CN117459268B - Computing system, method and bus equipment based on hardware access right management - Google Patents

Computing system, method and bus equipment based on hardware access right management Download PDF

Info

Publication number
CN117459268B
CN117459268B CN202311393535.5A CN202311393535A CN117459268B CN 117459268 B CN117459268 B CN 117459268B CN 202311393535 A CN202311393535 A CN 202311393535A CN 117459268 B CN117459268 B CN 117459268B
Authority
CN
China
Prior art keywords
gate
access
main equipment
bus
slave device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311393535.5A
Other languages
Chinese (zh)
Other versions
CN117459268A (en
Inventor
李坤
马思杰
刘洋
张稚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hexin Technology Co ltd
Hexin Technology Suzhou Co ltd
Original Assignee
Hexin Technology Co ltd
Hexin Technology Suzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hexin Technology Co ltd, Hexin Technology Suzhou Co ltd filed Critical Hexin Technology Co ltd
Priority to CN202311393535.5A priority Critical patent/CN117459268B/en
Publication of CN117459268A publication Critical patent/CN117459268A/en
Application granted granted Critical
Publication of CN117459268B publication Critical patent/CN117459268B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present application provides a computing system, method and bus device for hardware access rights management, the MID coding of the master device is realized based on hardware, and the access right allocation of the slave device is realized based on hardware. Therefore, no matter how an intruder breaks the security firewall from software, the intruder cannot have the right or the capability to break the security firewall at the hardware level, and the security of data access is greatly improved. For the access authority list of the slave device, the industry only gives a general authority value, namely, the authority of the master device connected with the bus is cut at one time, and only the slave device can be accessed by any privileged person, so that the authority management cannot be subdivided into individual modules. The application divides the management of the access rights into individual modules or similar modules, and the rights management is finer and more flexible.

