CN106155939A - A kind of information processing method and electronic equipment - Google Patents
A kind of information processing method and electronic equipment Download PDFInfo
- Publication number
- CN106155939A CN106155939A CN201510145712.7A CN201510145712A CN106155939A CN 106155939 A CN106155939 A CN 106155939A CN 201510145712 A CN201510145712 A CN 201510145712A CN 106155939 A CN106155939 A CN 106155939A
- Authority
- CN
- China
- Prior art keywords
- address
- memory access
- judged result
- access address
- list item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of information processing method and electronic equipment, described method includes: the processor in described electronic equipment is connected by bus foundation with W functional module, and during by the first functional module in N number of functional module described in described bus access, obtain the first memory access address, wherein, W is positive integer;Judge whether described first memory access address is effective memory access address based on an address search table, it is thus achieved that the first judged result;When described first judged result is for being, described server performs the first operation based on described first memory access address.The above-mentioned information processing method that the present invention provides, for solving to exist in prior art the technical problem of computer system security difference, it is achieved that the technique effect to computer system security protection.
Description
Technical field
The present invention relates to electronic technology field, particularly to a kind of information processing method and electronic equipment.
Background technology
Information technology and information industry are changing traditional production, operation and life style, and information becomes
The grand strategy resource of social development.Ecommerce, E-Government, electronic tax, e-bank, electronics
The network information systems such as customs, electronics security, online transaction, online election will politics, military, finance,
The aspect such as business, traffic is played a greater and greater role, and society has increased the most day by day to since network information system
By force.
Computer utility increasingly extensive and deep while, vulnerability and the complexity of network add threat
With the probability attacked, the safety problem of computer network is day by day complicated and prominent.
In the prior art, in order to safeguard the safety of computer system, wherein, the safety to buffer overflow
Take precautions against and increase some hardware mechanisms frequently with in some processor (CPU) inside, and then to internal memory address field
It is protected by, prevents from performing, at data segment, the buffer overflow attack that instruction etc. causes.Additionally, by right
The address space carried inside CPU carries out privilege division, and then realizes carrying out user program reference address point
Level limits.
Present inventor during technical scheme, finds above-mentioned existing skill in invention the embodiment of the present application
At least there is following technical problem in art:
In prior art, the safeguard protection to computer system is mainly used in desktop field.In mobile field,
On the one hand, when with CPU IP be SOC integrated time, majority has been developed complete, be difficult to again change be integrated in
Safety approach inside CPU, on the other hand, is primarily directed to the guarantor that the virtual address within processor is carried out
Protecting, such as, when the address hierarchy carrying processor, exist different stage in prior art is virtual
Address is mapped to the situation on same physical memory, thus causes distinct program meeting Access Violation, so,
Prior art exists the technical problem of computer system security difference.
Summary of the invention
The embodiment of the present invention provides a kind of information processing method and electronic equipment, is used for solving to deposit in prior art
Technical problem in computer system security difference, it is achieved that the technology effect to computer system security protection
Really.
On the one hand, the embodiment of the present application provides a kind of information processing method, and described method is applied to an electronics
In equipment, described method includes:
Processor in described electronic equipment is connected by bus foundation with W functional module, and passes through
During the first functional module in N number of functional module described in described bus access, it is thus achieved that the first memory access address,
Wherein, W is positive integer;
Judge whether described first memory access address is effective memory access address based on an address search table, it is thus achieved that the
One judged result;
When described first judged result is for being, described processor performs the based on described first memory access address
One operation.
Alternatively, described judge whether described first memory access address is effective memory access based on an address search table
Address, it is thus achieved that the first judged result, specifically includes:
Obtain an address search table;
Based on described address search table, described first memory access address is carried out address check, it is thus achieved that the first detection
Result;
Judge whether described first memory access address is effective memory access address based on described first testing result, obtain
Obtain the first judged result.
Alternatively, described judge whether described first memory access address is effective based on described first testing result
Memory access address, it is thus achieved that the first judged result, specifically includes:
Determining the N number of effective list item comprised in M list item in described address search table, wherein, M is
Positive integer, N is the positive integer less than or equal to M;
Judge described first memory access address whether with the physics in K list item in described N number of effective list item
Address is corresponding, it is thus achieved that the second judged result, and wherein, K is the positive integer less than or equal to N;
When described second judged result is for being, it is judged that the first address characterizing described first memory access address belongs to
Property second address properties the most corresponding with described physical address matches, it is thus achieved that the first judged result.
Alternatively, described judge described first memory access address whether with the K in described N number of effective list item
Physical address in list item is corresponding, it is thus achieved that the second judged result, particularly as follows:
Judge that described first memory access address is the most identical with the first physical address in described K list item, obtain
Obtain the second judged result.
Alternatively, described judge described first memory access address whether with the K in described N number of effective list item
Physical address in list item is corresponding, it is thus achieved that the second judged result, particularly as follows:
Judge whether described first memory access address is positioned in the first physical address section in described K list item,
Obtain the second judged result.
Alternatively, described judge described first memory access address whether with the K in described N number of effective list item
Physical address in individual list item is corresponding, it is thus achieved that after the second judged result, and described method also includes:
When described second judged result is no, determine that described first memory access address is invalid memory access address;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
Alternatively, it is specially the first reading instruction of data or instruction at described first address properties, or is
First operating instruction of one program;And described second address properties specially characterizes in described physical address and deposits
When containing the first kind storage address of data or instruction, when described second judged result is for being, it is judged that
Characterize the second address that the first address properties of described first memory access address is the most corresponding with described physical address
Attribute matches, it is thus achieved that the first judged result, particularly as follows:
When described second judged result is for being, it is judged that whether described second address properties is and described first
What reading instruction matched is the first kind for storing data or instruction for characterizing described physical address
Memory address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first
What operating instruction matched is for running the Second Type internal memory of program ground for characterizing described physical address
Location.
