CN117459268B - Computing system, method and bus device based on hardware access permission management - Google Patents
Computing system, method and bus device based on hardware access permission management Download PDFInfo
- Publication number
- CN117459268B CN117459268B CN202311393535.5A CN202311393535A CN117459268B CN 117459268 B CN117459268 B CN 117459268B CN 202311393535 A CN202311393535 A CN 202311393535A CN 117459268 B CN117459268 B CN 117459268B
- Authority
- CN
- China
- Prior art keywords
- master device
- gate
- access
- permission
- bus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000004044 response Effects 0.000 claims description 16
- 238000007726 management method Methods 0.000 description 36
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000002372 labelling Methods 0.000 description 2
- LHMQDVIHBXWNII-UHFFFAOYSA-N 3-amino-4-methoxy-n-phenylbenzamide Chemical compound C1=C(N)C(OC)=CC=C1C(=O)NC1=CC=CC=C1 LHMQDVIHBXWNII-UHFFFAOYSA-N 0.000 description 1
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 1
- 101100033673 Mus musculus Ren1 gene Proteins 0.000 description 1
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 1
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 1
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
Description
技术领域Technical Field
本申请涉及计算机访问权限管理技术领域,特别是涉及基于硬件式访问权限管理的计算系统、方法及总线设备。The present application relates to the technical field of computer access permission management, and in particular to a computing system, method and bus device based on hardware-based access permission management.
背景技术Background Art
计算机系统的安全要求保密性和完整性,本质上就是数据的读写问题。保密性是指保证机密资产不能被一组定义的攻击复制或窃取;此属性对于密码和加密密钥等资产是必需的;在计算机硬件上的体现就是数据不能被某些非授权组件读取。完整性是指保证其完整性的资产不受一组已定义的攻击的修改;此属性对于系统其余安全性所给予的某些设备上的根机密以及安全软件在运行后都是必需的。在计算机硬件上的体现就是数据不能被某些非授权组件修改。Computer system security requires confidentiality and integrity, which is essentially a matter of reading and writing data. Confidentiality refers to ensuring that confidential assets cannot be copied or stolen by a defined set of attacks; this property is necessary for assets such as passwords and encryption keys; the manifestation in computer hardware is that data cannot be read by certain unauthorized components. Integrity refers to ensuring that assets whose integrity is not modified by a defined set of attacks; this property is necessary for root secrets on certain devices given by the rest of the system's security and for security software after it is running. The manifestation in computer hardware is that data cannot be modified by certain unauthorized components.
SCP(System Control Processor)系统控制处理器主要通过读取SoC上自带的温度传感器,而调节供电电压和CPU频率。为了安全,主板上的电压控制(通过SPI接口)只能由SCP完成,CPU只有读取电压的权利而没有改写电压的权利。还有显卡内的一些寄存器虽然也是对外开放的,但并不是开放给Debug调试模块。SCP (System Control Processor) mainly adjusts the power supply voltage and CPU frequency by reading the temperature sensor on the SoC. For safety reasons, the voltage control on the motherboard (through the SPI interface) can only be completed by SCP. The CPU only has the right to read the voltage but not the right to rewrite it. In addition, although some registers in the graphics card are open to the outside world, they are not open to the Debug module.
如此复杂的权利配置是现有业界标准总线AXI仅有的3位AXPROT[2:0]所不能实现的,这是因为AXPROT[2:0]三个信号仅表示自身是什么权限,而权限是由操作系统控制软件实现,然而操作系统并非完全可信。Such complex rights configuration cannot be achieved by the existing industry standard bus AXI with only 3 bits AXPROT[2:0]. This is because the three signals AXPROT[2:0] only indicate what permissions they have, and permissions are implemented by the operating system control software. However, the operating system is not completely trustworthy.
如图1所示,展示了标准总线AXI的数据结构示意图。目前业界标准总线AXI仅有3位AXPROT[2:0],AXPROT[2:0]定义了三个访问保护级别。AXPROT[0](P)将访问标识为非特权或特权,1表示特权访问,0表示无特权访问;AXPROT[1](NS)将访问标识为安全或非安全,1表示非安全交易,0表示安全交易;AXPROT[2](I)指示事务是指令访问还是数据访问,1表示指令访问,0表示数据访问。As shown in Figure 1, a schematic diagram of the data structure of the standard bus AXI is shown. Currently, the industry standard bus AXI only has 3 bits AXPROT[2:0], which define three access protection levels. AXPROT[0](P) identifies the access as non-privileged or privileged, 1 indicates privileged access, and 0 indicates non-privileged access; AXPROT[1](NS) identifies the access as secure or non-secure, 1 indicates a non-secure transaction, and 0 indicates a secure transaction; AXPROT[2](I) indicates whether the transaction is an instruction access or a data access, 1 indicates an instruction access, and 0 indicates a data access.
总结来说,现有的数据访问仍有通过软件控制权限而被入侵的风险,且目前业界对于权限管理通常采用一刀切的方式,仅仅给出了一个通用权限值,无法做到精细化管理。因此,本领域亟需一种更安全且更灵活的访问权限管理方案。In summary, existing data access still has the risk of being invaded through software control permissions, and the industry currently generally adopts a one-size-fits-all approach to permission management, which only gives a general permission value and cannot achieve refined management. Therefore, this field urgently needs a safer and more flexible access permission management solution.
发明内容Summary of the invention
鉴于以上所述现有技术的缺点,本申请的目的在于提供基于硬件式访问权限管理的计算系统、方法及总线设备,用于解决现有的数据访问仍有通过软件控制权限而被入侵的风险以及管理不够精细化的技术问题。In view of the shortcomings of the prior art described above, the purpose of the present application is to provide a computing system, method and bus device based on hardware-based access permission management, which is used to solve the technical problems that existing data access still has the risk of being invaded through software control permissions and the management is not refined enough.
为实现上述目的及其他相关目的,本申请的第一方面提供一种基于硬件式访问权限管理的计算系统,包括若干个主设备及若干个从设备,其中:当前主设备将主设备标志信息及待访问从设备的地址信息发送至总线,供总线进行地址解码后选中对应的从设备;被选中的从设备通过其上设置的安全检查模块将所述主设备标志信息与预设访问权限分配表中的主设备标志信息进行比较;根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。To achieve the above-mentioned purpose and other related purposes, the first aspect of the present application provides a computing system based on hardware-based access permission management, including a plurality of master devices and a plurality of slave devices, wherein: the current master device sends the master device identification information and the address information of the slave device to be accessed to the bus, so that the bus selects the corresponding slave device after address decoding; the selected slave device compares the master device identification information with the master device identification information in a preset access permission allocation table through a security check module set thereon; the access rights of the current master device are judged according to the comparison result, and a corresponding response is made to the access request of the current master device accordingly.
于本申请的第一方面的一些实施例中,所述从设备中的访问权限分配表用于记录并表征如下各维度的信息:主设备标志号、读权限及写权限。In some embodiments of the first aspect of the present application, the access permission allocation table in the slave device is used to record and characterize information of the following dimensions: master device identification number, read permission, and write permission.
于本申请的第一方面的一些实施例中,所述从设备中的访问权限分配表还用于记录并表征如下维度的信息:默认读权限和默认写权限;其中,所述默认读权限用于表征在访问权限分配表中没有找到匹配的主设备标志号的情况下,默认当前主设备具备或不具备对应的读权利;所述默认写权限用于表征在访问权限分配表中没有找到匹配的主设备标志号的情况下,默认当前主设备具备或不具备对应的写权利。In some embodiments of the first aspect of the present application, the access permission allocation table in the slave device is also used to record and characterize information of the following dimensions: default read permission and default write permission; wherein, the default read permission is used to characterize that when no matching master device identification number is found in the access permission allocation table, the current master device is assumed to have or not have the corresponding read right; the default write permission is used to characterize that when no matching master device identification number is found in the access permission allocation table, the current master device is assumed to have or not have the corresponding write right.
于本申请的第一方面的一些实施例中,所述安全检查模块包括:与主设备标志号的比特位数量相适应的若干个同或门、第一与门、第二与门及第三与门;各所述同或门包括第一输入端和第二输入端,所述第一输入端输入访问权限表中对应比特位的主设备标志号,第二输入端输入总线上当前主设备的主设备标志号;各所述同或门的输出端连接第一与门;所述第一与门的输出端分别连接第二与门的第一输入端及第三与门的第一输入端;所述第二与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的读权限信号;所述第三与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的写权限信号;其中,所述第二与门的输出信号表征当前主设备对从设备的读权限判定结果;所述第三与门的输出信号表征当前主设备对从设备的写权限判定结果。In some embodiments of the first aspect of the present application, the security check module includes: a number of XENOR gates, a first AND gate, a second AND gate and a third AND gate corresponding to the number of bits of the master device identification number; each of the XENOR gates includes a first input end and a second input end, the first input end inputs the master device identification number of the corresponding bit in the access permission table, and the second input end inputs the master device identification number of the current master device on the bus; the output end of each of the XENOR gates is connected to the first AND gate; the output end of the first AND gate is respectively connected to the first input end of the second AND gate and the first input end of the third AND gate; the second input end of the second AND gate inputs the read permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; the second input end of the third AND gate inputs the write permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; wherein, the output signal of the second AND gate represents the result of the read permission determination of the current master device on the slave device; the output signal of the third AND gate represents the result of the write permission determination of the current master device on the slave device.
于本申请的第一方面的一些实施例中,所述总线设有地址解码模块及多路选择模块;其中,所述地址解码模块用于将二进制码转换为对应的输出信号,以解码从设备的地址;所述多路选择模块用于选中解码地址后的从设备。In some embodiments of the first aspect of the present application, the bus is provided with an address decoding module and a multi-way selection module; wherein the address decoding module is used to convert the binary code into a corresponding output signal to decode the address of the slave device; and the multi-way selection module is used to select the slave device after the decoded address.
于本申请的第一方面的一些实施例中,所述总线对主设备进行编码的方式包括对访问权限相同的主设备设置相同的编码。In some embodiments of the first aspect of the present application, the manner in which the bus encodes the master device includes setting the same encoding for master devices with the same access rights.
为实现上述目的及其他相关目的,本申请的第二方面提供一种硬件式访问权限管理方法,应用于与总线电性连接的从设备;所述总线还电性连接若干主设备;所述方法包括:响应于总线对当前主设备发出的待访问从设备的地址信息的地址解码操作,而将连同所述待访问从设备的地址信息一并发出的主设备标注信息与预设访问权限分配表中的主设备标志信息进行比较;根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。To achieve the above-mentioned purpose and other related purposes, the second aspect of the present application provides a hardware-based access permission management method, which is applied to a slave device electrically connected to a bus; the bus is also electrically connected to a number of master devices; the method includes: in response to the address decoding operation of the bus on the address information of the slave device to be accessed issued by the current master device, the master device labeling information issued together with the address information of the slave device to be accessed is compared with the master device flag information in a preset access permission allocation table; the access rights of the current master device are judged according to the comparison result, and a corresponding response is made to the access request of the current master device accordingly.
为实现上述目的及其他相关目的,本申请的第三方面提供一种总线设备,包括:安全检查模块;所述安全检查模块用于响应于总线对当前主设备发出的待访问从设备的地址信息的地址解码操作,而将连同所述待访问从设备的地址信息一并发出的主设备标注信息与预设访问权限分配表中的主设备标志信息进行比较;根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。To achieve the above-mentioned purpose and other related purposes, the third aspect of the present application provides a bus device, including: a security check module; the security check module is used to respond to the address decoding operation of the bus on the address information of the slave device to be accessed issued by the current master device, and compare the master device labeling information issued together with the address information of the slave device to be accessed with the master device flag information in a preset access permission allocation table; judge the access rights of the current master device according to the comparison result, and make a corresponding response to the access request of the current master device accordingly.
于本申请的第三方面的一些实施例中,所述安全检查模块包括:与主设备标志号的比特位数量相适应的若干个同或门、第一与门、第二与门及第三与门;各所述同或门包括第一输入端和第二输入端,所述第一输入端输入访问权限表中对应比特位的主设备标志号,第二输入端输入总线上当前主设备的主设备标志号;各所述同或门的输出端连接第一与门;所述第一与门的输出端分别连接第二与门的第一输入端及第三与门的第一输入端;所述第二与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的读权限信号;所述第三与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的写权限信号;其中,所述第二与门的输出信号表征当前主设备对从设备的读权限判定结果;所述第三与门的输出信号表征当前主设备对从设备的写权限判定结果。In some embodiments of the third aspect of the present application, the security check module includes: a number of XENOR gates, a first AND gate, a second AND gate and a third AND gate corresponding to the number of bits of the master device identification number; each of the XENOR gates includes a first input end and a second input end, the first input end inputs the master device identification number of the corresponding bit in the access permission table, and the second input end inputs the master device identification number of the current master device on the bus; the output end of each of the XENOR gates is connected to the first AND gate; the output end of the first AND gate is respectively connected to the first input end of the second AND gate and the first input end of the third AND gate; the second input end of the second AND gate inputs the read permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; the second input end of the third AND gate inputs the write permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; wherein, the output signal of the second AND gate represents the read permission determination result of the current master device on the slave device; the output signal of the third AND gate represents the write permission determination result of the current master device on the slave device.
如上所述,本申请的基于硬件式访问权限管理的计算系统、方法及总线设备,具有以下有益效果:本发明对主设备的MID编码是基于硬件实现的,而从设备的访问权限分配也是基于硬件实现的。因此,不管入侵者从软件上如何破解都不可能有权利或能力在硬件层次上攻破安全防火墙,进而大大提升了数据访问的安全性。对于从设备的访问权限表,业界仅仅给出了一个通用权限值,即对连接总线的主设备的权限进行了一刀切,只要有特权谁都可以访问从设备,无法做到权限管理细分到个体模块。本发明则是将访问权利的管理细分到个体模块或同类模块,权限管理更精细也更灵活。As described above, the computing system, method and bus device based on hardware access rights management of the present application have the following beneficial effects: the MID encoding of the master device of the present invention is implemented based on hardware, and the access rights allocation of the slave device is also implemented based on hardware. Therefore, no matter how the intruder cracks the software, it is impossible to have the right or ability to break through the security firewall at the hardware level, thereby greatly improving the security of data access. For the access rights table of the slave device, the industry only gives a general permission value, that is, the permissions of the master device connected to the bus are one-size-fits-all. Anyone with privileges can access the slave device, and it is impossible to subdivide the permission management into individual modules. The present invention subdivides the management of access rights into individual modules or similar modules, and the permission management is more refined and flexible.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1显示为本现有技术中标准总线AXI的3位ACPROT[2:0]的结构示意图。FIG. 1 is a schematic diagram showing the structure of a 3-bit ACPROT[2:0] of a standard bus AXI in the prior art.
图2显示为本申请一实施例中的一种基于硬件式访问权限管理的计算系统的结构示意图。FIG. 2 is a schematic diagram showing the structure of a computing system based on hardware-based access permission management in one embodiment of the present application.
图3显示为本申请一实施例中的一种二进制解码器的结构示意图。FIG. 3 is a schematic diagram showing the structure of a binary decoder in an embodiment of the present application.
图4显示为本申请一实施例中的安全检查模块的结构示意图。FIG. 4 is a schematic diagram showing the structure of a safety inspection module in an embodiment of the present application.
图5显示为本申请一实施例中的访问权限表的结构示意图。FIG. 5 is a schematic diagram showing the structure of an access permission table in an embodiment of the present application.
图6显示为本申请一实施例中的一种硬件式访问权限管理方法的流程示意图。FIG. 6 is a flow chart showing a method for hardware-based access rights management in accordance with an embodiment of the present application.
具体实施方式DETAILED DESCRIPTION
以下通过特定的具体实例说明本申请的实施方式,本领域技术人员可由本说明书所揭露的内容轻易地了解本申请的其他优点与功效。本申请还可以通过另外不同的具体实施方式加以实施或应用,本说明书中的各项细节也可以基于不同观点与应用,在没有背离本申请的精神下进行各种修饰或改变。需说明的是,在不冲突的情况下,以下实施例及实施例中的特征可以相互组合。The following describes the embodiments of the present application through specific examples, and those skilled in the art can easily understand other advantages and effects of the present application from the contents disclosed in this specification. The present application can also be implemented or applied through other different specific embodiments, and the details in this specification can also be modified or changed in various ways based on different viewpoints and applications without departing from the spirit of the present application. It should be noted that the following embodiments and features in the embodiments can be combined with each other without conflict.
需要说明的是,在下述描述中,参考附图,附图描述了本申请的若干实施例。应当理解,还可使用其他实施例,并且可以在不背离本申请的精神和范围的情况下进行机械组成、结构、电气以及操作上的改变。下面的详细描述不应该被认为是限制性的,并且本申请的实施例的范围仅由公布的专利的权利要求书所限定。这里使用的术语仅是为了描述特定实施例,而并非旨在限制本申请。空间相关的术语,例如“上”、“下”、“左”、“右”、“下面”、“下方”、“下部”、“上方”、“上部”等,可在文中使用以便于说明图中所示的一个元件或特征与另一元件或特征的关系。It should be noted that in the following description, with reference to the accompanying drawings, several embodiments of the present application are described in the accompanying drawings. It should be understood that other embodiments may also be used, and mechanical composition, structure, electrical and operational changes may be made without departing from the spirit and scope of the present application. The following detailed description should not be considered restrictive, and the scope of the embodiments of the present application is limited only by the claims of the published patents. The terms used here are only for describing specific embodiments and are not intended to limit the present application. Spatially related terms, such as "upper", "lower", "left", "right", "below", "below", "lower", "above", "upper", etc., may be used in the text to facilitate the description of the relationship between an element or feature shown in the figure and another element or feature.
在本申请中,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”、“固定”、“固持”等术语应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本申请中的具体含义。In this application, unless otherwise clearly specified and limited, the terms "install", "connect", "connect", "fix", "hold" and the like should be understood in a broad sense, for example, it can be a fixed connection, a detachable connection, or an integral connection; it can be a mechanical connection or an electrical connection; it can be a direct connection, or it can be an indirect connection through an intermediate medium, or it can be the internal communication of two components. For ordinary technicians in this field, the specific meanings of the above terms in this application can be understood according to specific circumstances.
再者,如同在本文中所使用的,单数形式“一”、“一个”和“该”旨在也包括复数形式,除非上下文中有相反的指示。应当进一步理解,术语“包含”、“包括”表明存在所述的特征、操作、元件、组件、项目、种类、和/或组,但不排除一个或多个其他特征、操作、元件、组件、项目、种类、和/或组的存在、出现或添加。此处使用的术语“或”和“和/或”被解释为包括性的,或意味着任一个或任何组合。因此,“A、B或C”或者“A、B和/或C”意味着“以下任一个:A;B;C;A和B;A和C;B和C;A、B和C”。仅当元件、功能或操作的组合在某些方式下内在地互相排斥时,才会出现该定义的例外。Furthermore, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless there is an indication to the contrary in the context. It should be further understood that the terms "comprise", "include" indicate the presence of the described features, operations, elements, components, items, kinds, and/or groups, but do not exclude the presence, occurrence or addition of one or more other features, operations, elements, components, items, kinds, and/or groups. The terms "or" and "and/or" used herein are interpreted as inclusive, or mean any one or any combination. Therefore, "A, B or C" or "A, B and/or C" means "any of the following: A; B; C; A and B; A and C; B and C; A, B and C". Exceptions to this definition will only occur when the combination of elements, functions or operations is inherently mutually exclusive in some way.
为解决上述背景技术中的问题,本发明提供一种基于硬件式访问权限管理的计算系统,采用了在总线传输中加入要访问的主设备ID的技术手段,得以让从设备的安全检查获悉访问设备的权限,根据从设备是否授权给访问设备来决定访问结果。由于本发明技术方案的实现是电路硬件固定的,仅通过软件控制方式无权更改,因此数据访问更安全且更灵活。In order to solve the problems in the above background technology, the present invention provides a computing system based on hardware access rights management, which adopts the technical means of adding the master device ID to be accessed in the bus transmission, so that the security check of the slave device can know the access rights of the device, and determine the access result according to whether the slave device authorizes the access device. Since the implementation of the technical solution of the present invention is fixed by circuit hardware and cannot be changed only by software control, data access is safer and more flexible.
为了使本发明的目的、技术方案及优点更加清楚明白,通过下述实施例并结合附图,对本发明实施例中的技术方案的进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定发明。In order to make the purpose, technical solution and advantages of the present invention more clearly understood, the technical solution in the embodiments of the present invention is further described in detail through the following embodiments and in combination with the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not used to limit the invention.
在对本发明进行进一步详细说明之前,对本发明实施例中涉及的名词和术语进行说明,本发明实施例中涉及的名词和术语适用于如下的解释:Before further describing the present invention in detail, the nouns and terms involved in the embodiments of the present invention are explained. The nouns and terms involved in the embodiments of the present invention are applicable to the following interpretations:
<1>AXPROT:AXI总线提供的一种访问权限信号,可以防止系统下游的非法交易。AXPROT信号包括写访问权限信号AWPROT和读访问权限信号ARPROT,可以防止系统下游的非法交易;例如:如果事务没有正确的保护级别,则存储器控制器可以通过使用这些信号拒绝读或写访问<1>AXPROT: An access permission signal provided by the AXI bus that can prevent illegal transactions downstream of the system. The AXPROT signal includes the write access permission signal AWPROT and the read access permission signal ARPROT, which can prevent illegal transactions downstream of the system; for example: if the transaction does not have the correct protection level, the memory controller can deny read or write access by using these signals
<2>SCP(System Control Processor):系统控制处理器,用于控制所有系统功能,如时钟控制、电源控制或电压控制等。<2>SCP (System Control Processor): System control processor, used to control all system functions, such as clock control, power control or voltage control.
<3>AXI总线(Advanced Extensible Interface):一种总线协议,是一种面向高性能、高带宽、低延迟的片内总线。AXI总线因其单向通道体系结构,使片上的信息流只以单方向传输,减少延时,能使SoC以更小的面积及更低的功耗获得更加优异的性能。<3>AXI bus (Advanced Extensible Interface): A bus protocol, an on-chip bus for high performance, high bandwidth, and low latency. Due to its unidirectional channel architecture, the AXI bus allows information flow on the chip to be transmitted in one direction only, reducing latency and enabling SoCs to achieve better performance with a smaller area and lower power consumption.
本发明实施例提供硬件式访问权限管理方法、硬件式访问权限管理方法的系统、以及存储用于实现硬件式访问权限管理方法的可执行程序的存储介质。就硬件式访问权限管理方法的实施而言,本发明实施例将对硬件式访问权限管理的示例性实施场景进行说明。The embodiments of the present invention provide a hardware-based access rights management method, a system for the hardware-based access rights management method, and a storage medium storing an executable program for implementing the hardware-based access rights management method. As for the implementation of the hardware-based access rights management method, the embodiments of the present invention will describe an exemplary implementation scenario of the hardware-based access rights management.
如图2所示,展示了本发明实施例中的一种基于硬件式访问权限管理的计算系统的结构示意图。As shown in FIG. 2 , a schematic diagram of the structure of a computing system based on hardware access permission management in an embodiment of the present invention is shown.
所述基于硬件式访问权限管理的计算系统包括若干个主设备及若干个从设备,所述主设备与从设备之间通过总线建立通信连接。以图2为例,主设备包括但不限于如中央处理器(Central Processing Unit,CPU)、显卡、调试模块和系统控制处理器(SystemControl Processor,SCP)等。从设备包括但不限于如电压调节模组(Voltage RegulationModule)、动态随机存取存储器(Dynamic Random Access Memory,DRAM)、SPI接口设备或温度传感器等。总线提供了各设备之间一种互联的访问共享硬件机制,承担着数据传输的任务;总线的传输能力由总线的宽度和工作频率决定。可选的,总线可以是AMBA总线、AHB总线、APB总线或AXI总线等。The computing system based on hardware access rights management includes several master devices and several slave devices, and the master devices and the slave devices establish a communication connection through a bus. Taking Figure 2 as an example, the master device includes but is not limited to a central processing unit (CPU), a graphics card, a debugging module, and a system control processor (SCP). The slave devices include but are not limited to a voltage regulation module (Voltage Regulation Module), a dynamic random access memory (DRAM), an SPI interface device or a temperature sensor. The bus provides an interconnected access sharing hardware mechanism between the devices and undertakes the task of data transmission; the transmission capacity of the bus is determined by the width and operating frequency of the bus. Optionally, the bus can be an AMBA bus, an AHB bus, an APB bus or an AXI bus.
于本发明实施例中,当前主设备将主设备标志信息及待访问从设备的地址信息发送至总线,供总线进行地址解码后选中对应的从设备;被选中的从设备通过其上设置的安全检查模块将所述主设备标志信息与预设访问权限分配表中的主设备标志信息进行比较;根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。In an embodiment of the present invention, the current master device sends the master device identification information and the address information of the slave device to be accessed to the bus, so that the bus can select the corresponding slave device after address decoding; the selected slave device compares the master device identification information with the master device identification information in the preset access permission allocation table through the security check module set thereon; the access rights of the current master device are judged according to the comparison result, and a corresponding response is made to the access request of the current master device accordingly.
应理解的是,从设备对当前主设备的访问请求做出相应的响应,包括如下几种可能的响应:若当前主设备被判断为没有读权利和写权利,则从设备做出拒绝访问的响应;若当前主设备被判断为具有读权利而不具有写权利,则从设备做出接受当前主设备读访问而拒绝写访问的响应;若当前主设备被判断为具有写权利而不具有读权利,则从设备做出接受当前主设备写访问而拒绝读访问的响应;若当前主设备被判断为具有读权利和写权利,则从设备做出接受当前主设备读访问和写访问的响应。It should be understood that the slave device makes a corresponding response to the access request of the current master device, including the following possible responses: if the current master device is judged to have neither read nor write rights, the slave device responds by refusing access; if the current master device is judged to have read rights but not write rights, the slave device responds by accepting read access from the current master device but refusing write access; if the current master device is judged to have write rights but not read rights, the slave device responds by accepting write access from the current master device but refusing read access; if the current master device is judged to have both read and write rights, the slave device responds by accepting read and write access from the current master device.
于本发明实施例中,所述主设备标志信息由多位宽的总线对主设备进行编码所得。示例性地,以中央处理器(Central Processing Unit,CPU)、显卡、调试模块和系统控制处理器(System Control Processor,SCP)这四个部件为例,可采用2位宽的总线来对主设备进行编码,编码所得的主设备标志信息为主设备标志号(Mater Identity,MID)。2位宽的总线可编码生成的主设备标志号包括mid:0、mid:1、mid:2、mid:3,将该些主设备标志号分别赋予中央处理器(Central Processing Unit,CPU)、显卡、调试模块和系统控制处理器(System Control Processor,SCP)。可以理解的是,若总线连接有更多的主设备,则可相应使用更多位宽的总线编码来表示。In an embodiment of the present invention, the master device identification information is obtained by encoding the master device by a multi-bit wide bus. Exemplarily, taking the four components of the central processing unit (CPU), the graphics card, the debugging module and the system control processor (SCP) as an example, a 2-bit wide bus can be used to encode the master device, and the encoded master device identification information is the master device identification number (Mater Identity, MID). The master device identification numbers that can be generated by the 2-bit wide bus include mid:0, mid:1, mid:2, and mid:3, and these master device identification numbers are respectively assigned to the central processing unit (CPU), the graphics card, the debugging module and the system control processor (SCP). It can be understood that if there are more master devices connected to the bus, more bit-wide bus encodings can be used to represent them accordingly.
优选地,总线对主设备进行编码的方式包括对访问权限相同的主设备设置相同的编码。举例来说,若是多CPU或其它多个主设备,只要访问权限一样就可以使用一样的编码,这样可以降低复杂度,降低对总线位宽的要求。Preferably, the bus encodes the master device in a manner that includes setting the same encoding for the master devices with the same access rights. For example, if there are multiple CPUs or other multiple master devices, the same encoding can be used as long as the access rights are the same, which can reduce complexity and reduce the requirements for bus width.
于本发明实施例中,所述总线设有地址解码模块及多路选择模块;其中,所述地址解码模块用于将二进制码转换为对应的输出信号,以解码从设备的地址;所述多路选择模块用于选中解码地址后的从设备。In an embodiment of the present invention, the bus is provided with an address decoding module and a multi-way selection module; wherein the address decoding module is used to convert the binary code into a corresponding output signal to decode the address of the slave device; and the multi-way selection module is used to select the slave device after the decoded address.
在一些示例中,所述地址解码模块可选用地址解码器。地址解码器的解码过程是编码的逆过程,作用是将具有特定含义的二进制码转换成对应的输出信号。可选的,地址解码器包括但不限于如下两种类型:二进制解码器或唯一地址解码器、代码变换器。二进制解码器或唯一地址解码器是指将一系列代码转换成与之一一对应的有效信号,常用于计算机中对存储器单元地址的解码,即是将每一个地址代码转换成一个有效信号,从而选中对应的单元。代码变换器是指将一种代码转换成另一种代码。In some examples, the address decoding module may use an address decoder. The decoding process of the address decoder is the inverse process of encoding, and its function is to convert a binary code with a specific meaning into a corresponding output signal. Optionally, the address decoder includes but is not limited to the following two types: a binary decoder or a unique address decoder, and a code converter. A binary decoder or a unique address decoder refers to converting a series of codes into a valid signal corresponding to one, and is commonly used in computers to decode the address of memory cells, that is, converting each address code into a valid signal to select the corresponding cell. A code converter refers to converting one code into another.
示例性地,以图3所展示的二进制解码器为例进行说明:二进制解码器有n位二进制码输入A0、A1……An-1,以及2n个输出Y0、Y1……Y2 n -1。此外,二进制解码器还设有使能端EI,在使能输入端EI为有效电平时,对应每组输入代码,只有其中一个输出端为有效电平,其余输出端则为相反电平。输出信号可以是高电平有效,也可以是低电平有效。For example, the binary decoder shown in FIG3 is used as an example for explanation: the binary decoder has n-bit binary code inputs A 0 , A 1 .....A n-1 , and 2 n outputs Y 0 , Y 1 .....Y 2 n -1 . In addition, the binary decoder is also provided with an enable terminal EI. When the enable input terminal EI is at an effective level, corresponding to each group of input codes, only one of the output terminals is at an effective level, and the other output terminals are at opposite levels. The output signal can be high level effective or low level effective.
在一些示例中,所述多路选择模块可选用多路选择器。多路选择器是一种在多路数据传输过程中能够根据需要将其中任意一路选出来的电路。多路选择器可具体选用4选1数据选择器、8选1数据选择器、16选1数据选择器等。除此之外,多路选择器还包括总线的多路选择、模拟信号的多路选择等,本实施例对此不做限定。In some examples, the multi-way selection module may use a multi-way selector. A multi-way selector is a circuit that can select any one of the multi-way data transmissions as needed. The multi-way selector may specifically use a 4-to-1 data selector, an 8-to-1 data selector, a 16-to-1 data selector, etc. In addition, the multi-way selector also includes bus multi-way selection, analog signal multi-way selection, etc., which are not limited in this embodiment.
于本发明实施例中,从设备在完成准备工作的情况下,向主设备发送对应的准备就绪反馈信号;主设备发送待访问从设备的地址信息以及其自己的主设备标志号MID到总线上。主设备标志号MID随待访问从设备的地址信息一起被发送,从设备接收到待访问从设备的地址信息时也会收到主设备标志号MID,因此从设备的安全检查模块会分析该主设备是否拥有对自己的读写权限。In the embodiment of the present invention, when the slave device completes the preparation work, it sends a corresponding ready feedback signal to the master device; the master device sends the address information of the slave device to be accessed and its own master device identification number MID to the bus. The master device identification number MID is sent together with the address information of the slave device to be accessed, and the slave device will also receive the master device identification number MID when receiving the address information of the slave device to be accessed, so the security check module of the slave device will analyze whether the master device has the read and write permissions to itself.
进一步地,从设备中预设有访问权限分配表,所述访问权限分配表用于与当前主设备标志信息进行比较。所述从设备中的访问权限分配表用于记录并表征如下各维度的信息:主设备标志号、读权限及写权限。Furthermore, the slave device is preset with an access permission allocation table, which is used to compare with the current master device identification information. The access permission allocation table in the slave device is used to record and characterize the following dimensions of information: master device identification number, read permission and write permission.
较为优选地,所述从设备中的访问权限分配表还用于记录并表征如下维度的信息:默认读权限和默认写权限。值得注意的是,当默认读权限或默认写权限的权限值为1时,代表即使在访问权限分配表中没有找到匹配的主设备标志号MID时,当前主设备也有对应的读权利或写权利。当默认读权限或默认写权限的权限值为0时,代表若在访问权限分配表中没有找到匹配的主设备标志号MID,则当前主设备没有对应的读权利或写权利。Preferably, the access permission allocation table in the slave device is also used to record and characterize information of the following dimensions: default read permission and default write permission. It is worth noting that when the permission value of the default read permission or the default write permission is 1, it means that even if a matching master device identification number MID is not found in the access permission allocation table, the current master device has the corresponding read right or write right. When the permission value of the default read permission or the default write permission is 0, it means that if a matching master device identification number MID is not found in the access permission allocation table, the current master device does not have the corresponding read right or write right.
较为优选地,从设备的访问权限分配表由BIOS固件配置。基本输入输出系统(Basic Input Output System,BIOS)包含了计算机在开机时需要运行的初始化程序。BIOS存储在主板上的只读存储器(Read-only Memory,ROM)芯片中,该芯片的内容是计算机出厂之前使用专业的生产设备写入的,出场后固化。由于BIOS固件才可信,从设备的访问权限分配表由固件来配置,这样可以增加设计的灵活性。Preferably, the access permission allocation table of the slave device is configured by the BIOS firmware. The Basic Input Output System (BIOS) contains the initialization program that needs to be run when the computer is turned on. The BIOS is stored in a read-only memory (ROM) chip on the motherboard. The content of the chip is written by professional production equipment before the computer leaves the factory and is solidified after leaving the factory. Since the BIOS firmware is trustworthy, the access permission allocation table of the slave device is configured by the firmware, which can increase the flexibility of the design.
为便于本领域技术人员理解,以下表1为例来对从设备中的访问权限表做进一步的说明,表中1个x代表1位配置的未知值,可以是0也可以是1。To facilitate understanding by those skilled in the art, the access permission table in the slave device is further described by taking Table 1 below as an example. In the table, 1 x represents an unknown value of 1-bit configuration, which can be 0 or 1.
表1:访问权限表Table 1: Access rights table
结合图4所展示的电路结构图,以2个比特位MID[1:0]为例对所述从设备中的安全检查模块的结构进行说明,所述安全检查模块包括Master ID比较器、第二与门44及第三与门45;所述Master ID比较器包括第一同或门41、第二同或门42及第一与门43。其中,第一同或门41的第一输入端41a输入访问权限表中对应比特位的主设备标志号,第二输入端41b输入总线上当前主设备的主设备标志号,输出端41c连接第一与门43的第一输入端43a。第二同或门42的第一输入端42a输入访问权限表中对应比特位的主设备标志号,第二输入端42b输入总线上当前主设备的主设备标志号,输出端42c连接第一与门43的第二输入端43b。In conjunction with the circuit structure diagram shown in FIG4 , the structure of the security check module in the slave device is described by taking two bits MID[1:0] as an example. The security check module includes a Master ID comparator, a second AND gate 44 and a third AND gate 45; the Master ID comparator includes a first XNOR gate 41, a second XNOR gate 42 and a first AND gate 43. Among them, the first input end 41a of the first XNOR gate 41 inputs the master device identification number of the corresponding bit in the access permission table, the second input end 41b inputs the master device identification number of the current master device on the bus, and the output end 41c is connected to the first input end 43a of the first AND gate 43. The first input end 42a of the second XNOR gate 42 inputs the master device identification number of the corresponding bit in the access permission table, the second input end 42b inputs the master device identification number of the current master device on the bus, and the output end 42c is connected to the second input end 43b of the first AND gate 43.
第一与门43的输出端43c分别连接第二与门44的第一输入端44a以及第三与门45的第一输入端45a;第二与门44的第二输入端44b输入访问权限表中对应比特位的主设备标志号所对应的读权限信号;第三与门45的第二输入端45b输入访问权限表中对应比特位的主设备标志号所对应的写权限信号。第二与门44的输出端44c的输出信号表征当前主设备对从设备的读权限判定结果;第三与门45的输出端45c的输出信号表征当前主设备对从设备的写权限判定结果。The output terminal 43c of the first AND gate 43 is connected to the first input terminal 44a of the second AND gate 44 and the first input terminal 45a of the third AND gate 45 respectively; the second input terminal 44b of the second AND gate 44 inputs the read permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; the second input terminal 45b of the third AND gate 45 inputs the write permission signal corresponding to the master device identification number of the corresponding bit in the access permission table. The output signal of the output terminal 44c of the second AND gate 44 represents the result of the current master device's read permission determination on the slave device; the output signal of the output terminal 45c of the third AND gate 45 represents the result of the current master device's write permission determination on the slave device.
对从设备中的安全检查模块的工作原理做进一步的解释说明如下:所述安全检查模块包括与mid_0、mid_1相对应的第一同或门41及第二同或门42,各同或门的第一输入端输入的是权限表中的mid信号,第二输入端输入的则是访问总线中的mid信号;只有当权限表中的mid信号与访问总线中的mid信号相同时,同或门的输出才为1。第一同或门41及第二同或门42的输出端均连接第一与门43的输入端,第一与门43的输出作为主设备标志号(Master ID)的比较结果。第一与门43的输出端分别连接第二与门44的其中一个输入端以及第三与门45的其中一个输入端,也即在确认当前主设备具有对从设备的访问权后再进一步确认具体的权限内容。其中,第二与门44的另一输入端输入的是访问权限表中的读权限信号,因此第二与门44的输出信号就是当前主设备对从设备的读权限判定结果。第三与门45的另一输入端输入的是访问权限表中的写权限信号,因此第三与门45的输出信号就是当前主设备对从设备的写权限判定结果。The working principle of the security check module in the slave device is further explained as follows: the security check module includes a first XOR gate 41 and a second XOR gate 42 corresponding to mid_0 and mid_1, and the first input end of each XOR gate inputs the mid signal in the permission table, and the second input end inputs the mid signal in the access bus; only when the mid signal in the permission table is the same as the mid signal in the access bus, the output of the XOR gate is 1. The output ends of the first XOR gate 41 and the second XOR gate 42 are both connected to the input end of the first AND gate 43, and the output of the first AND gate 43 is used as the comparison result of the master device identification number (Master ID). The output end of the first AND gate 43 is respectively connected to one of the input ends of the second AND gate 44 and one of the input ends of the third AND gate 45, that is, after confirming that the current master device has the access right to the slave device, the specific permission content is further confirmed. Among them, the other input end of the second AND gate 44 inputs the read permission signal in the access permission table, so the output signal of the second AND gate 44 is the result of the current master device's read permission determination on the slave device. The other input terminal of the third AND gate 45 is input with a write permission signal in the access permission table, so the output signal of the third AND gate 45 is the determination result of the write permission of the current master device to the slave device.
值得说明的是,本发明提供的技术方案,对主设备的MID编码是基于硬件实现的,而从设备的访问权限分配也是基于硬件实现的。因此,不管入侵者从软件上如何破解都不可能有权利或能力在硬件层次上攻破安全防火墙,进而大大提升了数据访问的安全性。It is worth noting that the technical solution provided by the present invention implements the MID encoding of the master device based on hardware, and the access rights allocation of the slave device is also based on hardware. Therefore, no matter how the intruder cracks the software, he will not have the right or ability to break through the security firewall at the hardware level, thereby greatly improving the security of data access.
除此之外,对于从设备的访问权限表,业界仅仅给出了一个通用权限值,即对连接总线的主设备的权限进行了一刀切,只要有特权谁都可以访问从设备,无法做到权限管理细分到个体模块。本发明则是将访问权利的管理细分到个体模块或同类模块,权限管理更精细也更灵活。In addition, for the access permission table of slave devices, the industry only gives a general permission value, that is, the permission of the master device connected to the bus is one-size-fits-all, and anyone with privileges can access the slave device, and it is impossible to subdivide the permission management into individual modules. The present invention subdivides the management of access rights into individual modules or modules of the same type, and the permission management is more refined and flexible.
上文,对本发明实施例提供的一种基于硬件式访问权限管理的计算系统的结构做了相应的解释。下文,将结合图2以一具体的实例展示来对本发明提的技术方案做进一步的说明,详细过程描述如下。In the above, the structure of a computing system based on hardware access rights management provided by an embodiment of the present invention is explained accordingly. Hereinafter, the technical solution of the present invention will be further explained by combining FIG. 2 with a specific example, and the detailed process is described as follows.
步骤(1):在从设备(例如SPI接口设备)准备就绪的情况下,从设备会发送一个Ready信号给主设备。主设备(例如中央处理器CPU)要读写某个从设备,则发送该从设备的地址到总线。同时向总线发出的还有主设备的MID信号。Step (1): When the slave device (e.g., SPI interface device) is ready, it will send a Ready signal to the master device. If the master device (e.g., CPU) wants to read or write a slave device, it will send the address of the slave device to the bus. At the same time, the master device's MID signal will also be sent to the bus.
步骤(2):总线上的地址解码器解码所述从设备的地址,然后选中该设备,多路选择器MUX选择打通被选中的从设备的数据、地址及MID通道。Step (2): The address decoder on the bus decodes the address of the slave device and then selects the device. The multiplexer MUX selects and opens the data, address and MID channels of the selected slave device.
步骤(3):被选中的从设备得到要访问自己的主设备标志号MID后,将主设备标志号MID与预设好的访问权限表中的主设备标志号MID进行比较。若比较结果为相同,则进一步比较是否有读写的权利。Step (3): After the selected slave device obtains the master device identification number MID to be accessed, it compares the master device identification number MID with the master device identification number MID in the preset access permission table. If the comparison result is the same, it further compares whether it has the right to read and write.
以图5展示的访问权限表为例进行说明:若来自总线的主设备标志号MID等于访问权限表中的mid_0,并且表中的读权限Ren_0的值为1,则说明本次访问权限为可以进行读操作;若表中的写权限wen_0的值为1,则说明本次访问权限为可以进行写操作。访问权限表中可以列出多个主设备的权限情况,这样最终确定是否可以读写从设备。Take the access permission table shown in Figure 5 as an example: if the master device identifier MID from the bus is equal to mid_0 in the access permission table, and the value of the read permission Ren_0 in the table is 1, it means that the access permission is for reading; if the value of the write permission wen_0 in the table is 1, it means that the access permission is for writing. The access permission table can list the permissions of multiple master devices, so as to finally determine whether the slave device can be read or written.
步骤(4):若有权访问则正常访问,若无权访问则忽略该访问或报错。例如图2中所展示的,在正常读操作时,SPI接口设备可将数据上传至系统控制处理器(System ControlProcessor,SCP);无权访问时则报告访问错误。Step (4): If the access is authorized, the access is performed normally; if the access is not authorized, the access is ignored or an error is reported. For example, as shown in FIG2 , during a normal read operation, the SPI interface device can upload data to the system control processor (SCP); if the access is not authorized, an access error is reported.
如图6所示,展示了本发明实施例中的一种硬件式访问权限管理方法的流程示意图。本发明实施例中的硬件式访问权限管理方法应用于与总线电性连接的从设备;所述总线还电性连接若干主设备;所述方法具体包括如下各步骤:As shown in Figure 6, a flowchart of a hardware-based access rights management method in an embodiment of the present invention is shown. The hardware-based access rights management method in an embodiment of the present invention is applied to a slave device electrically connected to a bus; the bus is also electrically connected to a number of master devices; the method specifically includes the following steps:
步骤S61:响应于总线对当前主设备发出的待访问从设备的地址信息的地址解码操作,而将连同所述待访问从设备的地址信息一并发出的主设备标注信息与预设访问权限分配表中的主设备标志信息进行比较。Step S61: In response to the bus address decoding operation on the address information of the slave device to be accessed issued by the current master device, the master device tag information issued together with the address information of the slave device to be accessed is compared with the master device flag information in the preset access permission allocation table.
在一些示例中,所述访问权限分配表用于记录并表征如下各维度的信息:主设备标志号、读权限及写权限。In some examples, the access permission allocation table is used to record and characterize information in the following dimensions: master device identification number, read permission, and write permission.
进一步地,所述访问权限分配表还用于记录并表征如下维度的信息:默认读权限和默认写权限;其中,所述默认读权限用于表征在访问权限分配表中没有找到匹配的主设备标志号的情况下,默认当前主设备具备或不具备对应的读权利;所述默认写权限用于表征在访问权限分配表中没有找到匹配的主设备标志号的情况下,默认当前主设备具备或不具备对应的写权利。Furthermore, the access permission allocation table is also used to record and characterize information of the following dimensions: default read permission and default write permission; wherein, the default read permission is used to characterize that when no matching master device identification number is found in the access permission allocation table, it is assumed that the current master device has or does not have the corresponding read right; the default write permission is used to characterize that when no matching master device identification number is found in the access permission allocation table, it is assumed that the current master device has or does not have the corresponding write right.
在一些示例中,所述从设备通过安全检查模块执行如下:将当前主设备的主设备标志信息与预设访问权限分配表中的主设备标志信息进行比较,并根据比较结果判断当前主设备的访问权利。In some examples, the slave device performs the following through the security check module: compares the master device identification information of the current master device with the master device identification information in a preset access authority allocation table, and determines the access rights of the current master device according to the comparison result.
进一步地,所述安全检查模块包括:与主设备标志号的比特位数量相适应的若干个同或门、第一与门、第二与门及第三与门;各所述同或门包括第一输入端和第二输入端,所述第一输入端输入访问权限表中对应比特位的主设备标志号,第二输入端输入总线上当前主设备的主设备标志号;各所述同或门的输出端连接第一与门;所述第一与门的输出端分别连接第二与门的第一输入端及第三与门的第一输入端;所述第二与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的读权限信号;所述第三与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的写权限信号;其中,所述第二与门的输出信号表征当前主设备对从设备的读权限判定结果;所述第三与门的输出信号表征当前主设备对从设备的写权限判定结果。Further, the security check module includes: a number of XENOR gates, a first AND gate, a second AND gate and a third AND gate corresponding to the number of bits of the master device identification number; each of the XENOR gates includes a first input end and a second input end, the first input end inputs the master device identification number of the corresponding bit in the access permission table, and the second input end inputs the master device identification number of the current master device on the bus; the output end of each of the XENOR gates is connected to the first AND gate; the output ends of the first AND gate are respectively connected to the first input end of the second AND gate and the first input end of the third AND gate; the second input end of the second AND gate inputs the read permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; the second input end of the third AND gate inputs the write permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; wherein, the output signal of the second AND gate represents the result of the read permission determination of the current master device on the slave device; the output signal of the third AND gate represents the result of the write permission determination of the current master device on the slave device.
步骤S62:根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。Step S62: Determine the access rights of the current master device according to the comparison result, and make a corresponding response to the access request of the current master device accordingly.
在一些示例中,从设备对当前主设备的访问请求做出相应的响应,包括如下几种可能的响应:若当前主设备被判断为没有读权利和写权利,则从设备做出拒绝访问的响应;若当前主设备被判断为具有读权利而不具有写权利,则从设备做出接受当前主设备读访问而拒绝写访问的响应;若当前主设备被判断为具有写权利而不具有读权利,则从设备做出接受当前主设备写访问而拒绝读访问的响应;若当前主设备被判断为具有读权利和写权利,则从设备做出接受当前主设备读访问和写访问的响应。In some examples, the slave device makes a corresponding response to the access request of the current master device, including the following possible responses: if the current master device is judged to have no read rights and write rights, the slave device responds by denying access; if the current master device is judged to have read rights but not write rights, the slave device responds by accepting read access from the current master device but denying write access; if the current master device is judged to have write rights but not read rights, the slave device responds by accepting write access from the current master device but denying read access; if the current master device is judged to have both read and write rights, the slave device responds by accepting read and write access from the current master device.
需说明的是,上述实施例提供的硬件式访问权限管理方法与基于硬件式访问权限管理的计算系统实施例属于同一构思,其具体实现过程详见系统实施例,这里不再赘述。It should be noted that the hardware access permission management method provided in the above embodiment and the computing system embodiment based on hardware access permission management belong to the same concept, and the specific implementation process is detailed in the system embodiment, which will not be repeated here.
本发明还提供一种总线设备,包括:安全检查模块;所述安全检查模块用于响应于总线对当前主设备发出的待访问从设备的地址信息的地址解码操作,而将连同所述待访问从设备的地址信息一并发出的主设备标注信息与预设访问权限分配表中的主设备标志信息进行比较;根据比较结果判断当前主设备的访问权利,据以对当前主设备的访问请求做出相应的响应。The present invention also provides a bus device, comprising: a security check module; the security check module is used to respond to the address decoding operation of the bus on the address information of the slave device to be accessed issued by the current master device, and compare the master device marking information issued together with the address information of the slave device to be accessed with the master device flag information in a preset access permission allocation table; judge the access rights of the current master device according to the comparison result, and make a corresponding response to the access request of the current master device accordingly.
进一步地,所述安全检查模块包括:与主设备标志号的比特位数量相适应的若干个同或门、第一与门、第二与门及第三与门;各所述同或门包括第一输入端和第二输入端,所述第一输入端输入访问权限表中对应比特位的主设备标志号,第二输入端输入总线上当前主设备的主设备标志号;各所述同或门的输出端连接第一与门;所述第一与门的输出端分别连接第二与门的第一输入端及第三与门的第一输入端;所述第二与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的读权限信号;所述第三与门的第二输入端输入访问权限表中对应比特位的主设备标志号所对应的写权限信号;其中,所述第二与门的输出信号表征当前主设备对从设备的读权限判定结果;所述第三与门的输出信号表征当前主设备对从设备的写权限判定结果。Further, the security check module includes: a number of XENOR gates, a first AND gate, a second AND gate and a third AND gate corresponding to the number of bits of the master device identification number; each of the XENOR gates includes a first input end and a second input end, the first input end inputs the master device identification number of the corresponding bit in the access permission table, and the second input end inputs the master device identification number of the current master device on the bus; the output end of each of the XENOR gates is connected to the first AND gate; the output ends of the first AND gate are respectively connected to the first input end of the second AND gate and the first input end of the third AND gate; the second input end of the second AND gate inputs the read permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; the second input end of the third AND gate inputs the write permission signal corresponding to the master device identification number of the corresponding bit in the access permission table; wherein, the output signal of the second AND gate represents the result of the read permission determination of the current master device on the slave device; the output signal of the third AND gate represents the result of the write permission determination of the current master device on the slave device.
需说明的是,上述实施例提供的总线设备与基于硬件式访问权限管理的计算系统实施例属于同一构思,其具体实现过程详见系统实施例,这里不再赘述。It should be noted that the bus device provided in the above embodiment and the computing system embodiment based on hardware access permission management belong to the same concept, and the specific implementation process is detailed in the system embodiment, which will not be repeated here.
综上所述,本申请提供基于硬件式访问权限管理的计算系统、方法及总线设备,本发明对主设备的MID编码是基于硬件实现的,而从设备的访问权限分配也是基于硬件实现的。因此,不管入侵者从软件上如何破解都不可能有权利或能力在硬件层次上攻破安全防火墙,进而大大提升了数据访问的安全性。对于从设备的访问权限表,业界仅仅给出了一个通用权限值,即对连接总线的主设备的权限进行了一刀切,只要有特权谁都可以访问从设备,无法做到权限管理细分到个体模块。本发明则是将访问权利的管理细分到个体模块或同类模块,权限管理更精细也更灵活。所以,本申请有效克服了现有技术中的种种缺点而具高度产业利用价值。In summary, the present application provides a computing system, method and bus device based on hardware-based access rights management. The present invention implements the MID encoding of the master device based on hardware, and the access rights allocation of the slave device is also implemented based on hardware. Therefore, no matter how the intruder cracks the software, it is impossible to have the right or ability to break through the security firewall at the hardware level, thereby greatly improving the security of data access. For the access rights table of the slave device, the industry only gives a general permission value, that is, the permissions of the master device connected to the bus are one-size-fits-all. Anyone with privileges can access the slave device, and it is impossible to subdivide the permission management into individual modules. The present invention subdivides the management of access rights into individual modules or similar modules, and the permission management is more refined and flexible. Therefore, the present application effectively overcomes the various shortcomings in the prior art and has a high industrial utilization value.
上述实施例仅例示性说明本申请的原理及其功效,而非用于限制本申请。任何熟悉此技术的人士皆可在不违背本申请的精神及范畴下,对上述实施例进行修饰或改变。因此,举凡所属技术领域中具有通常知识者在未脱离本申请所揭示的精神与技术思想下所完成的一切等效修饰或改变,仍应由本申请的权利要求所涵盖。The above embodiments are merely illustrative of the principles and effects of the present application and are not intended to limit the present application. Anyone familiar with the technology may modify or change the above embodiments without violating the spirit and scope of the present application. Therefore, all equivalent modifications or changes made by a person of ordinary skill in the art without departing from the spirit and technical ideas disclosed in the present application shall still be covered by the claims of the present application.
Claims (7)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311393535.5A CN117459268B (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
CN202410979601.5A CN118972105A (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311393535.5A CN117459268B (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410979601.5A Division CN118972105A (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117459268A CN117459268A (en) | 2024-01-26 |
CN117459268B true CN117459268B (en) | 2024-08-23 |
Family
ID=89590334
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410979601.5A Pending CN118972105A (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
CN202311393535.5A Active CN117459268B (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410979601.5A Pending CN118972105A (en) | 2023-10-25 | 2023-10-25 | Computing system, method and bus device based on hardware access permission management |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN118972105A (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115221086A (en) * | 2022-07-11 | 2022-10-21 | Oppo广东移动通信有限公司 | Bus control system, method and electronic device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7454787B2 (en) * | 2004-01-13 | 2008-11-18 | Hewlett-Packard Development Company, L.P. | Secure direct memory access through system controllers and similar hardware devices |
US9557995B2 (en) * | 2014-02-07 | 2017-01-31 | Arm Limited | Data processing apparatus and method for performing segmented operations |
CN110968544B (en) * | 2019-11-22 | 2021-10-08 | 华中科技大学 | An SoC storage system based on embedded spin transfer torque magnetic random access memory |
US11805125B2 (en) * | 2021-05-26 | 2023-10-31 | Microsoft Technology Licensing, Llc | Task based access rights control |
CN115659379B (en) * | 2022-12-15 | 2023-04-28 | 芯动微电子科技(珠海)有限公司 | Bus access authority control method and device |
-
2023
- 2023-10-25 CN CN202410979601.5A patent/CN118972105A/en active Pending
- 2023-10-25 CN CN202311393535.5A patent/CN117459268B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115221086A (en) * | 2022-07-11 | 2022-10-21 | Oppo广东移动通信有限公司 | Bus control system, method and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN117459268A (en) | 2024-01-26 |
CN118972105A (en) | 2024-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102013841B1 (en) | Method of managing key for secure storage of data, and and apparatus there-of | |
US12147588B2 (en) | Controlled access to data stored in a secure partition | |
CN108073837B (en) | A bus safety protection method and device | |
US8955144B2 (en) | Protecting information processing system secrets from debug attacks | |
US20120036347A1 (en) | Providing fast non-volatile storage in a secure environment | |
EP2587376A2 (en) | Systems and methods for semaphore-based protection of shared system resources | |
US20030172214A1 (en) | Data processing system with peripheral access protection and method therefor | |
CN108491727B (en) | Safety processor integrating general calculation, trusted calculation and password calculation | |
US20100293392A1 (en) | Semiconductor device having secure memory controller | |
KR20060032954A (en) | Method and apparatus for determining access permission | |
CN106919521A (en) | On-chip system and system and mobile device including on-chip system | |
HK1215609A1 (en) | Protecting critical data structures in an embedded hypervisor system | |
US11829492B1 (en) | System and method for hardware-based register protection mechanism | |
CN101299228A (en) | Safe network terminal based on single CPU dual bus | |
US20190205049A1 (en) | Memory controller, method for performing access control to memory module | |
CN106933764A (en) | A kind of credible password module and its method of work based on domestic TCM chips | |
CN117459268B (en) | Computing system, method and bus device based on hardware access permission management | |
WO2023177671A1 (en) | Host controlled electronic device testing | |
US20230171229A1 (en) | Hardware firewalls with adaptive deny-by-default (dbd) access control | |
CN113821472B (en) | System single chip and control method | |
US7676608B1 (en) | System for extending Multiple Independent Levels of Security (MILS) partitioning to input/output (I/O) devices | |
CN108197457B (en) | Hard disk security control method and device | |
US10192054B2 (en) | Automatic pairing of IO devices with hardware secure elements | |
US20230208821A1 (en) | Method and device for protecting and managing keys | |
US12101293B2 (en) | System on chip firewall memory architecture |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |