 2009-12-16 | 赛尔网络有限公司 | IPv6/IPv4 address hierarchical access right control method and access control gateway |
| CN107516052A (en) * | 2017-08-14 | 2017-12-26 | 致象尔微电子科技(上海)有限公司 | A kind of internal storage access partition method |
| CN108111383A (en) * | 2017-12-26 | 2018-06-01 | 北京航空航天大学 | A kind of cross-domain container virtual network construction method based on SDN |
Non-Patent Citations (4)
| Title |
|---|
| 《ACL访问控制(华为)》;JJH的创世纪;《https://blog.csdn.net/ck784101777/article/details/97893744》;20190731;第1-6页 * |
| 《CISCO 访问控制列表ACL》;宁滥勿缺49;《https://blog.csdn.net/liuzhongwei49/article/details/80632624》;20180609;第1-8页 * |
| 《Towards Cloud-Aware Policy Enforcement with Universal Cloud Classification as a Service (UCCaaS) in Software Defined Networks》;Sebastian Jeuk等;《2016 IEEE 9th International Conference on Cloud Computing (CLOUD)》;20170119;第489-496页 * |
| 《分布式环境下的访问控制》;刘琼波等;《计算机研究与发展》;20010630(第6期);第735-740页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111291383A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102473139B (en) | I/O memory management unit including multilevel address translation for I/O and computation offload | |
| JP6903682B2 (en) | Data protection using virtual resource view | |
| US10564997B2 (en) | Computing system for securely executing a secure application in a rich execution environment | |
| US9411745B2 (en) | Multi-core heterogeneous system translation lookaside buffer coherency | |
| CN102129410B (en) | Providing extended memory protection | |
| CN112149148A (en) | Cryptographic isolation of memory compartments in a computing environment | |
| KR20170033891A (en) | Memory initialization in a protected region | |
| JP2017505492A (en) | Area specification operation to specify the area of the memory attribute unit corresponding to the target memory address | |
| US20080052709A1 (en) | Method and system for protecting hard disk data in virtual context | |
| US10938559B2 (en) | Security key identifier remapping | |
| CN113220225B (en) | Memory data read-write method and device for RISC-V processor, processor and storage medium | |
| CN106716435B (en) | Interface between a device and a secure processing environment | |
| US20220121447A1 (en) | Hardening cpu predictors with cryptographic computing context information | |
| CN112148521A (en) | Providing improved efficiency for metadata usage | |
| JP7201686B2 (en) | Equipment for adding protection features for indirect access memory controllers | |
| US11734430B2 (en) | Configuration of a memory controller for copy-on-write with a resource controller | |
| US11048644B1 (en) | Memory mapping in an access device for non-volatile memory | |
| US20180157605A1 (en) | Configuration of a memory controller for copy-on-write | |
| US20090150642A1 (en) | Indexing Page Attributes | |
| CN111291383B (en) | Physical address space access isolation method between any entities on SoC, SoC and computer equipment | |
| CN107533513B (en) | Burst translation look-aside buffer | |
| US20200192825A1 (en) | Security for virtualized device | |
| US20130097405A1 (en) | Apparatus and method for abstract memory addressing | |
| US9639477B2 (en) | Memory corruption prevention system | |
| US20180307626A1 (en) | Hardware-assisted memory encryption circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220608 Address after: 201210 room 2fa222, block a, building 1, No. 800, Naxian Road, Pudong New Area, Shanghai Patentee after: Chaorui Technology (Shanghai) Co.,Ltd. Address before: Room 2106, Great Wall wanfuhui gold block, No.9 Shuangyong Road, Kaifu District, Changsha City, Hunan Province, 410003 Patentee before: Transcendence information technology (Changsha) Co.,Ltd. |
|
| TR01 | Transfer of patent right |