CN108460287A - The division methods in user's control region and memory protect system in memory protection location - Google Patents

The division methods in user's control region and memory protect system in memory protection location Download PDF

Info

Publication number
CN108460287A
CN108460287A CN201810236110.6A CN201810236110A CN108460287A CN 108460287 A CN108460287 A CN 108460287A CN 201810236110 A CN201810236110 A CN 201810236110A CN 108460287 A CN108460287 A CN 108460287A
Authority
CN
China
Prior art keywords
region
user
access
memory
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810236110.6A
Other languages
Chinese (zh)
Inventor
景为平
钱波
景欧
景一欧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nantong University
Original Assignee
Nantong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong University filed Critical Nantong University
Priority to CN201810236110.6A priority Critical patent/CN108460287A/en
Publication of CN108460287A publication Critical patent/CN108460287A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The division methods in user's control region in the memory protection location of the present invention; on the basis of C0 MCU are the SoC systems that kernel is developed; zone permission management provided with chip interior memory FLASH; user is associated with the corresponding region of FLASH structure according to the setting of user; form the region with user property; and set the independent access rights in each region; when receiving access privilege; if the corresponding authority of region and user mismatch; error message then is returned to C0 MCU, prevents incongruent access.Advantageous effect:The ownership for ensureing system resource from hardware, does not provide a kind of good mechanism by unauthorized access for resource, effectively realizes the protection to chip interior memory.