Alternatively, the first memory access level of described first memory access address it is specially at described first address properties
Not, when described second address properties is specially the second memory access rank of described physical address, described second
When judged result is for being, it is judged that characterize the first address properties of described first memory access address whether with described thing
The second address properties managing address corresponding matches, it is thus achieved that the first judged result, particularly as follows:
When described second judged result is for being, it is judged that whether described first memory access rank is higher than described second
Memory access rank, it is thus achieved that the first judged result.
Alternatively, judge whether described first memory access address is effectively to visit described based on an address search table
Depositing address, it is thus achieved that after the first judged result, described method also includes:
Described first judged result be whether time, determine that described first memory access address is invalid memory access ground
Location;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
On the other hand, the embodiment of the present application additionally provides a kind of electronic equipment, including:
Processor;
W functional module, wherein, W is positive integer;
Bus, described W functional module is connected by described bus with between described processor;
Address check module, is connected with described processor and described W functional module by described bus;
Wherein, described address check module is for individual by W described in described bus access at described processor
During the first functional module in functional module, it is thus achieved that the first memory access address;
Based on an address search table, described address check module judges whether described first memory access address is effective
Memory access address, it is thus achieved that the first judged result;
When described first judged result is for being, described processor performs first based on described first memory access address
Operation.
Alternatively, described address check module specifically for:
Obtain an address search table;
Based on described address search table, described first memory access address is carried out address check, it is thus achieved that the first detection knot
Really;
Judge whether described first memory access address is effective memory access address based on described first testing result, it is thus achieved that
First judged result.
Alternatively, described address check module specifically for:
Determining the N number of effective list item comprised in M list item in described address search table, wherein, M is
Positive integer, N is the positive integer less than or equal to M;
Judge described first memory access address whether with the physics in K list item in described N number of effective list item
Address is corresponding, it is thus achieved that the second judged result, and wherein, K is the positive integer less than or equal to N;
When described second judged result is for being, it is judged that characterize the first address properties of described first memory access address
Second address properties the most corresponding with described physical address matches, it is thus achieved that the first judged result.
Alternatively, described address check module specifically for:
Judge that described first memory access address is the most identical with the first physical address in described K list item, it is thus achieved that
Second judged result.
Alternatively, described address check module specifically for:
Judge whether described first memory access address is positioned in the first physical address section in described K list item, obtain
Obtain the second judged result.
Alternatively, described address check module judge described first memory access address whether with described N number of effectively
The physical address in K list item in list item is corresponding, it is thus achieved that after the second judged result, be additionally operable to:
When described second judged result is no, determine that described first memory access address is invalid memory access address;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described the
One operation.
Alternatively, described address check module is specially the first of data or instruction at described first address properties
Read instruction, or be the first operating instruction of a program;And described second address properties be specially characterize described
When in physical address, storage has the first kind storage address of data or instruction, specifically for:
When described second judged result is for being, it is judged that whether described second address properties is to read with described first
Instruction fetch match for characterizing in described physical address is the first kind for storing data or instruction
Deposit address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first fortune
What row instruction matched is the Second Type memory address for running program for characterizing described physical address.
Alternatively, described address check module is specially described first memory access address at described first address properties
The first memory access rank, when described second address properties is specially the second memory access rank of described physical address,
Specifically for:
When described second judged result is for being, it is judged that whether described first memory access rank visits higher than described second
Deposit rank, it is thus achieved that the first judged result.
Alternatively, described address check module judges described first memory access ground described based on an address search table
Whether location is effective memory access address, it is thus achieved that after the first judged result, be additionally operable to:
Described first judged result be whether time, determine that described first memory access address is invalid memory access address;
Wherein, when determining that described first memory access address is described invalid memory access address, described processor interrupts
Described first operation.
Said one in the embodiment of the present application or multiple technical scheme, at least have one or more skills following
Art effect:
In the technical scheme of the application, when CPU produces one group of memory access address, by using described
Processor in electronic equipment is connected by bus foundation with W functional module, and is visited by described bus
When asking the first functional module in described N number of functional module, it is thus achieved that the first memory access address, based on an address
Look-up table judges whether described first memory access address is effective memory access address, it is thus achieved that the first judged result;?
When described first judged result is for being, described server performs the first operation based on described first memory access address
Technological means, thus by bus system, described first memory access address is done memory address section examine
Survey, when testing result shows that described first memory access address is effective memory access address, CPU just can perform with
The operational order that memory access address is corresponding, so, it is achieved that the technology effect to computer system security protection
Really.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, by increasing hardware protection mechanism inside CPU,
Once use existing CPU IP do SOC(system on a chip) (System on a Chip, i.e. SoC) integrated time,
It is difficult to change the security strategy being integrated in inside CPU, and the setting of the physical memory in the SoC of reality
Possible difference is very big, and then causes protection scheme of the prior art cannot be transplanted to mobile field, and this Shen
Technical scheme please, can protect according to the internal memory that arranges of actual physics internal memory, so, it is achieved that
The technique effect of internal memory protection is set according to actual physics internal memory.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, by increasing hardware protection mechanism inside CPU,
And protect for virtual address, and need each page address will be the most numerous of relative set
Trivial handling process, so, it is achieved that the technique effect that protection flow process is the most succinct.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, being required for what CPU internal virtual address carried
Address hierarchy realizes the restriction accessing address spatial scalability, and the virtual address that but there is different stage can be reflected
Being mapped on same physical memory, such as, virtual address is core space, power user space, use respectively
Space, family, but reality is mapped on same physical memory, and then it is not reaching to intended safety, institute
With, the protection being directed to physical address in the technical scheme of the application, greatly achieve address space
The technique effect that graded access effectively limits.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to enforcement
In example description, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only
It is only some embodiments of the present invention.
Fig. 1 is the flow chart of a kind of information processing method in the embodiment of the present application one;
Fig. 2 is the method flow diagram of step S102 in a kind of information processing method in the embodiment of the present application one;
Fig. 3 is the method flow diagram of step S203 in a kind of information processing method in the embodiment of the present application one;
Fig. 4 is method flow after step S302 in a kind of information processing method in the embodiment of the present application one
Figure;
Fig. 5 is method flow after step S103 in a kind of information processing method in the embodiment of the present application one
Figure;
The functional structure block diagram of a kind of electronic equipment that Fig. 6 provides for the embodiment of the present application two.
Detailed description of the invention
The embodiment of the present invention provides a kind of information processing method and electronic equipment, is used for solving to deposit in prior art
Technical problem in computer system security difference, it is achieved that the technology effect to computer system security protection
Really.
Technical scheme in the embodiment of the present application is to solve above-mentioned technical problem, and general thought is as follows:
A kind of information processing method, is applied in an electronic equipment, and described method includes:
Processor in described electronic equipment is connected by bus foundation with W functional module, and passes through
During the first functional module in W functional module described in described bus access, it is thus achieved that the first memory access address,
Wherein, W is positive integer;
Judge whether described first memory access address is effective memory access address based on an address search table, it is thus achieved that the
One judged result;
When described first judged result is for being, described server performs the based on described first memory access address
One operation.
In the technical scheme of the application, when CPU produces one group of memory access address, by using described
Processor in electronic equipment is connected by bus foundation with W functional module, and is visited by described bus
When asking the first functional module in described N number of functional module, it is thus achieved that the first memory access address, based on an address
Look-up table judges whether described first memory access address is effective memory access address, it is thus achieved that the first judged result;?
When described first judged result is for being, described server performs the first operation based on described first memory access address
Technological means, thus by bus system, described first memory access address is done memory address section examine
Survey, when testing result shows that described first memory access address is effective memory access address, CPU just can perform with
The operational order that memory access address is corresponding, so, it is achieved that the technology effect to computer system security protection
Really.
In order to be better understood from technique scheme, below by accompanying drawing and specific embodiment to the present invention
Technical scheme is described in detail, it should be understood that the specific features in the embodiment of the present application and embodiment is right
The detailed description of technical solution of the present invention rather than the restriction to technical solution of the present invention, do not conflict
In the case of, the technical characteristic in the embodiment of the present application and embodiment can be combined with each other.
Embodiment one
In specific implementation process, this information processing method can be applicable to an electronic equipment, and described electronics sets
Specifically standby can be mobile phone, panel computer, notebook computer, it is also possible to be that other electronics sets
Standby, just differing at this one schematically illustrates.In above-mentioned electronic equipment, can integrated SoC or microsystem with
And other computer system, the most do not make concrete restriction.Described processor can be specially
MIPS CPU, it is also possible to be ARM CPU, just differing at this one schematically illustrates.
Refer to Fig. 1, the embodiment of the present application provides a kind of information processing method, and described method includes:
S101: the processor in described electronic equipment is connected by bus foundation with W functional module,
And during by the first functional module in W functional module described in described bus access, it is thus achieved that the first memory access
Address, wherein, W is positive integer;
S102: judge whether described first memory access address is effective memory access address based on an address search table,
Obtain the first judged result;
S103: when described first judged result is for being, described server is based on described first memory access address
Perform the first operation.
Bus in the embodiment of the present application can be AHB, AXI, OCP mono-kind, it is also possible to be three kinds
Any type of combination, naturally it is also possible to be the bus of other form, just differing at this one schematically illustrates.Under
The embodiment in face will be described in detail as a example by ahb bus.
First the processor in mobile phone is connected with being set up by bus between W functional module, and the application is real
Executing described W the functional module in example can be multiple MPU, DSP, MCU or other compound IP
Core, such as, SRAM, DRAM, SDRAM, depositor etc., repeat the most one by one at this.Lift
For individual specific example, CPU needs to access the unit that physical address is oxfa000, then at x86
On reason device platform, the access to 0xfa000 address in a pci bus, wherein, 0xfa000 can be produced
It is the first memory access address of acquisition, this memory access address or in internal memory, such as DRAM, or
Memory element on certain card, in some instances it may even be possible to do not have the memorizer of correspondence on this address.
In the embodiment of the present application, refer to Fig. 2, step 102: judge described based on an address search table
Whether the first memory access address is effective memory access address, it is thus achieved that the first judged result, specifically includes:
S201: obtain an address search table;
S202: based on described address search table, described first memory access address is carried out address check, it is thus achieved that first
Testing result;
S203: judge whether described first memory access address is effective memory access ground based on described first testing result
Location, it is thus achieved that the first judged result.
In specific implementation process, it is as follows that step S201 to step S203 implements process, first, obtains
An address search table, described address search table is true according to the concrete operating system of processor in electronic equipment
Fixed, wherein, operating system can be 32, it is also possible to is 64, etc..Described address search table
In set list item number then by concrete operating system to instruction, or data, or address space drawn
The block of address space number divided is determined.For giving a concrete illustration, as a example by 32-bit operating system,
And this operating system divided block of address space number is 22 pieces, then list item number has 32, and this
In the case of, 32 power, i.e. about the 4G that memory address space is 2 of this processor.Additionally, each item
The length of list item is by different because of system.In the embodiment of the present application, each list item of address search table has
Body includes these three contents of address field, significance bit and address properties.Wherein, address field can have 2 kinds
Form, the first form is the situation that each item only has 1 address, and this address represents the base of physical memory
Address, and for SoC system, the concrete length of address field can be different because of SoC system.Such as,
10bits address can represent that 20bits address can represent with " M " as limit with " K " address as border
The address on boundary.The second form is, each item can have two addresses, and 1 represents high address, 1 table
Show low address.It is the most effective that significance bit is mainly used to indicate each list item.Address properties is then right for identifying
The address field answered is for instruction segment, or data segment, or for indicating the rank of the address field of correspondence
Attribute.For those of ordinary skill in the art, list item number and every can be determined according to actual needs
The length of individual list item, repeats the most one by one at this.
In the embodiment of the present application, obtaining after address search table, perform step S202: based on described
Location look-up table carries out address check to the first memory access address, it is thus achieved that the first testing result.Continue with memory access address
As a example by 0xfa000, say, that this memory access address is carried out ground with each list item in address search table
Location is detected, and then obtains corresponding testing result.
In the embodiment of the present application, refer to Fig. 3, step S203: judge based on described first testing result
Whether described first memory access address is effective memory access address, it is thus achieved that the first judged result, specifically includes:
S301: determine the N number of effective list item comprised in M list item in described address search table, wherein,
M is positive integer, and N is the positive integer less than or equal to M;
S302: judge described first memory access address whether with in K list item in described N number of effective list item
Physical address corresponding, it is thus achieved that the second judged result, wherein, K is the positive integer less than or equal to N;
S303: when described second judged result is for being, it is judged that characterize the first ground of described first memory access address
The second address properties that location attribute is the most corresponding with described physical address matches, it is thus achieved that first judges knot
Really.
In the embodiment of the present application, first all of list item is determined from address search table effective list item,
For giving a concrete illustration, as a example by 32-bit operating system, and the divided address space of this operating system
Block number is 22 pieces, then list item number has 32, and wherein effectively list item is 22, and invalid list item is 10,
Wherein, the most effectively can arrange valid bit for list item be 1bit, and e.g., " 0 " represents invalid, " 1 "
Represent effectively.After determining 22 effective list items, then do address field inspection, say, that, it is judged that visit
Deposit the physical address in whether with 22 effective list items of address 0xfa000 corresponding, it is thus achieved that the second judged result.
If there is there being the physical address corresponding with memory access address 0xfa000, then after carrying out address field inspection
Then do address properties inspection, it is judged that the first corresponding for memory access address 0xfa000 address properties whether with in list item
Second address properties of corresponding physical address matches, it is thus achieved that the first judged result, and then can be true
Make whether this memory access address is effective memory access address.
In the embodiment of the present application, step S302: judge that described first memory access address is the most N number of with described
The effectively physical address in K list item in list item is corresponding, it is thus achieved that the second judged result, specifically has following
Two kinds of implementations, when being not limited only to following two implementation, those of ordinary skill in the art can root
It is correspondingly improved according to concrete needs.
The first implementation
When the address field only one of which address in list item each in the look-up table of address, and this address is for representing physics
During the base address of internal memory, the first implementation is particularly as follows: judge that whether described first memory access address is with described
The first physical address in K list item is identical, it is thus achieved that the second judged result.Continuation with memory access address is
0xfa000, as a example by effective list item is 22, if there being the physical address of a list item in 22 effective list items
For 0xfa000, then this memory access address is identical with the physical address of this list item, say, that the two address field
Coupling.
The second implementation
When by 2, the address field in list item each in the look-up table of address represents that high address and high address form respectively
Time, the second implementation is particularly as follows: judge whether described first memory access address is positioned in described K list item
The first physical address section in, it is thus achieved that the second judged result.That is, it is judged that whether the first memory access address
It is positioned at address space corresponding to one of them list item in effective list item.Continue with memory access address as 0xfa000,
As a example by effectively list item is 22, if 22 effective list items there being the address space of a list item be
0xf000-0xff00, then this memory access address is positioned at this address space, then it is assumed that this memory access address and this table
Item address field coupling.
In the embodiment of the present application, refer to Fig. 4, in step S302: judge that described first memory access address is
The physical address in K list item in no and described N number of effective list item is corresponding, it is thus achieved that second judges knot
After Guo, execution step:
S401: when described second judged result is no, determines that described first memory access address is invalid memory access ground
Location;
S402: when determining that described first memory access address is described invalid memory access address, described processor interrupts
Described first operation.
In specific implementation process, no matter use the implementation which kind of address field whether mate, when first visits
The address space corresponding to any one list item deposited in address and list item does not mates, then the first memory access ground
Location is then invalid memory access address.When the first memory access address is invalid memory access address, CPU is to current first
Memory access address then returns ineffective access result, and interrupts first operation corresponding with the first memory access address, logical
Know that CPU carries out subsequent treatment.
In the embodiment of the present application, step S303: when described second judged result is for being, it is judged that characterize institute
State the second address properties phase that the first address properties of the first memory access address is the most corresponding with described physical address
Coupling, it is thus achieved that the first judged result, specifically has following two judgment mode, but is not limited only to following two and sentences
Disconnected mode, those of ordinary skill in the art can design corresponding judgment mode according to concrete needs.
The first judgment mode
The first judgment mode refers in the first reading of described first address properties specially data or instruction
Order, or be the first operating instruction of a program;And described second address properties specially characterizes described physics
When in address, storage has the first kind storage address of data or instruction, it is yes in described second judged result
Time, it is judged that the first address properties characterizing described first memory access address is the most corresponding with described physical address
Second address properties matches, it is thus achieved that the first judged result, particularly as follows:
When described second judged result is for being, it is judged that whether described second address properties is and described first
What reading instruction matched is the first kind for storing data or instruction for characterizing described physical address
Memory address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first
What operating instruction matched is for running the Second Type internal memory of program ground for characterizing described physical address
Location.
In specific implementation process, when CPU goes fetching in internal memory by bus and based on the first memory access address
Order, or data, the first address properties corresponding to described first memory access address is specially data or instruction
First reads instruction.So, now, in order to by the first address properties of described first memory access address and effectively
The second address properties in list item carries out address properties coupling, and correspondingly, in address search table, each list item is deposited
It is for instruction segment that the address properties of storage specially characterizes its interior address field, or data segment.Continue to visit
Depositing address is 0xfa000, and effective list item is 22, and as a example by mating with the address field of one of them list item,
If this memory access address 0xfa000 corresponds to data segment, and the address field attribute of the list item matched is for referring to
The section of order, then the two address properties does not mates, if the address field attribute of the list item matched is data segment,
Then the two address properties coupling.Wherein, in implementing, in list item each in address search table
It is 1bit that the arranging of location attribute can arrange valid bit, and e.g., " 0 " represents data, and " 1 " represents instruction,
Can certainly be that " 0 " represents instruction, " 1 " represents data.
In the embodiment of the present application, when CPU by bus and based on the first memory access address go internal memory run one
During program, the first address properties corresponding to described first memory access address is specially the first operating instruction, then,
Now, in order to by the second address properties in the first address properties of described first memory access address and effective list item
Carry out address properties coupling, correspondingly, in address search table the second address properties of each list item storage be with
Described first operating instruction match for characterizing in the list item that mates with the first memory access address address section
Physical address is the Second Type memory address for running this program.
The second judgment mode
The second judgment mode is specially the first visit of described first memory access address at described first address properties
Deposit rank, when described second address properties is specially the second memory access rank of described physical address, described
When second judged result is for being, it is judged that characterize the first address properties of described first memory access address whether and institute
The second address properties stating physical address corresponding matches, it is thus achieved that the first judged result, particularly as follows:
When described second judged result is for being, it is judged that whether described first memory access rank is higher than described second
Memory access rank, it is thus achieved that the first judged result.
In order to realize CPU, address spatial scalability is accessed, thus reach higher safety, still can adopt
The technical scheme provided by the application.In specific implementation process, the bus accessing internal memory for CPU sets
Putting address search table, each item of address search table comprises address field, significance bit, address properties.Whenever
When CPU produces one group of memory access address, do address inspection for each list item in above-mentioned address search table
Look into, the inspection wherein inspection and the address field of list item effectiveness mated and the first judgment mode are adopted
Scheme identical, the inspection about address properties coupling is then required for different CPU and carries out accordingly
Check.Generally, the inspection rule used is: each memory access address properties, can access not higher than
The address space of its attribute.Such as: three grades of privilege space are typically divided into for MIPS CPU, respectively
It is core space (Kernel), power user space (Supervisor), user's space (User), now
Second address space attribute mainly has this three grades of memory access ranks.When the code of operating system oneself runs,
MIPS CPU, just for core stage, the most only allows it run in user class, the most such as when the program of user is run
Really the program of user is if it is intended to do the thing of destruction system, then can not accomplish, the most greatly
Improve the safety of computer system.According to checking that rule core stage memory access address properties can access core
Level, and superuser-level, and the address space corresponding to the address properties of user class.Superuser-level
The address corresponding to address properties that memory access address properties then can access superuser-level and user class is empty
Between.User class memory access address properties then can only access the address space corresponding to address properties of user class.
For another example, ARM Cortex-M3CPU has two-stage privileged operation, is level of privilege and user class respectively, that
Setting to the second address properties is mainly level of privilege memory access rank and user class memory access rank.Namely
Saying, the privilege space divided for different CPU is different, and the corresponding physical address in list item is corresponding
The second address properties the most different, it is not limited to above-mentioned two kinds of division methods, for this area
Those of ordinary skill can design the most accordingly, and just differing at this one schematically illustrates.
In specific implementation process, continuing as a example by memory access address is as 0xfa000, processor is MIPS CPU
Time, if the attribute of this memory access address is User, with a certain effective table entry address in 22 effective list items
Join, but the address properties of this list item is Kernel, then mean that the first memory access rank is less than the second memory access level
Not, then this reference address is invalid memory access address.If the attribute of this memory access address is Kernel, with 22
A certain effective address coupling in individual effective list item, and the address properties of this list item is Kernel, then mean the
One memory access rank and the second memory access rank are same rank, can effectively access.Implementing process
In, for those of ordinary skill in the art, come according to the prerogative grade number that different CPU is divided
Second memory access attribute is specifically set.Such as, MIPS CPU has three prerogative grades, just can be with table with two
Showing the second memory access attribute corresponding to these three prerogative grade, for giving a concrete illustration, " 00 " represents
Kernel, " 01 " represents Supervisor, " 10 " expression " User ", certainly can also have other realization
Form, repeats the most one by one at this.
In the embodiment of the present application, refer to Fig. 5, after step s 103, execution step:
S501: described first judged result be whether time, determine that described first memory access address is invalid memory access
Address;
S502: when determining that described first memory access address is described invalid memory access address, described processor interrupts
Described first operation.
In specific implementation process, continue as a example by memory access address is as 0xfa000, when address field does not mates,
Or address field coupling, but when address properties does not mates, then this memory access address is invalid memory access address,
Now CPU will can not carry out the operation corresponding to the first reading instruction or the first operating instruction.
Embodiment two
Based on the inventive concept that information processing method in the embodiment of the present application one is same, refer to Fig. 6, this Shen
Embodiment please additionally provide a kind of electronic equipment, including:
Processor 60;
W functional module, wherein, W is positive integer;
Bus, described W functional module is connected by bus with between processor 60;
Address check module 61, is connected with processor 60 and described W functional module by bus;
Wherein, address check module 61 is for passing through W function mould described in bus access at processor 60
During the first functional module 62 in block, it is thus achieved that the first memory access address;
Based on an address search table, address check module 61 judges whether described first memory access address is effectively to visit
Deposit address, it is thus achieved that the first judged result;
When described first judged result is for being, processor 60 performs the first operation based on described first memory access address.
In the embodiment of the present application, address check module 61 specifically for:
Obtain an address search table;
Based on described address search table, described first memory access address is carried out address check, it is thus achieved that the first detection knot
Really;
Judge whether described first memory access address is effective memory access address based on described first testing result, it is thus achieved that
First judged result.
In the embodiment of the present application, address check module 61 specifically for:
Determining the N number of effective list item comprised in M list item in described address search table, wherein, M is
Positive integer, N is the positive integer less than or equal to M;
Judge described first memory access address whether with the physics in K list item in described N number of effective list item
Address is corresponding, it is thus achieved that the second judged result, and wherein, K is the positive integer less than or equal to N;
When described second judged result is for being, it is judged that characterize the first address properties of described first memory access address
Second address properties the most corresponding with described physical address matches, it is thus achieved that the first judged result.
In the embodiment of the present application, the judgement whether address field is mated by address check module 61 specifically has two
Plant implementation, but be not limited only to following two implementation.
The first implementation, address check module 61 specifically for:
Judge that described first memory access address is the most identical with the first physical address in described K list item, it is thus achieved that
Second judged result.
The second implementation, address check module 61 specifically for:
Judge whether described first memory access address is positioned in the first physical address section in described K list item, obtain
Obtain the second judged result.
In the embodiment of the present application, address check module 61 is judging that whether and institute described first memory access address
State the physical address in K list item in N number of effective list item corresponding, it is thus achieved that after the second judged result,
It is additionally operable to:
When described second judged result is no, determine that described first memory access address is invalid memory access address;
When determining that described first memory access address is described invalid memory access address, processor 60 interrupts described
One operation.
In the embodiment of the present application, the judgement whether address properties is mated by address check module 61 mainly with
Lower two kinds of judgment modes, but it is not limited only to following two judgment mode.
The first judgment mode
Address check module 61 is specially the first reading instruction of data or instruction at described first address properties,
Or be the first operating instruction of a program;And described second address properties specially characterizes in described physical address
When storage has the first kind storage address of data or instruction, specifically for:
When described second judged result is for being, it is judged that whether described second address properties is to read with described first
Instruction fetch match for characterizing in described physical address is the first kind for storing data or instruction
Deposit address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first fortune
What row instruction matched is the Second Type memory address for running program for characterizing described physical address.
The second judgment mode
Address check module 61 is specially the first visit of described first memory access address at described first address properties
Deposit rank, when described second address properties is specially the second memory access rank of described physical address, specifically for:
When described second judged result is for being, it is judged that whether described first memory access rank visits higher than described second
Deposit rank, it is thus achieved that the first judged result.
In the embodiment of the present application, address check module 61 is described described based on an address search table judgement
Whether the first memory access address is effective memory access address, it is thus achieved that after the first judged result, be additionally operable to:
Described first judged result be whether time, determine that described first memory access address is invalid memory access address;
Wherein, when determining that described first memory access address is described invalid memory access address, processor 60 interrupts
Described first operation.
By the one or more technical schemes in the embodiment of the present application, it is possible to achieve following one or more skills
Art effect:
In the technical scheme of the application, when CPU produces one group of memory access address, by using described
Processor in electronic equipment is connected by bus foundation with W functional module, and is visited by described bus
When asking the first functional module in described N number of functional module, it is thus achieved that the first memory access address, based on an address
Look-up table judges whether described first memory access address is effective memory access address, it is thus achieved that the first judged result;?
When described first judged result is for being, described server performs the first operation based on described first memory access address
Technological means, thus by bus system, described first memory access address is done memory address section examine
Survey, when testing result shows that described first memory access address is effective memory access address, CPU just can perform with
The operational order that memory access address is corresponding, so, it is achieved that the technology effect to computer system security protection
Really.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, by increasing hardware protection mechanism inside CPU,
Once use existing CPU IP do SOC(system on a chip) (System on a Chip, i.e. SoC) integrated time,
It is difficult to change the security strategy being integrated in inside CPU, and the setting of the physical memory in the SoC of reality
Possible difference is very big, and then causes protection scheme of the prior art cannot be transplanted to mobile field, and this Shen
Technical scheme please, can protect according to the internal memory that arranges of actual physics internal memory, so, it is achieved that
The technique effect of internal memory protection is set according to actual physics internal memory.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, by increasing hardware protection mechanism inside CPU,
And protect for virtual address, and need each page address will be the most numerous of relative set
Trivial handling process, so, it is achieved that the technique effect that protection flow process is the most succinct.
Further, owing to have employed the technical scheme of the application, it is possible to be directed to physical address and carry out greatly
The protection of sector address, and unlike in the prior art, being required for what CPU internal virtual address carried
Address hierarchy realizes the restriction accessing address spatial scalability, and the virtual address that but there is different stage can be reflected
Being mapped on same physical memory, such as, virtual address is core space, power user space, use respectively
Space, family, but reality is mapped on same physical memory, and then it is not reaching to intended safety, institute
With, the protection being directed to physical address in the technical scheme of the application, greatly achieve address space
The technique effect that graded access effectively limits.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can use complete hardware embodiment, complete software implementation or knot
The form of the embodiment in terms of conjunction software and hardware.And, the present invention can use and wherein wrap one or more
Computer-usable storage medium containing computer usable program code (include but not limited to disk memory,
CD-ROM, optical memory etc.) form of the upper computer program implemented.
The present invention is with reference to method, equipment (system) and computer program product according to embodiments of the present invention
The flow chart of product and/or block diagram describe.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or flow process in square frame and flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedding
The processor of formula datatron or other programmable data processing device is to produce a machine so that by calculating
The instruction that the processor of machine or other programmable data processing device performs produces for realizing at flow chart one
The device of the function specified in individual flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and computer or the process of other programmable datas can be guided to set
In the standby computer-readable memory worked in a specific way so that be stored in this computer-readable memory
Instruction produce and include the manufacture of command device, this command device realizes in one flow process or multiple of flow chart
The function specified in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes
Sequence of operations step must be performed to produce computer implemented place on computer or other programmable devices
Reason, thus the instruction performed on computer or other programmable devices provides for realizing flow chart one
The step of the function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
Specifically, the computer program instructions that the information processing method in the embodiment of the present application is corresponding can be by
It is stored in CD, hard disk, on the storage medium such as USB flash disk, corresponding with information processing method when in storage medium
Computer program instructions read or when being performed by an electronic equipment, comprise the steps:
A kind of information processing method, described method is applied in an electronic equipment, and described method includes:
Processor in described electronic equipment is connected by bus foundation with W functional module, and passes through
During the first functional module in W functional module described in described bus access, it is thus achieved that the first memory access address,
Wherein, W is positive integer;
Judge whether described first memory access address is effective memory access address based on an address search table, it is thus achieved that the
One judged result;
When described first judged result is for being, described server performs the based on described first memory access address
One operation.
Alternatively, store in described storage medium and step, described described based on an address search table judgement
Whether the first memory access address is effective memory access address, it is thus achieved that the first judged result, corresponding computer program
Instruction when executed, specifically includes:
Obtain an address search table;
Based on described address search table, described first memory access address is carried out address check, it is thus achieved that the first detection
Result;
Judge whether described first memory access address is effective memory access address based on described first testing result, obtain
Obtain the first judged result.
Alternatively, store in described storage medium and step, described based on described first testing result judgement
Whether described first memory access address is effective memory access address, it is thus achieved that the first judged result, corresponding computer
When executed, corresponding computer program instructions when executed, specifically includes programmed instruction:
Determining the N number of effective list item comprised in M list item in described address search table, wherein, M is
Positive integer, N is the positive integer less than or equal to M;
Judge described first memory access address whether with the physics in K list item in described N number of effective list item
Address is corresponding, it is thus achieved that the second judged result, and wherein, K is the positive integer less than or equal to N;
When described second judged result is for being, it is judged that the first address characterizing described first memory access address belongs to
Property second address properties the most corresponding with described physical address matches, it is thus achieved that the first judged result.
Alternatively, in described storage medium storage and step, described whether judge described first memory access address
Corresponding with the physical address in K list item in described N number of effective list item, it is thus achieved that second judges knot
Really, corresponding computer program instructions when executed, particularly as follows:
Judge that described first memory access address is the most identical with the first physical address in described K list item, obtain
Obtain the second judged result.
Alternatively, in described storage medium storage and step, described whether judge described first memory access address
Corresponding with the physical address in K list item in described N number of effective list item, it is thus achieved that second judges knot
Really, corresponding computer program instructions when executed, particularly as follows:
Judge whether described first memory access address is positioned in the first physical address section in described K list item,
Obtain the second judged result.
Alternatively, store in described storage medium and step, in the described first memory access address of described judgement be
The physical address in K list item in no and described N number of effective list item is corresponding, it is thus achieved that second judges knot
After Guo, when executed, described method also includes corresponding computer program instructions:
When described second judged result is no, determine that described first memory access address is invalid memory access address;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
Alternatively, store in described storage medium and step, it is specially data at described first address properties
Or the first reading instruction of instruction, or it is the first operating instruction of a program;And described second address properties
When specially characterizing the first kind storage address that storage in described physical address has data or instruction, in institute
When stating the second judged result for being, it is judged that characterize the first address properties of described first memory access address whether and
The second address properties that described physical address is corresponding matches, it is thus achieved that the first judged result, corresponding calculating
Machine programmed instruction when executed, particularly as follows:
When described second judged result is for being, it is judged that whether described second address properties is and described first
What reading instruction matched is the first kind for storing data or instruction for characterizing described physical address
Memory address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first
What operating instruction matched is for running the Second Type internal memory of program ground for characterizing described physical address
Location.
Alternatively, store in described storage medium and step, it is specially described at described first address properties
First memory access rank of the first memory access address, described second address properties is specially the of described physical address
During two memory access ranks, when described second judged result is for being, it is judged that characterize described first memory access address
The second address properties that first address properties is the most corresponding with described physical address matches, it is thus achieved that first sentences
Disconnected result, corresponding computer program instructions when executed, particularly as follows:
When described second judged result is for being, it is judged that whether described first memory access rank is higher than described second
Memory access rank, it is thus achieved that the first judged result.
Alternatively, store in described storage medium and step, judge institute described based on an address search table
State whether the first memory access address is effective memory access address, it is thus achieved that after the first judged result, corresponding calculating
When executed, described method also includes machine programmed instruction:
Described first judged result be whether time, determine that described first memory access address is invalid memory access ground
Location;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know base
This creativeness concept, then can make other change and amendment to these embodiments.So, appended right is wanted
Ask and be intended to be construed to include preferred embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification without deviating from this to the present invention
Bright spirit and scope.So, if the present invention these amendment and modification belong to the claims in the present invention and
Within the scope of its equivalent technologies, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. an information processing method, is applied in an electronic equipment, and described method includes:
Processor in described electronic equipment is connected by bus foundation with W functional module, and passes through
During the first functional module in W functional module described in described bus access, it is thus achieved that the first memory access address,
Wherein, W is positive integer;
Judge whether described first memory access address is effective memory access address based on an address search table, it is thus achieved that the
One judged result;
When described first judged result is for being, described processor performs the based on described first memory access address
One operation.
2. the method for claim 1, it is characterised in that described based on an address search table judgement
Whether described first memory access address is effective memory access address, it is thus achieved that the first judged result, specifically includes:
Obtain an address search table;
Based on described address search table, described first memory access address is carried out address check, it is thus achieved that the first detection
Result;
Judge whether described first memory access address is effective memory access address based on described first testing result, obtain
Obtain the first judged result.
3. method as claimed in claim 2, it is characterised in that described based on described first testing result
Judge whether described first memory access address is effective memory access address, it is thus achieved that the first judged result, specifically wrap
Include:
Determining the N number of effective list item comprised in M list item in described address search table, wherein, M is
Positive integer, N is the positive integer less than or equal to M;
Judge described first memory access address whether with the physics in K list item in described N number of effective list item
Address is corresponding, it is thus achieved that the second judged result, and wherein, K is the positive integer less than or equal to N;
When described second judged result is for being, it is judged that the first address characterizing described first memory access address belongs to
Property second address properties the most corresponding with described physical address matches, it is thus achieved that the first judged result.
4. method as claimed in claim 3, it is characterised in that the described first memory access address of described judgement
The most corresponding with the physical address in K list item in described N number of effective list item, it is thus achieved that second judges
As a result, particularly as follows:
Judge that described first memory access address is the most identical with the first physical address in described K list item, obtain
Obtain the second judged result.
5. method as claimed in claim 3, it is characterised in that the described first memory access address of described judgement
The most corresponding with the physical address in K list item in described N number of effective list item, it is thus achieved that second judges
As a result, particularly as follows:
Judge whether described first memory access address is positioned in the first physical address section in described K list item,
Obtain the second judged result.
6. the method as described in claim 4 or 5, it is characterised in that visit in described judgement described first
Deposit address the most corresponding with the physical address in K list item in described N number of effective list item, it is thus achieved that the
After two judged results, described method also includes:
When described second judged result is no, determine that described first memory access address is invalid memory access address;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
7. the method as described in claim 4 or 5, it is characterised in that at described first address properties tool
Body is the first reading instruction of data or instruction, or is the first operating instruction of a program;And described second
Address properties specially characterizes storage in described physical address the first kind storage address of data or instruction
Time, when described second judged result is for being, it is judged that the first address characterizing described first memory access address belongs to
Property second address properties the most corresponding with described physical address match, it is thus achieved that the first judged result, tool
Body is:
When described second judged result is for being, it is judged that whether described second address properties is and described first
What reading instruction matched is the first kind for storing data or instruction for characterizing described physical address
Memory address, it is thus achieved that the first judged result;Or
When described second judged result is for being, it is judged that whether described second address properties is and described first
What operating instruction matched is for running the Second Type internal memory of program ground for characterizing described physical address
Location.
8. the method as described in claim 4 or 5, it is characterised in that at described first address properties tool
Body is the first memory access rank of described first memory access address, and described second address properties is specially described physics
During the second memory access rank of address, when described second judged result is for being, it is judged that characterize described first and visit
The second address properties depositing the first address properties of address the most corresponding with described physical address matches, and obtains
Obtain the first judged result, particularly as follows:
When described second judged result is for being, it is judged that whether described first memory access rank is higher than described second
Memory access rank, it is thus achieved that the first judged result.
9. the method as described in claim Isosorbide-5-Nitrae or 5, it is characterised in that look into based on an address described
Table is looked for judge whether described first memory access address is effective memory access address, it is thus achieved that after the first judged result,
Described method also includes:
Described first judged result be whether time, determine that described first memory access address is invalid memory access ground
Location;
When determining that described first memory access address is described invalid memory access address, described processor interrupts described
First operation.
10. an electronic equipment, including:
Processor;
W functional module, wherein, W is positive integer;
Bus, described W functional module is connected by described bus with between described processor;
Address check module, is connected with described processor and described W functional module by described bus;
Wherein, described address check module is for individual by W described in described bus access at described processor
During the first functional module in functional module, it is thus achieved that the first memory access address;
Based on an address search table, described address check module judges whether described first memory access address is effective
Memory access address, it is thus achieved that the first judged result;
When described first judged result is for being, described processor performs the based on described first memory access address
One operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510145712.7A CN106155939B (en) | 2015-03-30 | 2015-03-30 | A kind of information processing method and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510145712.7A CN106155939B (en) | 2015-03-30 | 2015-03-30 | A kind of information processing method and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106155939A true CN106155939A (en) | 2016-11-23 |
CN106155939B CN106155939B (en) | 2019-05-31 |
Family
ID=57340338
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510145712.7A Active CN106155939B (en) | 2015-03-30 | 2015-03-30 | A kind of information processing method and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106155939B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107562515A (en) * | 2017-08-04 | 2018-01-09 | 致象尔微电子科技(上海)有限公司 | A kind of method of the managing internal memory in virtualization technology |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7191306B2 (en) * | 2002-11-14 | 2007-03-13 | Samsung Electronics Co., Ltd. | Flash memory, and flash memory access method and apparatus |
CN101566972A (en) * | 2009-05-12 | 2009-10-28 | 苏州国芯科技有限公司 | Safety control method of user multi-partitioned memory space access right in embedded system |
CN103838550A (en) * | 2012-11-26 | 2014-06-04 | 上海芯豪微电子有限公司 | Branch treatment system and method |
CN104158744A (en) * | 2014-07-09 | 2014-11-19 | 中国电子科技集团公司第三十二研究所 | Method for building table and searching for network processor |
-
2015
- 2015-03-30 CN CN201510145712.7A patent/CN106155939B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7191306B2 (en) * | 2002-11-14 | 2007-03-13 | Samsung Electronics Co., Ltd. | Flash memory, and flash memory access method and apparatus |
CN101566972A (en) * | 2009-05-12 | 2009-10-28 | 苏州国芯科技有限公司 | Safety control method of user multi-partitioned memory space access right in embedded system |
CN103838550A (en) * | 2012-11-26 | 2014-06-04 | 上海芯豪微电子有限公司 | Branch treatment system and method |
CN104158744A (en) * | 2014-07-09 | 2014-11-19 | 中国电子科技集团公司第三十二研究所 | Method for building table and searching for network processor |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107562515A (en) * | 2017-08-04 | 2018-01-09 | 致象尔微电子科技(上海)有限公司 | A kind of method of the managing internal memory in virtualization technology |
CN107562515B (en) * | 2017-08-04 | 2021-09-07 | 海光信息技术股份有限公司 | Method for managing memory in virtualization technology |
Also Published As
Publication number | Publication date |
---|---|
CN106155939B (en) | 2019-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10810309B2 (en) | Method and system for detecting kernel corruption exploits | |
CN109002706B (en) | In-process data isolation protection method and system based on user-level page table | |
KR102347562B1 (en) | Security Control Methods and Computer Systems | |
KR101378639B1 (en) | Security protection for memory content of processor main memory | |
CN104823173B (en) | The access type for keeping for memory that processor logic uses is protected | |
CN105393229B (en) | Page fault injection in virtual machine | |
US20180336342A1 (en) | Techniques for secure-chip memory for trusted execution environments | |
US9286245B2 (en) | Hardware enforced memory access permissions | |
US8850573B1 (en) | Computing device with untrusted user execution mode | |
CN106576105A (en) | Non-invasive whitelisting | |
CN113094764A (en) | Trusted local memory management in virtual GPU | |
CN108351830A (en) | Hardware device and method for memory damage detection | |
CN107949846A (en) | The detection of malice thread suspension | |
CN106776929A (en) | A kind of method for information retrieval and device | |
US20090031142A1 (en) | System, Method and Computer Program Product for Processing a Memory Page | |
US8458652B2 (en) | Device, system and method of modeling homogeneous information | |
CN105677581A (en) | Internal storage access device and method | |
CN104050396B (en) | Device and method for protecting digital content | |
CN104750536B (en) | A kind of method and apparatus realized virtual machine and examined oneself | |
US8589657B2 (en) | Operating system management of address-translation-related data structures and hardware lookasides | |
Semal et al. | Leaky controller: Cross-VM memory controller covert channel on multi-core systems | |
CN107977577A (en) | access instruction access detection method and device | |
CN107229867A (en) | Kernel bug excavation method, device, computing device and computer-readable storage medium | |
CN105793864A (en) | System and method of detecting malicious multimedia files | |
CN106155939A (en) | A kind of information processing method and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |