CN110083551A - Safe close coupling memory and its access method and storage medium - Google Patents
Safe close coupling memory and its access method and storage medium Download PDFInfo
- Publication number
- CN110083551A CN110083551A CN201910344205.4A CN201910344205A CN110083551A CN 110083551 A CN110083551 A CN 110083551A CN 201910344205 A CN201910344205 A CN 201910344205A CN 110083551 A CN110083551 A CN 110083551A
- Authority
- CN
- China
- Prior art keywords
- data address
- access
- operation information
- access operation
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000015654 memory Effects 0.000 title claims abstract description 133
- 230000008878 coupling Effects 0.000 title claims abstract description 59
- 238000010168 coupling process Methods 0.000 title claims abstract description 59
- 238000005859 coupling reaction Methods 0.000 title claims abstract description 59
- 238000003860 storage Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 230000006399 behavior Effects 0.000 claims description 4
- 238000000151 deposition Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012913 prioritisation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
Abstract
The invention discloses a kind of safe close coupling memory and its access method and storage mediums, the safe close coupling memory is connected with processor, the memory block of multiple and different security levels is preset in the safe close coupling memory, each memory block is for storing data corresponding with the memory block security level, the access method includes: to receive access operation information, wherein the access operation information includes: the security attribute mark of the data address and the access operation information in memory block, judge whether the access operation information has the permission for accessing the data address according to the security attribute of access operation information mark and the data address;If having the permission for accessing the data address, access operation to memory block corresponding with the data address.Safe close coupling memory provided by the invention and its access method and storage medium meet the requirement in secure and trusted processor architecture to storage program and Information Security.
Description
Technical field
The present invention relates to close coupling memory, especially with regard to a kind of safe close coupling memory and its access method and
Storage medium.
Background technique
With the rapid development of the information processing technology, memory using more and more extensive, to storage performance requirement
It is higher and higher.Close coupling memory is to exist inside processor with the memory of processor close-coupled, interrupt routine and data
It executes and accesses in close coupling memory, it is ensured that the certainty of interrupt processing time.Close coupling memory is used for processing
Device provides low latency memory, has the predictability for executing the time.
Current close coupling memory, security procedure, critical data (including key and the relevant sensitive information of personal account
Deng) and user program be all stored in identical storage section, user program can directly access safety program and data, lead
Chip is caused to be easy the security attack by software.
Based on this inventors of the present application found that existing close coupling memory is not able to satisfy in processor architecture to storage
The requirement of program and Information Security.
The information disclosed in the background technology section is intended only to increase the understanding to general background of the invention, without answering
When being considered as recognizing or imply that the information constitutes the prior art already known to those of ordinary skill in the art in any form.
Summary of the invention
The purpose of the present invention is to provide a kind of safe close coupling memory and its access method and storage mediums, can
Improve the safety of close coupling memory.
To achieve the above object, the present invention provides a kind of access method of safe close coupling memory, the safety is tight
Coupled memory is connected with processor, and the storage of multiple and different security levels is preset in the safe close coupling memory
Area, each memory block include: to receive access behaviour for storing data corresponding with the memory block security level, the access method
Make information, wherein the safety that the access operation information includes: the data address and the access operation information in memory block belongs to
Property mark, security attribute mark is used to indicate the security level of the access operation information;Believed according to the access operation
The security attribute of breath identifies and the data address judges whether the access operation information has the access data address
Permission;If the access operation information has the permission for accessing the data address, to corresponding with the data address
Memory block accesses operation.
In a preferred embodiment, further includes: if the access operation information, which does not have, accesses the data address
Permission, then do not execute the access operation, and backward reference abnormal signal.
In a preferred embodiment, described according to the security attribute of access operation information mark and the number
Judging whether the access operation information has the permission for accessing the data address according to address includes: to obtain the data address
Security level;If the security level that the security attribute of the access operation information identifies is more than or equal to the peace of the data address
Full rank then determines that the access operation information has the permission for accessing the data address.
In a preferred embodiment, the access operation information that receives includes: the reading for receiving the processor and sending
Take access operation information;If the access operation information has the permission for accessing the data address, to the number
It accesses operation according to the corresponding memory block in address, comprising: if the read access operations information has with accessing the data
The permission of location then obtains the data in memory block according to the data address.
In a preferred embodiment, the safe close coupling memory is connected with external memory;The reception
Access operation information includes: the storage access operations information for receiving the external memory and sending;The storage access operations letter
Breath further include: data;If the access operation information has the permission for accessing the data address, to the data
If the corresponding memory block in address accesses, operation includes: that the storage access operations information has the access data address
Permission then stores the data into respective storage areas according to the data address.
In a preferred embodiment, further includes: when receiving the read access operations information and described simultaneously
When storage access operations information, according to preset priority, the not high operation of execution priority;The high operation of the priority level
After the completion of execution, the not low operation of execution priority.
To achieve the above object, the present invention also provides a kind of safe close coupling memories, comprising: close coupling memory,
It is provided with the memory block of multiple and different security levels, each memory block is for storing number corresponding with the memory block security level
According to;Security control unit is connected with the close coupling memory and processor respectively, for receiving access operation information,
Wherein, the access operation information includes: the security attribute mark of the data address and the access operation information in memory block,
The security attribute mark is used to indicate the security level of the access operation information;According to the safety of the access operation information
Attribute-bit and the data address judge whether the access operation information has the permission for accessing the data address;If
The access operation information has the permission for accessing the data address, then carries out to memory block corresponding with the data address
Access operation.
In a preferred embodiment, the security control unit is connected with external memory, security control unit
The storage access operations information sent for receiving the external memory, the storage access operations information further includes data;
The security control unit is used for when the storage access operations information has the permission for accessing the data address, according to institute
Data address is stated to store the data into respective storage areas.
In a preferred embodiment, the security control unit is also used to not have in the access operation information and visit
When asking the permission of the data address, the access operation, and backward reference abnormal signal are not executed.
To achieve the above object, the present invention also provides a kind of storage mediums, and the storage medium is stored with computer can
It executes instruction, the computer executable instructions are used to execute the access method of above-mentioned safe close coupling memory.
Compared with prior art, safe close coupling memory according to the present invention and its access method and storage medium lead to
The memory block that multiple and different security levels are preset in safe close coupling memory is crossed, each memory block is deposited for storing with this
The corresponding data of storage area security level receive access operation information, if the access operation information has with accessing the data
The permission of location then executes the access operation, realizes the division of memory block, improves the safety of close coupling memory, meets
To the requirement of storage program and Information Security in processor architecture.
Detailed description of the invention
Fig. 1 is the flow chart of the access method of safe close coupling memory according to an embodiment of the present invention.
Fig. 2 is the structural schematic diagram of safe close coupling memory according to an embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawing, specific embodiments of the present invention will be described in detail, it is to be understood that guarantor of the invention
Shield range is not limited by the specific implementation.
Unless otherwise explicitly stated, otherwise in entire disclosure and claims, term " includes " or its change
Changing such as "comprising" or " including " etc. will be understood to comprise stated element or component, and not exclude other members
Part or other component parts.
Embodiment 1
As shown in Figure 1, it is the stream according to the access method of the safe close coupling memory of the preferred embodiment for the present invention
Cheng Tu, safe close coupling memory is connected with processor in the present embodiment, be preset in safe close coupling memory it is multiple not
With the memory block of security level, each memory block is for storing data corresponding with the memory block security level.Wherein, memory block
Size it is settable, same memory space can be set by the memory block of multiple and different security levels, logic is simple, is easy to real
It is existing.The storage method of processor in the present embodiment includes: step S1-S3.
Step S1, safe close coupling memory receive access operation information, wherein access operation information includes: memory block
In data address and the access operation information security attribute mark, security attribute mark is used to indicate the access
The security level of operation information.
Step S2 judges the access according to the security attribute of access operation information mark and the data address
Whether operation information has the permission for accessing the data address.
Specifically, can be by the security level of the acquisition data address, if the security attribute of access operation information
The security level of mark is more than or equal to the security level of the data address, then determines that the access operation information has access institute
State the permission of data address.
It can will be divided into safety zone and non-security district in safe close coupling memory, significant data is stored in safety zone and refer to
It enables, non-security district stores routine data and instruction.If where data address is safety zone, the safety of access operation information belongs to
Property mark it is corresponding be also safety zone, then determine that the access operation information has the permission for accessing the data address;If
The corresponding security attribute mark of access operation information is non-security district, then it is described to determine that the access operation information does not access
The permission of data address.If the access operation information does not have the permission for accessing the data address, the access is not executed
Operation, and backward reference abnormal signal.
Can also will be divided into multiple safety zones in safe close coupling memory, for example, the first safety zone, the second safety zone and
Non-security district.The security level of first safety zone is greater than the second safety zone, and the security level of the second safety zone is greater than non-security district.
If where data address is the second safety zone, the security attribute mark of access operation information is corresponding be the second safety zone or
First safety zone then determines that the access operation information has the permission for accessing the data address;If access operation information
Security attribute identify corresponding non-security district, then determine that the access operation information does not access the power of the data address
Limit.
Step S3, if the access operation information has the permission for accessing the data address, to the data
The corresponding memory block in location carries out executing the access operation.
The access method of a kind of safe close coupling memory provided in this embodiment as a result, by being deposited in safe close coupling
The memory block of multiple and different security levels is preset in reservoir, each memory block is corresponding with the memory block security level for storing
Data, receive access operation information, if the access operation information has the permission for accessing the data address, executing should
Access operation realizes the division of memory block, improves the safety of close coupling memory, meets in processor architecture to depositing
Store up the requirement of program security.
In one implementation, the access operation information in step S1 is the read access operations letter that processor is sent
Breath.
If corresponding step S3 may include: that the read access operations information has the power for accessing the data address
Limit, then obtain the data in memory block according to the data address.
In the present embodiment, the safe close coupling memory can also be connected with external memory, and external memory is fixed
Phase in safe close coupling memory to being updated.Access operation information in step S1 is depositing for external memory transmission
Store up access operation information;The storage access operations information further include: data, wherein data are wait store or number to be updated
According to.
If corresponding step S3 may include: that the storage access operations information has the power for accessing the data address
Limit, then store the data into respective storage areas according to the data address.
Storage access operations information in the present embodiment, or realization is updated the data in memory block.
In one implementation, when the read access operations information and memory hair for receiving processor transmission simultaneously
When the storage access operations information sent, according to preset priority, the high operation of priority level is first carried out, while latching low excellent
The access of first grade.After contour prioritization of access is finished, then execute the access of low priority.Alternatively, software can also be passed through
Program configuration registers, selection processor or memory access security close coupling memory.
Thus, it is possible to improve access efficiency.
Embodiment 2
As shown in Fig. 2, it is according to the structural schematic diagram of the safe close coupling memory of the preferred embodiment for the present invention, originally
Safe close coupling memory is in embodiment for realizing the access method in embodiment one.Safe close coupling in the present embodiment is deposited
Reservoir 10 includes: security control unit 1 and close coupling memory 2.
Close coupling memory 2 is provided with the memory block of multiple and different security levels, and each memory block is deposited for storing with this
The corresponding data of storage area security level.
Security control unit 1 is connected with the close coupling memory 2 and processor 3 respectively, for receiving access behaviour
Make information, wherein the access operation information includes: that the safety of the data address and the access operation information in memory block belongs to
Property mark, security attribute mark is used to indicate the security level of the access operation information;Believed according to the access operation
The security attribute of breath identifies and the data address judges whether the access operation information has the access data address
Permission;If the access operation information has the permission for accessing the data address, to corresponding with the data address
Memory block accesses operation.
Specifically, judging the access according to the security attribute of access operation information mark and the data address
It may include: the security level for obtaining the data address that whether operation information, which has the permission for accessing the data address,;If
The security level of the security attribute mark of the access operation information is more than or equal to the security level of the data address, then determines
The access operation information has the permission for accessing the data address.
Security control unit 1 is also used to when the access operation information does not have the permission for accessing the data address,
The access operation, and backward reference abnormal signal are not executed.
Security control unit 1 is used to receive the read access operations information that the processor is sent, and security control unit 1 has
Body is used for when the read access operations information has the permission for accessing the data address, then according to the data address pair
Data in memory block are obtained.
Security control unit 1 can also be connected with external memory 4, and security control unit 1 receives the external storage
The storage access operations information that device is sent, the storage access operations information further includes data;The security control unit 1 is specific
It, will be described according to the data address when for having the permission of the access data address when the storage access operations information
Data are stored into respective storage areas.
Security control unit 1 is also used to receive the read access operations information and storage access behaviour simultaneously
When making information, according to preset priority, the not high operation of execution priority;The high operation of the priority level executes completion
Afterwards, the not low operation of execution priority.Safe close coupling memory provided in this embodiment is multiple and different by being preset with as a result,
The memory block of security level, each memory block receive access operation for storing data corresponding with the memory block security level
Information executes the access operation, realizes storage if the access operation information has the permission for accessing the data address
The division in area improves the safety of close coupling memory, meets the requirement in processor architecture to storage program security.
Embodiment 3
The present embodiment provides a kind of storage medium, the storage medium is stored with computer executable instructions, the calculating
Machine executable instruction is used to execute the access method of safe close coupling memory in above-described embodiment, in the present embodiment no longer into
Row repeats.
Storage medium provided in this embodiment is by being preset with the memory blocks of multiple and different security levels, Mei Gecun as a result,
Storage area receives access operation information, if the access operation information for storing data corresponding with the memory block security level
With the permission for accessing the data address, then the access operation is executed, the division of memory block is realized, close coupling is improved and deposits
The safety of reservoir meets the requirement in processor architecture to storage program security.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The aforementioned description to specific exemplary embodiment of the invention is in order to illustrate and illustration purpose.These descriptions
It is not wishing to limit the invention to disclosed precise forms, and it will be apparent that according to the above instruction, can much be changed
And variation.The purpose of selecting and describing the exemplary embodiment is that explaining specific principle of the invention and its actually answering
With so that those skilled in the art can be realized and utilize a variety of different exemplary implementation schemes of the invention and
Various chooses and changes.The scope of the present invention is intended to be limited by claims and its equivalents.
Claims (10)
1. a kind of access method of safe close coupling memory, which is characterized in that the safe close coupling memory and processor
It is connected, the memory block of multiple and different security levels is preset in the safe close coupling memory, each memory block is for depositing
Data corresponding with the memory block security level are stored up, the access method includes:
Access operation information is received, wherein the access operation information includes: data address and access behaviour in memory block
Make the security attribute mark of information, the security attribute mark is used to indicate the security level of the access operation information;
Judge that the access operation information is according to the security attribute of access operation information mark and the data address
It is no that there is the permission for accessing the data address;
If the access operation information has the permission for accessing the data address, to storage corresponding with the data address
Area accesses operation.
2. access method as described in claim 1, which is characterized in that further include:
If the access operation information does not have the permission for accessing the data address, the access operation is not executed, and return
Abnormal signal is asked in return visit.
3. access method as described in claim 1, which is characterized in that the security attribute according to the access operation information
Mark and the data address judge whether the access operation information there is the permission for accessing the data address to include:
Obtain the security level of the data address;
If the security level that the security attribute of the access operation information identifies is more than or equal to the security level of the data address,
Then determine that the access operation information has the permission for accessing the data address.
4. access method as described in claim 1, which is characterized in that the reception access operation information includes: described in reception
The read access operations information that processor is sent;
If the access operation information has the permission for accessing the data address, to corresponding with the data address
Memory block accesses operation, comprising: if the read access operations information has the permission for accessing the data address, root
The data in memory block are obtained according to the data address.
5. access method as claimed in claim 4, which is characterized in that the safe close coupling memory and external memory phase
Connection;
The access operation information that receives includes: the storage access operations information for receiving the external memory and sending;It is described to deposit
Store up access operation information further include: data;
If the access operation information has the permission for accessing the data address, to corresponding with the data address
If memory block accesses, operation includes: that the storage access operations information has the permission for accessing the data address, root
The data are stored into respective storage areas according to the data address.
6. access method as claimed in claim 5, which is characterized in that further include:
When receiving the read access operations information and the storage access operations information simultaneously, according to preset preferential
Grade, the not high operation of execution priority;
After the completion of the high operation of the priority level executes, the not low operation of execution priority.
7. a kind of safe close coupling memory characterized by comprising
Close coupling memory is provided with the memory block of multiple and different security levels, and each memory block is for storing and the memory block
The corresponding data of security level;
Security control unit is connected with the close coupling memory and processor respectively, for receiving access operation information,
Wherein, the access operation information includes: the security attribute mark of the data address and the access operation information in memory block,
The security attribute mark is used to indicate the security level of the access operation information;According to the safety of the access operation information
Attribute-bit and the data address judge whether the access operation information has the permission for accessing the data address;If
The access operation information has the permission for accessing the data address, then carries out to memory block corresponding with the data address
Access operation.
8. safe close coupling memory as claimed in claim 7, which is characterized in that the security control unit and external storage
Device is connected, and security control unit is used to receive the storage access operations information that the external memory is sent, and the storage is visited
Ask that operation information further includes data;
The security control unit is used for when the storage access operations information has the permission for accessing the data address, root
The data are stored into respective storage areas according to the data address.
9. safe close coupling memory as claimed in claim 7, which is characterized in that the security control unit is also used in institute
When stating access operation information without the permission for accessing the data address, the access operation is not executed, and backward reference is different
Regular signal.
10. a kind of storage medium, which is characterized in that the storage medium is stored with computer executable instructions, the computer
Executable instruction requires the access method of safe close coupling memory described in 1-6 any one for perform claim.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910344205.4A CN110083551A (en) | 2019-04-26 | 2019-04-26 | Safe close coupling memory and its access method and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910344205.4A CN110083551A (en) | 2019-04-26 | 2019-04-26 | Safe close coupling memory and its access method and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110083551A true CN110083551A (en) | 2019-08-02 |
Family
ID=67417032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910344205.4A Pending CN110083551A (en) | 2019-04-26 | 2019-04-26 | Safe close coupling memory and its access method and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110083551A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615403A (en) * | 2022-02-21 | 2022-06-10 | 广东职业技术学院 | Method, device and system for accessing video file of office camera |
-
2019
- 2019-04-26 CN CN201910344205.4A patent/CN110083551A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615403A (en) * | 2022-02-21 | 2022-06-10 | 广东职业技术学院 | Method, device and system for accessing video file of office camera |
| CN114615403B (en) * | 2022-02-21 | 2023-10-24 | 广东职业技术学院 | Access method, device and system for video files of office camera |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108681565B (en) | Block chain data parallel processing method, device, equipment and storage medium | |
| CN110059020B (en) | Access method, equipment and system for extended memory | |
| CN106339222B (en) | A kind of service implementing method and device | |
| KR20190136053A (en) | Method and device for writing service data to blockchain system | |
| KR20050113638A (en) | Data processing system with peripheral access protection and method therefor | |
| CN105988970B (en) | The processor and chip of shared storing data | |
| CN108572876A (en) | A kind of implementation method and device of Read-Write Locks | |
| CN110177079A (en) | The calling system and call method of intelligent contract | |
| CN110008169A (en) | The communication means of safety chip | |
| WO2016190924A2 (en) | Side channel analysis resistant architecture | |
| US11010494B2 (en) | Preemption of a container in a secure computation environment | |
| CN108062235B (en) | Data processing method and device | |
| CN103841562B (en) | A kind of time interval resource takes processing method and processing device | |
| CN108989468A (en) | A kind of trust network construction method and device | |
| CN110505311A (en) | A kind of across the chain exchange method of isomorphism block chain and system | |
| CN113743950A (en) | Method for performing transactions in a blockchain, blockchain node and blockchain | |
| CN109960597A (en) | A kind of dynamic registration method and relevant apparatus of Applied layer interface | |
| CN109992532A (en) | The access authority management method and storage rights management unit of memory space | |
| CN105302489A (en) | Heterogeneous multi-core remote embedded memory system and method | |
| CN110083551A (en) | Safe close coupling memory and its access method and storage medium | |
| CN105094742B (en) | A kind of method and apparatus for writing data | |
| CN110069533A (en) | A kind of event subscription method and device based on block chain | |
| US7861104B2 (en) | Methods and apparatus for collapsing interrupts | |
| CN112068948B (en) | Data hashing method, readable storage medium and electronic device | |
| CN105956205B (en) | It is a kind of to generate the strong method and device of HBASE row |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190802 |
|
| RJ01 | Rejection of invention patent application after publication |