JPS59113599A - Memory protection system - Google Patents

Abstract

PURPOSE:To protect completely program group having hierarchy and to perform read protection and write protection independently of each other by providing a register for read and a register for write, which indicate the protection right state at the current time in a processor. CONSTITUTION:A read protection right register and a write protection right register are incorporated in a processor 1. Two words of a hierarchy protection register 3 correspond to 4k words. These hierarchy protection register 3 and read and write protection right registers are accessed similarly to ordinary registers or a memory 2. In case of the memory access, contents of the hierarchy protection regisiter 3, which correspond to an address memory block, and right registers in the processor 1 are collated with each other, and an instruction is executed if the access is valid. The hierarchy structure is exemplified by the system consisting of 15 subsystems at most, and each subsystem consists of 15 subsubsystems at most.

Description

DETAILED DESCRIPTION OF THE INVENTION The present invention relates to a memory protection method for an information processing device.

Memory protection methods applied to conventional information processing devices include key protection/ring protection and ring protection.
ing ) protection can be selected as its representative. Of these, key protection compares the key of the currently running program with the key given to the memory block for each memory access. In addition, if the key match condition is not satisfied, the instruction that accessed the memory will not be executed and one interrupt will occur. The method of ring protection is similar, but the only difference is that it includes the concept of hierarchy.

A ring number n is given to the currently running program, a ring number m is given to the memory block, and if n m, the program selects a specific memory block.
access is possible.

However, in such a conventional technique, for example, in a hierarchical system configuration as shown in FIG. 1, the ring number of program A is "0", and the ring number of
The ring number for f-programs D, E, F, G is given as °2'', and so on. Therefore, refer to Figure 2 where the ring numbers are given. , as ring protection, it was not possible to take measures against errors such as the destruction of program C by program B, the destruction of program E by program Ic, and the destruction of program F by program D using hardware.

Also, in the conventional protection method.

READ PROTECTION
N ) and write protection 7 (WRITE P
(ROTECTION) cannot be performed independently, and therefore must be performed using the same ring number and key.

For example, if the given protection is write protection as shown in FIG. 2, read protection will be determined by the write protection ring number as follows.

In other words, the ring number of the currently running program is n.
Assuming that the ring number of the program to be accessed is m, the conditions for read protection are as follows.

If m < n-1, as a result, the data on the label can be read, but since the cursor 1-* rotation and the light 0 rotation cannot be performed independently, in the example of Fig. 2, the data on the level can be read. There was a drawback that it was not possible to prohibit reading of the data of program D.

An object of the present invention is to provide a highly reliable memory security system that can completely protect nine-layered program groups except for the above-mentioned drawbacks of the conventional technology, and that can perform read protection and write protection independently. is to provide.

According to the present invention, a register for read protection and a register for write protection are provided for memory protection, and a register for read and a register for write indicating the current protection right status are provided inside the processor. It will be done.

When the process executes read-related instructions (such as reading data from memory).

A check is performed between the read protection right register in the processor and the memory processor and evening registers.

It is checked that the access is within the hierarchy, and if the access is from outside the solid layer, the instruction is not executed and a message to that effect is displayed (by an interrupt or the like). Protection is achieved using the same method when executing write-related instructions, and the contents of each register (memory processing,
internal) can be changed independently.

Next, the memory storage system according to the present invention will be described with reference to embodiments and the drawings.

FIG. 3 is a block diagram showing the basic configuration of an embodiment according to the present invention. In the figure, 1 is a processing device, 2
is the main memory, and 3 is the hierarchical protection register. The processing device 1 includes a read protection right register and a write protection right register.

Further, the second layer protection register 3 corresponds to two stories for the word 4. These hierarchical protection registers and read and write right registers can be accessed like normal registers or memory, allowing initial settings to be made according to the hierarchical structure of the system. It is. Execution of instructions by a processing device always requires memory access. At the time of this memory access, the hierarchy protection register 3 corresponding to the addressed memory block is checked against the right register in the processing device 1, and if the access is legal, the instruction is executed.

If it is not valid, an interrupt is generated in the processing device l, preventing execution of the instruction. For this access to be legal, one requirement is that the contents of the rights register and the contents of the hierarchical protection register are equal;
It is necessary that the content of the right register of the unequal part is °゛0'' (this means that the lower layer has been accessed).The protection right register is set when the instruction is accessed. The contents of the protection register are set.

A specific example of a hierarchical structure that is applied to the above embodiment and whose size is sufficiently practical for creating knowware is shown below.
This results in a maximum structural system as shown in Figure 4. The system consists of up to 15 subsystems, and each subsystem consists of up to 15 sub-subsystems. Each sub-sub/stem consists of up to 15 sub-sag sub-7 stems. Below, it can be made into a subsystem at a maximum of 8 levels.

A program within the subsystem is called a level 1 program, and a program within the subsubsystem is called a level 2f program. The following definitions will be made in the same manner up to the level 8 program.

A 32-bit register is used to store the location of the program within the hierarchy. This 32-bit register is divided into 8 parts of 4 bits each, and it is possible to establish a correspondence between the program in the hierarchical structure and the contents of the renostar as shown in FIG.

According to this memory protection structure, for example, by initializing the layered protection register as shown in FIG. 6 in the system having the program structure shown in FIG. 1, it becomes possible to perform one layered protection. Now, assuming that this state is write protection, in order to make the data of f program D visible only to program D, change the contents of the read protection register of D to, for example, "3".
Just enter 0000000″'.Of course, the other read protection registers have the same contents.

As is clear from the above description, according to the present invention, upon execution of an instruction, each time a memory is accessed, the read and write right registers in the processor and the read and write hierarchy renostar associated with the accessed memory are created. Not only is the protection against the two-layered 70 stogram group completed by performing the verification, but also the read protection and write 70 protection are performed independently, which results in improved processing performance of the information processing device. A great effect can be obtained to improve reliability.

[Brief explanation of the drawing]

Fig. 1 is a diagram showing an example of a hierarchical system configuration in a program, Fig. 2 is a diagram for explaining a ring zolotticion method in the system configuration of Fig. 1, and Fig. 3 is a diagram according to the present invention. FIG. 4 is a block diagram showing the basic configuration of the embodiment. FIG. 4 is a diagram showing the maximum hierarchical structure of protection applied to the embodiment of FIG. 3. FIG. A diagram showing the correspondence with. FIG. 6 is a diagram illustrating initial settings of a protection renostar to completely protect the system of FIG. 1. In the figure, 1 is a processing device, 2 is a memory, and 3 is a hierarchical protection register. 72'Hq-q Agent (5841) Patent Attorney Ashi 1) Tan, --. Fig. 1 Fig. 2 Kyo, (・) - F C Dalam C1 Fu System) Fig. 4 Fig. 5 Level 27 b Gu) Mu 12 (i2=t, 2.-・15) 口JηshiT [shi ■ Tsukasa A register yR that records the 1st layer of the 4th seed)

Claims (1)

[Claims] 1. A register for read protection and a register for read protection are provided for each memory block,
The f processor is provided with a read protection right register indicating the current protection right state and a write protection right register.
The read system independently performs a check between the write command and the write protection right renostar, and in the case of a write command, a check between the write protection register and the write protection right renostar. The program hierarchy is stored in write registers. A memory protection method for an information processing device, characterized in that by checking that the access is within a hierarchy, if the access is correct, only that fact is displayed without executing the instruction.