Description

Computing system, method and bus equipment based on hardware access right management
Technical Field
The present application relates to the field of computer access rights management technology, and in particular, to a hardware access rights management-based computing system, method, and bus device.
Background
The security of computer systems requires confidentiality and integrity, essentially the read-write of data. Confidentiality refers to ensuring that confidential assets cannot be copied or stolen by a defined set of attacks; this attribute is necessary for assets such as passwords and encryption keys; the computer hardware is embodied in such a way that data cannot be read by some unauthorized component. Integrity refers to the modification of an asset that guarantees its integrity from a defined set of attacks; this attribute is necessary for root secrets on some devices given by the rest of the security of the system, as well as for the secure software after execution. The computer hardware is embodied in such a way that the data cannot be modified by some unauthorized component.
SCP (System Control Processor) the system control processor adjusts the supply voltage and CPU frequency, mainly by reading the temperature sensor on the SoC itself. For security, voltage control on the motherboard (via the SPI interface) can only be done by the SCP, the CPU has the right to read the voltage and not the right to rewrite the voltage. Also, some registers within the graphics card, although also open to the outside, are not open to the Debug module.
Such a complex entitlement configuration is not achievable with the only 3 bits AXPROT [2:0] of the existing industry standard bus AXI because the AXPROT [2:0] three signals only represent what rights are themselves, and rights are implemented by the operating system control software, however the operating system is not fully trusted.
As shown in fig. 1, a schematic diagram of the data structure of a standard bus AXI is shown. Currently industry standard bus AXI has only 3 bits AXPROT [2:0], AXPROT [2:0] defining three levels of access protection. AXPROT [0] (P) identify the access as non-privileged or privileged, 1 representing privileged access, 0 representing non-privileged access; AXPROT [1] (NS) identifies the access as secure or non-secure, 1 representing a non-secure transaction, 0 representing a secure transaction; AXPROT [2] (I) indicates whether the transaction is an instruction access or a data access, 1 indicates an instruction access, and 0 indicates a data access.
Summarizing, the existing data access still has the risk of being invaded by software control authority, and the current industry generally adopts a cut-off mode for authority management, only a general authority value is given, and fine management cannot be achieved. Thus, there is a need in the art for a safer and more flexible access rights management scheme.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, an object of the present application is to provide a computing system, a method and a bus device based on hardware access rights management, which are used for solving the technical problems that the existing data access is still invaded by software control rights and management is not fine enough.
To achieve the above and other related objects, a first aspect of the present application provides a computing system based on hardware access rights management, including a plurality of master devices and a plurality of slave devices, wherein: the current master device sends the master device mark information and the address information of the slave device to be accessed to the bus for the bus to decode the address and then select the corresponding slave device; the selected slave device compares the master device mark information with master device mark information in a preset access right allocation table through a security check module arranged on the selected slave device; and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
In some embodiments of the first aspect of the present application, the access right allocation table in the slave device is used to record and characterize information of the following dimensions: the main equipment mark number, the read permission and the write permission.
In some embodiments of the first aspect of the present application, the access right allocation table in the slave device is further configured to record and characterize information of the following dimensions: default read rights and default write rights; the default read permission is used for representing that the current main equipment is provided with or not provided with the corresponding read permission under the condition that the matched main equipment mark number is not found in the access permission allocation table; and the default write permission is used for representing that the current master device is provided with or not provided with the corresponding write permission under the condition that the matched master device mark number is not found in the access permission allocation table.
In some embodiments of the first aspect of the present application, the security check module comprises: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
In some embodiments of the first aspect of the present application, the bus is provided with an address decoding module and a multiplexing module; the address decoding module is used for converting the binary code into a corresponding output signal so as to decode the address of the slave device; the multi-path selection module is used for selecting the slave equipment after decoding the address.
In some embodiments of the first aspect of the present application, the bus encodes the master device in a manner that includes setting the same encoding for master devices having the same access rights.
To achieve the above and other related objects, a second aspect of the present application provides a hardware access right management method, which is applied to a slave device electrically connected to a bus; the bus is also electrically connected with a plurality of main devices; the method comprises the following steps: responding to address decoding operation of address information of a slave device to be accessed sent by a current master device by a bus, and comparing master device marking information sent together with the address information of the slave device to be accessed with master device mark information in a preset access right allocation table; and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
To achieve the above and other related objects, a third aspect of the present application provides a bus device, comprising: a security check module; the security check module is used for responding to the address decoding operation of the address information of the slave device to be accessed sent by the current master device by the bus, and comparing the master device marking information sent together with the address information of the slave device to be accessed with the master device mark information in the preset access right allocation table; and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