Description

The division methods in user's control region and memory protect system in memory protection location
Technical field
The present invention relates to a kind of divisions in user's control region in embedded system field more particularly to memory protection location Method and memory protect system.
Background technology
It is frequently encountered the operation of multitask in embedded system and control exists, it is necessary in system when task run A kind of mechanism is provided to ensure that the operation of other tasks is not destroyed or influenced to being currently running for task by other tasks.In realization Stating purpose usually has two kinds of approach of software protection and hardware protection.Software protection refers to the maintenance only by software to be protected to realize The effect of system resource.In the system of multitask, reach the synchronization and communication between task by running operating system, with reality The effect of existing software protection.However, coordinating the operation of multitask using software, it generally will appear some and inevitably ask Topic.For example, when CPU wants to access to a communication serial port register, if there is the string is used in other tasks Mouthful, then this mode be have no idea prevent this operate, if be thought of as work(use this serial ports, it is necessary to by operating system come Coordinate, the operation of reasonable control task.Such unauthorized access is generally easy to destroy the communication by the serial ports, causes certain The wasting of resources and unreasonable use.
For another aspect, keep it not illegal to detect and limit the resource of system if the system has special hardware It accesses, can ensure the ownership of resource to a certain extent.When executing operation task, the rule for following hardware maintenance are needed Then, reasonably configuration access permission is carried out to its region, the protection of resource is realized in hardware degree.When CPU access does not have When the region of permission, its operation can be actively monitored, unauthorized access can then be shielded.
Invention content
Present invention aims to overcome that above-mentioned the deficiencies in the prior art, user's control in a kind of memory protection location is provided The division methods and memory in region protect system, and have made certain verification mainly for the realization in user's control region, specifically It is realized by following technical scheme:
The division methods in user's control region in the memory protection location are the SoC systems that kernel is developed in C0 MCU On the basis of, it is provided with the zone permission management of chip interior memory FLASH, according to the setting of user by user and FLASH Corresponding region structure association, forms the region with user property, and set the independent access rights in each region, is used receiving When the access rights of family, if the corresponding authority of region and user mismatch, error message is returned to C0 MCU, is prevented incongruent It accesses.
The further design of the division methods in user's control region is in the memory protection location, the regions FLASH Encryption and decryption storage can be arranged according to user's setting in data, and encryption and decryption storage operation is controlled by corresponding enable signal.
The further design of the division methods in user's control region is in the memory protection location, described to have user Whether the zone user code area UC and user data area UD of attribute, can be allowed between different user pair by register configuration It using the reading and writing at family, executes, if allow other users reading and writing, execute.
System, including storage are protected using the memory of the division methods in user's control region in the memory protection location Device, memory protection location and microprocessor, the memory are connect by memory protection location with microprocessor communication, special Sign is that the memory protection location includes control section, encryption and decryption part, output par, c and accesses violation mechanism determination unit Point:
The control section includes:
Program pointer comparing unit realizes the comparison of program pointer and each region configuration boundary address, where determining program Region;
Address comparing unit realizes the comparison of access address and each region configuration boundary address, where determining access address Region;
Access rights judging unit, to determine whether the access actually occurred meets the access rights of setting;
Access violation judging unit effectively judges according to the access address in each region and access rights as a result, determining user couple Whether destination address accesses effective;
The encryption and decryption part sets whether each region carries out encryption storage by register;
The output par, c is visited according to what control section and encryption and decryption part were handled as a result, determining whether that peripheral bus exports Ask information;
Access violation mechanism judging section, judgement is identified to the permission of current accessed, if the permission permission that fruit is current, The corresponding internal storage location of bus access can then be continued through;If the access rights of current region do not allow current operation, that It just will produce access rights and violate mistake.
The further design of the memory protection system is that the encryption and decryption part includes that address encryption adds with data Close, address encryption carries out out of order encryption rule, only handles offset address part.
The further design of the memory protection system is, the template of s boxes is used in the algorithm of address encryption;Data Encryption and decryption uses SPECK32 algorithms, and all data are encrypted.
The further design of the memory protection system is that the output par, c is with control section information exchange:If Control section judges that this visit is effective, then output access information;If control section judges access violation, prevent this time to visit It asks.
Advantages of the present invention is as follows:
The division methods in user's control region and memory protection system ensure system from hardware in the memory protection location of the present invention The ownership for resource of uniting, does not provide a kind of good mechanism by unauthorized access for resource, effectively realizes in chip The protection of portion's memory.It is added to encryption and decryption processing module wherein in addition, increasing, enhances the confidentiality of data.
Description of the drawings
Fig. 1 is structural schematic diagrams of the MPU in entire SoC systems.
Fig. 2 is the functional schematic of memory protection location.
Fig. 3 is the emulation schematic diagram that UC zone permissions violate.
Fig. 4 is the emulation schematic diagram that UD zone permissions violate.
Fig. 5 is the encrypted emulation schematic diagram of FLASH area datas.
Fig. 6 is the encrypted emulation schematic diagram of FLASH regional address.
Specific implementation mode
Below in conjunction with attached drawing, technical scheme of the present invention is described in detail.
Such as Fig. 1, the division methods in user's control region, are opened in C0 MCU for kernel in the memory protection location of the present embodiment On the basis of the SoC systems sent out, it is provided with the zone permission management of chip interior memory FLASH, in entire MPU modules In design, user is introduced to realize that management, each user have oneself corresponding region, corresponding region that independent access is arranged Permission then will produce corresponding violation mistake, and prevent incongruent visit when region and permission are unmatched It asks.In addition, being also provided with independent encipherment protection module, the data in the regions FLASH can also be arranged when necessary plus solution Close storage, encryption and decryption are stored with corresponding enable signal to control.In the design of entire module, most importantly each area The division in domain and the configuration of corresponding control register, it is necessary to the relatively independent of user and region is kept, in order to verify Stage can be very good triggering error condition and realize the verification of correlation function.Hereafter setting mainly for user's control region Meter has been described in detail.
The method that the present embodiment has used Hardware/Software Collaborative Design, as memory protection location therein, interior design Framework is designed by the way of hardware, and configuration information is realized by the way of software.Works of the MPU in entire SoC systems It needs to first pass around MPU modules when CPU will access memory area with the memory for being just responsible for protection chip interior Permission is judged whether there is to go to access the region.
For user area, it is primarily referred to as the regions FLASH of control authority.To FLASH locality protections:Have The region of user property;Personal code work area UC and user data area UD.Between different user can by register configuration whether Allow this user reading and writing, execute, if allows other users reading and writing, executes.Each user area ranges of FLASH can flexibly match It sets, range does not allow to cross the border between each user, can configure whether the regions FLASH encrypt storage.
The memory of the present embodiment protects system, including memory, memory protection location and microprocessor, memory to pass through Memory protection location is connect with microprocessor communication.Memory protection location include control section, encryption and decryption part, output par, c with And access violation mechanism judging section.
Further, control section is mainly by program pointer comparing unit, address comparing unit, access rights judging unit And access violation judging unit composition.Program pointer comparing unit realizes that program pointer and each region configure boundary address Compare, to determine the region where program.Address comparing unit realizes the ratio of access address and each region configuration boundary address Compared with to determine the region where access address.Access rights judging unit, to determine whether the access actually occurred meets setting Access rights.Access violation judging unit effectively judges to tie according to the access address consistency and access rights in each region Fruit determines whether user accesses destination address effective.
Whether encryption and decryption part can carry out encryption storage with flexible design each region.Address part is carried out out of order Encryption rule, since base address is the same, so only handling its offset address part for the encryption of address.The present embodiment S boxes are used in the algorithm of address encryption, the design template of this s boxes is similar to a kind of inquiring arithmetic, each data There is fixed value corresponding.In addition, when data are written to storage region in CPU, relevant encryption can be carried out to it Operation is then decrypted when equally reading data in operation.Data encrypting and deciphering uses SPECK32 algorithms, the algorithm integrally to adopt With round function structure, F functions include the variation of the linear and nonlinear of key.The encryption and decryption functions in region are by control register Setting.
Output par, c is visited according to what control section and encryption and decryption part were handled as a result, determining whether that peripheral bus exports Ask information.If control section judges that this visit is effective, output access information is realized and accesses purpose;If control section judges Access violation then prevents this visit information.
Violation mechanism judging section is accessed, when chip accesses memory by ahb bus, MPU is by comparing each region High low address determine, current which belonging region of the address to be accessed.When corresponding address matching, currently The read-write of execution will determine whether to execute current operation according to the access rights of corresponding region.If fruit is current Permission word order, then can continue through the corresponding internal storage location of bus access;If the access rights of current region do not allow Current operation, then just will produce access rights violates mistake(violation).
The general function of personal code work area UC and user data area UD are embodied as:User's control register is configured first, The permission of corresponding region and relevant border direction setting is good, and when CPU initiates to access, access information is total by AHB first Line enters MPU modules, and then the control section Jing Guo UC, UD module is effectively judged, eventually by output par, c to week Side bus output shields the secondary access information.
1 UC, UD regional signal of table describes
Signal name Signal description Signal type
core_HADDR Currently performed region Input
core_pc Region where code Input
acce_perm Currently performed operation Input
uc/ud_valid The regions UC/UD effectively identify Input
uc_sc_pc_match This user area matches Input
uc/ud_regn_perm The permission in the regions UC/UD Input
ucrh/l_reg, udrh/l_reg The range in the regions UC/UD Input
uc_pc_match Determine code whether in the regions UC Output
uc/ud_regn_violt UC/UD zone permissions are accessed to violate Output
uc/ud_addr_match Address compares matching Output
Implement function and register description:
1. according to the region where code compared with UC/UD regional extents, match signals are generated, determine the region of code operation, Determine the user for executing this section of code.
2. according to address compared with UC/UD regional extents, generate address match signals, determine the address that accesses whether The regions UC/UD.
3. according to current operation type acce_perm and treated matched signal, compare the operation of region permission Type regn_perm generates rights violation mistake(violt).
4. when accessing regional address matching and access rights mistake, by generating region violation signal, it is output to MPU Register module.
For user data area and personal code work area, user register is by control register and status register group At.Control register is mainly user's write-in, for configuring the access rights in corresponding region.Status register then reflects access The information of permission error, when access errors occur, error flag position will be set to, and just can not after being set to 1 It is updated to 0 again, it is necessary to after this user removes the error condition, 0 could be reverted to again, to be continuing with.
Simulating, verifying is carried out to user area below
The emulation and verification in the region UC, UD i.e. user are to the verification of the access rights in the region UC, UD and testing for encryption and decryption Card.
UC, UD, region can be rationally arranged in user, can configure 4 regions with user property, personal code work area UC Each 4 with user data area UD.Priority assignation for the region UC, UD and know configured with criterion(valid)Then by user's control Register distributes.For user's control register, when corresponding valid is invalid, can directly it be configured by CPU.User sets Authority configuration is set, different users accesses oneself and other users region.Whether the corresponding user area of test can lead to by safeguard protection The state crossed in inquiry MPU status registers judges.
1. the verification of rights violation
When verifying UC, UD regional function, Validation Code is put into the user area set in advance first, and to every The code area of a user and the permission of data field make relevant setting, execute the code for accessing other regions.Simulation result is as follows Shown in face Fig. 3 and Fig. 4.By Fig. 3, Fig. 4 it is found that the priority assignation in the regions UC and UD can be read and write for only this user, other use Family cannot operate on it;When other users access the regions UC/UD, permission error is will produce, prevents this visit, To realize the effect of protection FLASH.
2. the verification of encryption and decryption
The encryption in the regions FLASH can then control, when needing encryption, it is only necessary to by control extension position enable signal It sets.Shown in waveform following Fig. 5 and Fig. 6:It can be seen that address only encrypts wherein [6:2] several, data are then all to add It is close.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Any one skilled in the art in the technical scope disclosed by the present invention, the change or replacement that can be readily occurred in, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims Subject to.

Claims (7)

1. the division methods in user's control region in a kind of memory protection location, it is characterised in that developed for kernel in C0 MCU SoC systems on the basis of, be provided with chip interior memory FLASH zone permission management, will be used according to the setting of user Family is associated with the corresponding region of FLASH structure, forms the region with user property, and set the independent access right in each region Limit, if the corresponding authority of region and user mismatch, error message is returned to C0 MCU when receiving access privilege, Prevent incongruent access.
2. the division methods in user's control region in memory protection location according to claim 1, it is characterised in that FLASH Encryption and decryption storage can be arranged according to user's setting in the data in region, and encryption and decryption storage operation is controlled by corresponding enable signal.
3. the division methods in user's control region in memory protection location according to claim 1, it is characterised in that described Zone user code area UC with user property and user data area UD can be by register configuration between different user It is no to allow the reading and writing of corresponding user, execute, if to allow other users reading and writing, execute.
4. using the memory of the division methods in user's control region in memory protection location as described in any one of claims 1-3 Protection system, including memory, memory protection location and microprocessor, the memory pass through memory protection location and Wei Chu Manage device communication connection, it is characterised in that the memory protection location includes control section, encryption and decryption part, output par, c and visit Ask violation mechanism judging section:
The control section includes:
Program pointer comparing unit realizes the comparison of program pointer and each region configuration boundary address, where determining program Region;
Address comparing unit realizes the comparison of access address and each region configuration boundary address, where determining access address Region;
Access rights judging unit, to determine whether the access actually occurred meets the access rights of setting;
Access violation judging unit effectively judges according to the access address in each region and access rights as a result, determining user couple Whether destination address accesses effective;
The encryption and decryption part sets whether each region carries out encryption storage by register;
The output par, c is visited according to what control section and encryption and decryption part were handled as a result, determining whether that peripheral bus exports Ask information;
Access violation mechanism judging section, judgement is identified to the permission of current accessed, if the permission permission that fruit is current, The corresponding internal storage location of bus access can then be continued through;If the access rights of current region do not allow current operation, that It just will produce access rights and violate mistake.
5. memory according to claim 4 protects system, it is characterised in that the encryption and decryption part include address encryption with Data encryption, address encryption carry out out of order encryption rule, only handle offset address part.
6. memory according to claim 5 protects system, it is characterised in that use the mould of s boxes in the algorithm of address encryption Plate;Data encrypting and deciphering uses SPECK32 algorithms, and all data are encrypted.
7. memory according to claim 4 protects system, it is characterised in that the output par, c is handed over control section information Each other:If control section judges that this visit is effective, output access information;If control section judges access violation, prevent This visit.
CN201810236110.6A 2018-03-21 2018-03-21 The division methods in user's control region and memory protect system in memory protection location Pending CN108460287A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810236110.6A CN108460287A (en) 2018-03-21 2018-03-21 The division methods in user's control region and memory protect system in memory protection location

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810236110.6A CN108460287A (en) 2018-03-21 2018-03-21 The division methods in user's control region and memory protect system in memory protection location

Publications (1)

Publication Number Publication Date
CN108460287A true CN108460287A (en) 2018-08-28

Family

ID=63236701

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810236110.6A Pending CN108460287A (en) 2018-03-21 2018-03-21 The division methods in user's control region and memory protect system in memory protection location

Country Status (1)

Country Link
CN (1) CN108460287A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446755A (en) * 2018-09-30 2019-03-08 龙芯中科技术有限公司 The guard method of kernel hooking function, device, equipment and storage medium
CN109766165A (en) * 2018-11-22 2019-05-17 海光信息技术有限公司 A kind of memory access control method, device, Memory Controller Hub and computer system
CN109947673A (en) * 2019-03-26 2019-06-28 北京经纬恒润科技有限公司 A kind of method for protecting EMS memory, protective device and single-chip microcontroller
CN110008726A (en) * 2019-04-09 2019-07-12 杨力祥 Access control apparatus and method when a kind of operation
CN110162965A (en) * 2019-04-09 2019-08-23 杨力祥 Access control method and computing device when a kind of operation
CN112163214A (en) * 2020-09-22 2021-01-01 杭州数梦工场科技有限公司 Data access method and device
CN112182548A (en) * 2020-09-23 2021-01-05 博流智能科技(南京)有限公司 Chip system
WO2021203767A1 (en) * 2020-04-08 2021-10-14 中兴通讯股份有限公司 Memory access method, system-on-chip, and electronic device
CN113987589A (en) * 2021-12-27 2022-01-28 飞天诚信科技股份有限公司 Method and device for processing data
CN115794661A (en) * 2023-01-19 2023-03-14 苏州浪潮智能科技有限公司 Processor abnormal access positioning method and device, electronic equipment and storage medium
CN116595594A (en) * 2023-05-19 2023-08-15 无锡摩芯半导体有限公司 FLASH safety control method based on UCB
CN116795494A (en) * 2023-08-23 2023-09-22 北京紫光芯能科技有限公司 Memory protection unit information processing method, system and readable medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101952809A (en) * 2007-10-23 2011-01-19 郑基悦 Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface
CN102843366A (en) * 2012-08-13 2012-12-26 北京百度网讯科技有限公司 Network resource access permission control method and device
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN103617404A (en) * 2013-12-17 2014-03-05 天津赢达信科技有限公司 Storing device of safety partitions
CN106657052A (en) * 2016-12-16 2017-05-10 湖南国科微电子股份有限公司 Access management method and system for storage data
CN106897635A (en) * 2017-02-28 2017-06-27 广东虹勤通讯技术有限公司 Movable memory equipment and its operating method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101952809A (en) * 2007-10-23 2011-01-19 郑基悦 Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface
CN102843366A (en) * 2012-08-13 2012-12-26 北京百度网讯科技有限公司 Network resource access permission control method and device
CN103150524A (en) * 2013-01-30 2013-06-12 华中科技大学 Safe memory chip, system and authentication method of safe memory chip
CN103617404A (en) * 2013-12-17 2014-03-05 天津赢达信科技有限公司 Storing device of safety partitions
CN106657052A (en) * 2016-12-16 2017-05-10 湖南国科微电子股份有限公司 Access management method and system for storage data
CN106897635A (en) * 2017-02-28 2017-06-27 广东虹勤通讯技术有限公司 Movable memory equipment and its operating method

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446755B (en) * 2018-09-30 2021-03-30 龙芯中科技术股份有限公司 Kernel hook function protection method, device, equipment and storage medium
CN109446755A (en) * 2018-09-30 2019-03-08 龙芯中科技术有限公司 The guard method of kernel hooking function, device, equipment and storage medium
CN109766165A (en) * 2018-11-22 2019-05-17 海光信息技术有限公司 A kind of memory access control method, device, Memory Controller Hub and computer system
CN109947673A (en) * 2019-03-26 2019-06-28 北京经纬恒润科技有限公司 A kind of method for protecting EMS memory, protective device and single-chip microcontroller
CN110008726B (en) * 2019-04-09 2021-08-20 杨力祥 Runtime access control device and method
CN110162965A (en) * 2019-04-09 2019-08-23 杨力祥 Access control method and computing device when a kind of operation
CN110008726A (en) * 2019-04-09 2019-07-12 杨力祥 Access control apparatus and method when a kind of operation
WO2021203767A1 (en) * 2020-04-08 2021-10-14 中兴通讯股份有限公司 Memory access method, system-on-chip, and electronic device
CN112163214A (en) * 2020-09-22 2021-01-01 杭州数梦工场科技有限公司 Data access method and device
CN112182548A (en) * 2020-09-23 2021-01-05 博流智能科技(南京)有限公司 Chip system
CN113987589A (en) * 2021-12-27 2022-01-28 飞天诚信科技股份有限公司 Method and device for processing data
CN113987589B (en) * 2021-12-27 2022-03-18 飞天诚信科技股份有限公司 Method and device for processing data, computer readable storage medium and device
CN115794661A (en) * 2023-01-19 2023-03-14 苏州浪潮智能科技有限公司 Processor abnormal access positioning method and device, electronic equipment and storage medium
CN116595594A (en) * 2023-05-19 2023-08-15 无锡摩芯半导体有限公司 FLASH safety control method based on UCB
CN116795494A (en) * 2023-08-23 2023-09-22 北京紫光芯能科技有限公司 Memory protection unit information processing method, system and readable medium
CN116795494B (en) * 2023-08-23 2024-01-02 北京紫光芯能科技有限公司 Memory protection unit information processing method, system and readable medium

Similar Documents

Publication Publication Date Title
CN108460287A (en) The division methods in user's control region and memory protect system in memory protection location
US10572689B2 (en) Method and apparatus for secure execution using a secure memory partition
CN109844751B (en) Method and processor for providing information isolation
US8191155B2 (en) Microprocessor
JP4073913B2 (en) Open general-purpose attack-resistant CPU and its application system
US8473754B2 (en) Hardware-facilitated secure software execution environment
Basak et al. A flexible architecture for systematic implementation of SoC security policies
CN110825672B (en) High performance autonomous hardware engine for online encryption processing
CN103377349A (en) Security controlled multi-processor system
CN108090366B (en) Data protection method and device, computer device and readable storage medium
CN202110552U (en) Software protection device based on multi-body interleaved storage technology
Xu et al. RegVault: hardware assisted selective data randomization for operating system kernels
US20240073013A1 (en) High performance secure io
US20240054071A1 (en) Hardware mechanism to extend mktme protections to sgx data outside epc
Xu et al. Data Enclave: A Data-Centric Trusted Execution Environment
CN115905108A (en) IOPMP architecture implementation method for RISC-V chip
Walsh et al. Trust in a Principled Filesystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180828

RJ01 Rejection of invention patent application after publication