In some embodiments of the third aspect of the present application, the security check module comprises: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
As described above, the computing system, method and bus device based on hardware access rights management of the present application have the following advantages: the MID coding of the master device is realized based on hardware, and the access right allocation of the slave device is realized based on hardware. Therefore, no matter how an intruder breaks the security firewall from software, the intruder cannot have the right or the capability to break the security firewall at the hardware level, and the security of data access is greatly improved. For the access authority list of the slave device, the industry only gives a general authority value, namely, the authority of the master device connected with the bus is cut at one time, and only the slave device can be accessed by any privileged person, so that the authority management cannot be subdivided into individual modules. The application divides the management of the access rights into individual modules or similar modules, and the rights management is finer and more flexible.
Drawings
FIG. 1 is a schematic diagram of the 3 bits ACPROT [2:0] of the standard bus AXI according to the prior art.
Fig. 2 is a schematic diagram of a computing system based on hardware access rights management according to an embodiment of the application.
Fig. 3 is a schematic diagram of a binary decoder according to an embodiment of the application.
Fig. 4 is a schematic structural diagram of a security check module according to an embodiment of the application.
Fig. 5 is a schematic diagram of an access authority table according to an embodiment of the present application.
Fig. 6 is a flowchart of a hardware access rights management method according to an embodiment of the application.
Detailed Description
Other advantages and effects of the present application will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present application with reference to specific examples. The application may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present application. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict.
In the following description, reference is made to the accompanying drawings, which illustrate several embodiments of the application. It is to be understood that other embodiments may be utilized and that mechanical, structural, electrical, and operational changes may be made without departing from the spirit and scope of the present application. The following detailed description is not to be taken in a limiting sense, and the scope of embodiments of the present application is defined only by the claims of the issued patent. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. Spatially relative terms, such as "upper," "lower," "left," "right," "lower," "upper," and the like, may be used herein to facilitate a description of one element or feature as illustrated in the figures as being related to another element or feature.
In the present application, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," "held," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present application can be understood by those of ordinary skill in the art according to the specific circumstances.
Furthermore, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises," "comprising," "includes," and/or "including" specify the presence of stated features, operations, elements, components, items, categories, and/or groups, but do not preclude the presence, presence or addition of one or more other features, operations, elements, components, items, categories, and/or groups. The terms "or" and/or "as used herein are to be construed as inclusive, or meaning any one or any combination. Thus, "A, B or C" or "A, B and/or C" means "any of the following: a, A is as follows; b, a step of preparing a composite material; c, performing operation; a and B; a and C; b and C; A. b and C). An exception to this definition will occur only when a combination of elements, functions or operations are in some way inherently mutually exclusive.
In order to solve the above-mentioned problems in the background art, the present invention provides a computing system based on hardware access rights management, which adopts a technical means of adding a master device ID to be accessed in bus transmission, so that security check of a slave device can learn rights of an access device, and access results can be determined according to whether the slave device is authorized to the access device. Because the realization of the technical scheme of the invention is that the circuit hardware is fixed and the software control mode is only used for unauthorized modification, the data access is safer and more flexible.
In order to make the objects, technical solutions and advantages of the present invention more apparent, further detailed description of the technical solutions in the embodiments of the present invention will be given by the following examples with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Before explaining the present invention in further detail, terms and terminology involved in the embodiments of the present invention will be explained, and the terms and terminology involved in the embodiments of the present invention are applicable to the following explanation:
<1> axpprot: an access permission signal provided by the AXI bus can prevent illegal transactions downstream of the system. AXPROT signals including a write access rights signal AWPROT and a read access rights signal ARPROT, which can prevent illegal transactions downstream of the system; for example: if the transaction does not have the correct level of protection, the memory controller may refuse read or write access by using these signals
<2> Scp (System Control Processor): a system control processor for controlling all system functions such as clock control, power supply control or voltage control.
<3> Axi bus (Advanced Extensible Interface): a bus protocol is an on-chip bus with high performance, high bandwidth and low delay. Because of the one-way channel architecture of the AXI bus, the on-chip information flow is transmitted in one direction only, the delay is reduced, and the SoC can obtain more excellent performance with smaller area and lower power consumption.
Embodiments of the present invention provide a hardware-based access right management method, a system of the hardware-based access right management method, and a storage medium storing an executable program for implementing the hardware-based access right management method. With respect to implementation of the hardware access right management method, an exemplary implementation scenario of hardware access right management will be described in the embodiments of the present invention.
Referring to FIG. 2, a schematic diagram of a hardware-based access rights management computing system is shown in an embodiment of the invention.
The computing system based on the hardware access right management comprises a plurality of master devices and a plurality of slave devices, wherein the master devices and the slave devices are connected through buses. Taking fig. 2 as an example, the host device includes, but is not limited to, a central processing unit (Central Processing Unit, CPU), a graphics card, a debug module, a system control processor (System Control Processor, SCP), and the like. Slave devices include, but are not limited to, e.g., voltage regulation modules (Voltage Regulation Module), dynamic random access memory (Dynamic Random Access Memory, DRAM), SPI interface devices, or temperature sensors, etc. The bus provides an interconnected access sharing hardware mechanism between the devices and bears the task of data transmission; the transmission capacity of the bus is determined by the width of the bus and the operating frequency. Alternatively, the bus may be an AMBA bus, an AHB bus, an APB bus, an AXI bus, or the like.
In the embodiment of the invention, the current master device sends the master device mark information and the address information of the slave device to be accessed to the bus for the bus to select the corresponding slave device after the address decoding; the selected slave device compares the master device mark information with master device mark information in a preset access right allocation table through a security check module arranged on the selected slave device; and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
It should be appreciated that the slave device responds accordingly to the current master device's access request, including the following several possible responses: if the current master device is judged to have no read right and no write right, the slave device responds to refusing access; if the current master device is judged to have the read right and not have the write right, the slave device responds by accepting the read access of the current master device and rejecting the write access; if the current master device is judged to have the write right and not have the read right, the slave device responds by accepting the write access of the current master device and rejecting the read access; if the current master device is judged to have the read right and the write right, the slave device responds by accepting the read access and the write access of the current master device.
In the embodiment of the invention, the main equipment mark information is obtained by encoding the main equipment through a bus with multi-bit width. Illustratively, taking four components of a central processing unit (Central Processing Unit, CPU), a display card, a debugging module and a system control processor (System Control Processor, SCP) as an example, a bus with a width of 2 bits can be used to encode the master device, and the master device flag information obtained by encoding is a master device flag number (MATER IDENTITY, MID). The 2-bit wide bus can code and generate main device mark numbers comprising mid 0, mid 1, mid 2 and mid 3, and the main device mark numbers are respectively endowed to a central processing unit (Central Processing Unit, CPU), a display card, a debugging module and a system control processor (System Control Processor, SCP). It will be appreciated that if more masters are connected to the bus, then a correspondingly more bit wide bus code may be used for the representation.
Preferably, the bus encodes the master device in a manner that includes setting the same encoding for master devices having the same access rights. For example, if multiple CPUs or other multiple master devices, the same code can be used as long as the access rights are the same, which can reduce complexity and reduce the requirement on bus bit width.
In the embodiment of the invention, the bus is provided with an address decoding module and a multipath selecting module; the address decoding module is used for converting the binary code into a corresponding output signal so as to decode the address of the slave device; the multi-path selection module is used for selecting the slave equipment after decoding the address.
In some examples, the address decoding module may select an address decoder. The decoding process of the address decoder is the inverse of the encoding and functions to convert binary codes having a specific meaning into corresponding output signals. Alternatively, the address decoder includes, but is not limited to, the following two types: binary decoder or unique address decoder, code converter. Binary decoders or unique address decoders refer to the conversion of a series of codes into a corresponding valid signal, and are commonly used in computers to decode memory cell addresses, i.e., to convert each address code into a valid signal, thereby selecting the corresponding cell. A transcoder refers to the conversion of one type of code into another.
Illustratively, the binary decoder illustrated in FIG. 3 is illustrated: the binary decoder has an n-bit binary code input a 0、A1……An-1, and 2 n outputs Y 0、Y1……Y2 n -1. In addition, the binary decoder is further provided with an enabling terminal EI, when the enabling input terminal EI is at an effective level, only one output terminal of each group of input codes is at an effective level, and the other output terminals are at opposite levels. The output signal may be active high or active low.
In some examples, the multiplexing module may be a multiplexer. The multiplexer is a circuit which can select any one of the paths according to the need in the process of multiplexing data. The multiplexer may specifically select a 4-1 data selector, a 8-1 data selector, a 16-1 data selector, etc. In addition, the multiplexer includes multiplexing of buses, multiplexing of analog signals, and the like, which is not limited in this embodiment.
In the embodiment of the invention, the slave device sends a corresponding readiness feedback signal to the master device under the condition of completing readiness work; the master device sends address information of the slave device to be accessed and its own master device identification number MID to the bus. The master device mark number MID is sent along with the address information of the slave device to be accessed, and the slave device receives the address information of the slave device to be accessed, so that a security check module of the slave device can analyze whether the master device has the read-write authority of the master device.
Further, an access right allocation table is preset in the slave device, and the access right allocation table is used for comparing with the mark information of the current master device. The access right allocation table in the slave device is used for recording and characterizing the following dimensions of information: the main equipment mark number, the read permission and the write permission.
Preferably, the access right allocation table in the slave device is further used for recording and characterizing the following dimensions of information: default read rights and default write rights. It is noted that when the default read right or default write right has a right value of 1, it means that the current master has the corresponding read right or write right even when no matching master identification number MID is found in the access right allocation table. When the authority value of the default read authority or the default write authority is 0, it means that if the matched main device mark number MID is not found in the access authority allocation table, the current main device does not have the corresponding read authority or write authority.
Preferably, the slave device's access rights allocation table is configured by BIOS firmware. The basic input output system (Basic Input Output System, BIOS) contains an initialization program that the computer needs to run when it is powered on. The BIOS is stored in a Read-only Memory (ROM) chip on the motherboard, and the contents of the chip are written in by using professional production equipment before the computer leaves the factory, and cured after leaving the factory. Since the BIOS firmware is trusted, the access right allocation table of the slave device is configured by the firmware, which can increase flexibility of design.
For the sake of understanding by those skilled in the art, table 1 below is taken as an example to further illustrate the access authority table in the slave device, where 1 x in the table represents an unknown value configured by 1 bit, and may be 0 or 1.
Table 1: access rights table
Master ID Read rights Write rights Default read rights Default write rights
mid[0:1] Ren Wen Default_read_en Default_write_en
Mid_0=xx Ren_0=x Wen_0=x Default_read_en=x Default_write_en=x
Mid_1=xx Ren_1=x Wen_1=x
The structure of a security check module in the slave device is described by taking 2 bits MID [1:0] as an example, in conjunction with the circuit structure diagram shown in fig. 4, the security check module includes a Master ID comparator, a second and gate 44, and a third and gate 45; the Master ID comparator comprises a first exclusive or gate 41, a second exclusive or gate 42 and a first and gate 43. The first input end 41a of the first exclusive or gate 41 inputs the master flag number of the corresponding bit in the access permission table, the second input end 41b inputs the master flag number of the current master on the bus, and the output end 41c is connected to the first input end 43a of the first exclusive or gate 43. The first input 42a of the second exclusive-or gate 42 inputs the master flag number of the corresponding bit in the access rights table, the second input 42b inputs the master flag number of the current master on the bus, and the output 42c is connected to the second input 43b of the first exclusive-or gate 43.
The output 43c of the first and gate 43 is connected to the first input 44a of the second and gate 44 and the first input 45a of the third and gate 45, respectively; the second input end 44b of the second and gate 44 inputs a read permission signal corresponding to the main device flag number of the corresponding bit in the access permission table; the second input terminal 45b of the third and gate 45 inputs the write permission signal corresponding to the master flag number of the corresponding bit in the access permission table. The output signal at the output 44c of the second and gate 44 characterizes the read permission determination of the current master to the slave; the output signal at output 45c of third AND gate 45 characterizes the current master to slave write permission determination.
The working principle of the security check module in the slave device is further explained as follows: the security check module comprises a first exclusive or gate 41 and a second exclusive or gate 42 corresponding to the mid_0 and the mid_1, wherein the first input end of each exclusive or gate inputs the mid signal in the permission table, and the second input end inputs the mid signal in the access bus; the output of the exclusive or gate is 1 only if the mid signal in the rights table is the same as the mid signal in the access bus. The output ends of the first and gate 41 and the second and gate 42 are connected to the input end of the first and gate 43, and the output of the first and gate 43 is used as the comparison result of the Master mark number (Master ID). The output of the first and gate 43 is connected to one of the inputs of the second and gate 44 and one of the inputs of the third and gate 45, respectively, i.e. after confirming that the current master has access to the slaves, the specific rights content is further confirmed. The other input terminal of the second and gate 44 inputs a read permission signal in the access permission table, so that the output signal of the second and gate 44 is the result of determining the read permission of the current master device to the slave device. The other input terminal of the third and gate 45 inputs the write permission signal in the access permission table, so that the output signal of the third and gate 45 is the result of determining the write permission of the current master to the slave.
It should be noted that, the technical scheme provided by the invention is that the MID coding of the master device is realized based on hardware, and the access right allocation of the slave device is realized based on hardware. Therefore, no matter how an intruder breaks the security firewall from software, the intruder cannot have the right or the capability to break the security firewall at the hardware level, and the security of data access is greatly improved.
In addition, for the access authority table of the slave device, the industry only gives a general authority value, namely, the authority of the master device connected with the bus is cut at one time, so long as the slave device can be accessed by any privileged person, and the authority management cannot be subdivided into individual modules. The invention divides the management of the access rights into individual modules or similar modules, and the rights management is finer and more flexible.
The structure of the computing system based on hardware access right management provided by the embodiment of the invention is correspondingly explained. Hereinafter, a specific example will be shown in conjunction with fig. 2 to further illustrate the technical solution of the present invention, and the detailed process is described below.
Step (1): in the event that a slave device (e.g., an SPI interface device) is Ready, the slave device will send a Ready signal to the master device. The master device (e.g., central processing unit CPU) sends the address of a slave device to the bus when it is to read from or write to the slave device. Also sent to the bus is the MID signal of the master device.
Step (2): an address decoder on the bus decodes the address of the slave device and then selects the device, and a multiplexer MUX selects to open the data, address and MID channels of the selected slave device.
Step (3): after the selected slave device obtains the master device mark number MID to be accessed, the master device mark number MID is compared with the master device mark number MID in the preset access authority table. If the comparison result is the same, whether the read-write right exists is further compared.
Taking the access right table shown in fig. 5 as an example, the following description will be given: if the main device mark number MID from the bus is equal to mid_0 in the access authority table and the value of the read authority ren_0 in the table is 1, the access authority is indicated as being capable of performing read operation; if the write permission wen _0 in the table has a value of 1, the current access permission is indicated as being capable of performing the write operation. The access authority table can list authority conditions of a plurality of master devices, so that whether the slave devices can be read or written is finally determined.
Step (4): if the access is authorized, the access is normally performed, and if the access is not authorized, the access is ignored or the error is reported. For example, as illustrated in fig. 2, during normal read operations, the SPI interface device may upload data to the system control processor (System Control Processor, SCP); and reporting access errors when the access is not authorized.
Fig. 6 is a schematic flow chart of a hardware access right management method according to an embodiment of the present invention. The hardware type access right management method in the embodiment of the invention is applied to the slave equipment electrically connected with the bus; the bus is also electrically connected with a plurality of main devices; the method specifically comprises the following steps:
step S61: and in response to the address decoding operation of the address information of the slave device to be accessed, which is sent by the current master device, the master device marking information which is sent together with the address information of the slave device to be accessed is compared with the master device mark information in the preset access right allocation table.
In some examples, the access rights allocation table is used to record and characterize information for each dimension: the main equipment mark number, the read permission and the write permission.
Further, the access right allocation table is further used for recording and characterizing the following dimensions of information: default read rights and default write rights; the default read permission is used for representing that the current main equipment is provided with or not provided with the corresponding read permission under the condition that the matched main equipment mark number is not found in the access permission allocation table; and the default write permission is used for representing that the current master device is provided with or not provided with the corresponding write permission under the condition that the matched master device mark number is not found in the access permission allocation table.
In some examples, the slave device performs the following through a security check module: and comparing the main equipment mark information of the current main equipment with main equipment mark information in a preset access right allocation table, and judging the access right of the current main equipment according to the comparison result.
Further, the security check module includes: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
Step S62: and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
In some examples, the slave device responds accordingly to the current master device's access request, including the following several possible responses: if the current master device is judged to have no read right and no write right, the slave device responds to refusing access; if the current master device is judged to have the read right and not have the write right, the slave device responds by accepting the read access of the current master device and rejecting the write access; if the current master device is judged to have the write right and not have the read right, the slave device responds by accepting the write access of the current master device and rejecting the read access; if the current master device is judged to have the read right and the write right, the slave device responds by accepting the read access and the write access of the current master device.
It should be noted that, the hardware access right management method provided in the above embodiment and the computing system embodiment based on hardware access right management belong to the same concept, and detailed implementation processes of the method are shown in the system embodiment, which is not repeated here.
The invention also provides a bus device comprising: a security check module; the security check module is used for responding to the address decoding operation of the address information of the slave device to be accessed sent by the current master device by the bus, and comparing the master device marking information sent together with the address information of the slave device to be accessed with the master device mark information in the preset access right allocation table; and judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
Further, the security check module includes: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
It should be noted that, the bus device provided in the above embodiment and the computing system embodiment based on hardware access rights management belong to the same concept, and detailed implementation processes of the bus device are shown in the system embodiment, which is not repeated herein.
In summary, the present application provides a computing system, a method and a bus device based on hardware access rights management, where the present application encodes the MID of the master device based on hardware, and the allocation of access rights of the slave device is also based on hardware. Therefore, no matter how an intruder breaks the security firewall from software, the intruder cannot have the right or the capability to break the security firewall at the hardware level, and the security of data access is greatly improved. For the access authority list of the slave device, the industry only gives a general authority value, namely, the authority of the master device connected with the bus is cut at one time, and only the slave device can be accessed by any privileged person, so that the authority management cannot be subdivided into individual modules. The application divides the management of the access rights into individual modules or similar modules, and the rights management is finer and more flexible. Therefore, the application effectively overcomes various defects in the prior art and has high industrial utilization value.
The above embodiments are merely illustrative of the principles of the present application and its effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the application. Accordingly, it is intended that all equivalent modifications and variations of the application be covered by the claims, which are within the ordinary skill of the art, be within the spirit and scope of the present disclosure.

Claims (7)

1. A computing system based on hardware access rights management, comprising a plurality of master devices and a plurality of slave devices, wherein:
The current master device sends the master device mark information and the address information of the slave device to be accessed to the bus for the bus to decode the address and then select the corresponding slave device;
the selected slave device compares the master device mark information with master device mark information in a preset access right allocation table through a security check module arranged on the selected slave device; judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment;
The security check module includes: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
2. The hardware-based access rights management computing system of claim 1, wherein the access rights allocation table in the slave device is used to record and characterize information for each dimension: the main equipment mark number, the read permission and the write permission.
3. The hardware-based access rights management computing system of claim 2, wherein the access rights allocation table in the slave device is further used to record and characterize information of the following dimensions: default read rights and default write rights; the default read permission is used for representing that the current main equipment is provided with or not provided with the corresponding read permission under the condition that the matched main equipment mark number is not found in the access permission allocation table; and the default write permission is used for representing that the current master device is provided with or not provided with the corresponding write permission under the condition that the matched master device mark number is not found in the access permission allocation table.
4. The hardware-based access rights management computing system of claim 1, wherein the bus is provided with an address decoding module and a multiplexing module; the address decoding module is used for converting the binary code into a corresponding output signal so as to decode the address of the slave device; the multi-path selection module is used for selecting the slave equipment after decoding the address.
5. The hardware-based access rights management computing system of claim 1, wherein the bus encodes master devices in a manner that includes setting the same encoding for master devices having the same access rights.
6. A hardware access rights management method, applied to a computing system based on hardware access rights management according to any one of claims 1-5, the computing system comprising a slave device electrically connected to a bus; the bus is also electrically connected with a plurality of main devices; the method comprises the following steps:
Responding to address decoding operation of address information of a slave device to be accessed sent by a current master device by a bus, and comparing master device mark information sent together with the address information of the slave device to be accessed with master device mark information in a preset access right allocation table;
And judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment.
7. A bus device, comprising: a security check module; the security check module is used for responding to the address decoding operation of the address information of the slave device to be accessed sent by the current master device by the bus, and comparing the master device mark information sent together with the address information of the slave device to be accessed with the master device mark information in the preset access right allocation table; judging the access right of the current main equipment according to the comparison result, and responding correspondingly to the access request of the current main equipment; the security check module includes: a plurality of exclusive-or gates, a first and gate, a second and gate and a third and gate, which are adapted to the number of bits of the main device flag number; each exclusive-or gate comprises a first input end and a second input end, wherein the first input end inputs a main equipment mark number of a corresponding bit in an access permission table, and the second input end inputs a main equipment mark number of a current main equipment on a bus; the output end of each exclusive OR gate is connected with a first AND gate; the output end of the first AND gate is respectively connected with the first input end of the second AND gate and the first input end of the third AND gate; a second input end of the second AND gate inputs a read permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; a second input end of the third AND gate inputs a write permission signal corresponding to a main equipment mark number of a corresponding bit in the access permission table; the output signal of the second AND gate represents the read permission judging result of the current master device to the slave device; and the output signal of the third AND gate represents the writing authority judging result of the current master device to the slave device.
CN202311393535.5A 2023-10-25 2023-10-25 Computing system, method and bus equipment based on hardware access right management Active CN117459268B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311393535.5A CN117459268B (en) 2023-10-25 2023-10-25 Computing system, method and bus equipment based on hardware access right management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311393535.5A CN117459268B (en) 2023-10-25 2023-10-25 Computing system, method and bus equipment based on hardware access right management

Publications (2)

Publication Number Publication Date
CN117459268A CN117459268A (en) 2024-01-26
CN117459268B true CN117459268B (en) 2024-08-23

Family

ID=89590334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311393535.5A Active CN117459268B (en) 2023-10-25 2023-10-25 Computing system, method and bus equipment based on hardware access right management

Country Status (1)

Country Link
CN (1) CN117459268B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115221086A (en) * 2022-07-11 2022-10-21 Oppo广东移动通信有限公司 Bus control system, method and electronic device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7454787B2 (en) * 2004-01-13 2008-11-18 Hewlett-Packard Development Company, L.P. Secure direct memory access through system controllers and similar hardware devices
US9557995B2 (en) * 2014-02-07 2017-01-31 Arm Limited Data processing apparatus and method for performing segmented operations
CN110968544B (en) * 2019-11-22 2021-10-08 华中科技大学 SoC storage system based on embedded spin transfer torque magnetic random access memory
US11805125B2 (en) * 2021-05-26 2023-10-31 Microsoft Technology Licensing, Llc Task based access rights control
CN115659379B (en) * 2022-12-15 2023-04-28 芯动微电子科技(珠海)有限公司 Bus access authority control method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115221086A (en) * 2022-07-11 2022-10-21 Oppo广东移动通信有限公司 Bus control system, method and electronic device

Also Published As

Publication number Publication date
CN117459268A (en) 2024-01-26

Similar Documents

Publication Publication Date Title
US9836415B2 (en) Buffer device, method and apparatus for controlling access to internal memory
US7277972B2 (en) Data processing system with peripheral access protection and method therefor
US7194634B2 (en) Attestation key memory device and bus
CN111552434B (en) Method for protecting memory device of computing system, computing system and storage medium
US9934165B2 (en) Apparatus for monitoring data access to internal memory device and internal memory device
US20210089684A1 (en) Controlled access to data stored in a secure partition
CN111309248B (en) Method, system and apparatus relating to secure memory access
KR20050084639A (en) A method for configurable address mapping
US9304943B2 (en) Processor system and control method thereof
CN1759557A (en) Data processing system with peripheral access protection and method therefor
US7404019B2 (en) Method and apparatus for endianness control in a data processing system
US7013481B1 (en) Attestation key memory device and bus
CN111191214B (en) Embedded processor and data protection method
US10936212B2 (en) Memory controller, method for performing access control to memory module
CN109472172B (en) Method for preventing unauthorized data access from memory
CN115408707A (en) Data transmission method, device and system, electronic equipment and storage medium
US10296467B2 (en) Securing writes to memory modules having memory controllers
US10983711B2 (en) Memory controller, method for performing access control to memory module
US20190235773A1 (en) Concept for accessing computer memory of a memory pool
US20220391510A1 (en) Firmware policy enforcement via a security processor
US7891556B2 (en) Memory access controller and method for memory access control
US20090327709A1 (en) Memory address obfuscation
CN117459268B (en) Computing system, method and bus equipment based on hardware access right management
US20230289270A1 (en) Host controlled electronic device testing
US11379580B1 (en) Mixed storage of data fields

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant