EP2984572A1 - Système de traitement de données anti logiciels malveillants - Google Patents

Système de traitement de données anti logiciels malveillants

Info

Publication number
EP2984572A1
EP2984572A1 EP14715865.3A EP14715865A EP2984572A1 EP 2984572 A1 EP2984572 A1 EP 2984572A1 EP 14715865 A EP14715865 A EP 14715865A EP 2984572 A1 EP2984572 A1 EP 2984572A1
Authority
EP
European Patent Office
Prior art keywords
data
processor
memory
access
main
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP14715865.3A
Other languages
German (de)
English (en)
Inventor
Friedhelm Becker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP2984572A1 publication Critical patent/EP2984572A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • G06F13/12Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
    • G06F13/122Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor where hardware performs an I/O function other than control of data transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1483Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • the present invention relates to a data processing system having the features of the preamble of claim 1.
  • Electronic data processing systems are complex structures for solving data processing tasks. They are composed of subsystems whose interaction enables the task to be fulfilled. Important subsystems are: a) the instrumental components: hardware, software, firmware (microprogramming), orgware (organizational knowledge) and b) the application side components: tasks, users,
  • a control unit Underlying the architecture: a control unit, an arithmetic unit, a memory, an input unit and an output unit.
  • the central unit is the main memory and the main processor, which contains the control and calculator.
  • the main processor carries information from the
  • Main memory in its own registers and back via a bus system, which consists of a bidirectional instruction bus and a bidirectional operand bus.
  • bus system which consists of a bidirectional instruction bus and a bidirectional operand bus.
  • both buses carry information that is interpreted as instructions or operands depending on the bus considered.
  • the transported data are determined by their respective address.
  • Both buses usually have access to the same memory areas.
  • malware can execute unwanted and potentially harmful functions within the computer system in the form of computer programs by the user. Malware benefits from the
  • Hardware architecture commercial computer in that they come in the form of operands or modified instructions in the memory areas and from there via the instruction bus to the processors in which they cause their harmful effect.
  • This process has as its main disadvantage that it is the creations of the creators of
  • a data processing system comprises at least one
  • Main processor at least one permanent data storage and
  • At least one main processor is connected to at least one input / output hardware (interface), and wherein the at least one main processor communicates with the at least one
  • Main memory communicates via at least one instruction bus and via at least one operand bus and communicates bidirectionally separately with the at least one permanent data memory provided with at least one loading processor which communicates bidirectionally with at least one permanent software memory and at least one external software memory and which communicates with the at least one main memory via at least one instruction bus and at least one
  • Main processor communicates, wherein the communication between the at least one main processor and the at least one random access memory via the at least one instruction bus and the at least one
  • Operand bus takes place, the communication between the at least one loading processor and the at least one main memory via the at least one instruction bus and the at least one operand bus, both the communication between the at least one main processor and the at least one input / output hardware and the at least one permanent data memory as well as the communication between the at least one loading processor and the at least one external one
  • Software memory and the at least one permanent software storage are controlled by access attributes. Due to the presence of the main processor and the separate charging processor, the
  • the data in the at least one main memory are categorized according to data categories, wherein in
  • main processor access attributes for the at least one main processor and load processor access attributes for the at least one loading processor, and wherein data of the same data categories are the same
  • Main processor and load processor may be different to the same data category.
  • the following data categories are preferably provided: address data, instructions, function-internal data, target data of the at least one
  • Main processors main processor target data
  • target data of the at least one loading processor loading processor target data
  • the at least one main processor has no access to the at least one permanent software memory, access to the at least one
  • Charge processor target data of the at least one charging processor has.
  • the at least one loading processor has access to the at least one external software memory and that this is limited to the access mode "read” and has access to the at least one permanent software memory and this in the access modes
  • Main processor target data of the at least one main processor.
  • the data processing system comprises a media processor which communicates via at least one instruction bus and at least one operand bus in each case bidirectionally with at least one separate main memory for media data, wherein the media processor has its own has permanent media data storage with which it communicates bidirectionally, and where the Media processor with its own input / output hardware (interface) is connected.
  • the bidirectional access of the main processor to the media data via the operand bus enables the computer system to securely execute software made available to media.
  • the data processing system is applicable.
  • the main processors can be used independently of one another, each main processor having a memory for main processor target data which is permanently assigned to it
  • Arrangement can be realized, for example, a computer system with "red-black separation".
  • main processors are used independently, all the main processors having common memory for main processor target data with access attributes "Write” and "Read".
  • the shared memory for common target data for controlled data transfer does not exist here and is replaced by a shared memory for all main processor target data.
  • an external reading device for reading software is provided in the main memory and that the reading device is controlled by the at least one charging processor, wherein the at least one charging processor with the external reading device for software forms an interface that physically so is set up that conventional
  • Data carriers for data carriers can not be operated so that inadvertent loading of software is prevented.
  • An external reader may be desirable, for example, in organizations where the same computing equipment is required in terms of software.
  • Charger is connected to the computer system.
  • the data categories may be preferable for the data categories to have functionally internal data (13) and
  • Loading processor target data (15) are assigned to the same physical memory.
  • a computer program implementing programs executing on the von Neumann architecture or the Harvard architecture is preferably provided, the conversion taking place in such a way that the data categories are created and generated as data segments which are generated by the
  • Data processing systems according to the invention can be processed.
  • FIG. 1 shows a block diagram of a Von Neumann hardware architecture
  • Fig. 2 is a block diagram of an inventive arrangement with
  • 3 is a block diagram of the inventive arrangement with additional media processor
  • Fig. 4 is a block diagram of an inventive arrangement with
  • Fig. 5 is a block diagram of an inventive arrangement with
  • Fig. 6 is a block diagram of an arrangement according to the invention with two independent main processors, each main processor communicating with dedicated main memory destination data memory and both
  • FIG. 7 shows a block diagram of an arrangement according to the invention with two independent main processors, wherein the
  • Major processors have shared memory for main processor target data.
  • Fig. 1 shows the prior art in the form of a block diagram.
  • the illustrated von Neumann hardware architecture consists of a
  • Main processor 1 a random access memory 2, a permanent one
  • Data memory 3 an input / output hardware 4 and a bus system 50.
  • bus system 50 a distinction is made between instruction bus 60, which transmits the instructions and operand bus 70, which transmits the operands.
  • the main processor 1 communicates bidirectionally with the main memory 2 via the bus system 50. Furthermore, the main processor 1 has bidirectional access to the permanent data memory 3.
  • Fig. 2 is an embodiment of the invention
  • the loading processor 8 communicates bidirectionally with its own permanent memory 9 for storing software and its own external software memory 10. Both processors are connected via a respective bus system 50, 51 in conjunction with a main memory 2.
  • the bus systems 50, 51 each comprise an instruction bus 60, 61 and a
  • Operand bus 70, 71 which the respective processor 1, 8 with the
  • Memory 2 connect.
  • the memory 2 is divided into five physical memory units. In these are the following
  • the main processor 1 and the loading processor 8 have different access rights to the working storage units according to the data categories.
  • the bus structure 50, 51 becomes closer with the definitions of the data categories and the access rights
  • the first category of data is that of instructions 11.
  • Instructions 11 are the smallest pieces of software to be executed by the processors. They are read-only accessible to all instructed processors via their instruction bus 60, 61. Only the loading processor 8 may access instructions 11 via its operand bus 71, which is a prerequisite for loading software. Instructions 11 are generated and loaded as part of the generation of software under quality and configuration control.
  • Address data 12 serve to associate values with the addresses of the associated software functions. They are read-only accessible to all processors 1 dependent thereon via their operand bus 70. Only the loading processor 8 may write access to address data 12 via its operand bus 71, which is a prerequisite for loading software. Address data 12 are used in the generation of software under quality and
  • Another data category is the function-internal data 13.
  • Functional data 13 are part of the software that controls the Functional sequence serve. They are accessible to read and write access for all processors 1, 8 dependent thereon via their operand bus 70, 71.
  • In-house data 13 are generated and loaded as part of the generation of software under quality and configuration control.
  • Another category is the target data for the main processor 14. This data is not part of the program function, but program functions affect that data. They are for the main processor 1 and additional
  • Processors write and read accessible via their operand bus 70.
  • the loading processor 8 has no access - neither writing nor reading - to this target data 14. This prevents target data 14 can get in this way in memory areas, the instructions 11 or
  • Address data 12 are reserved.
  • main memory 2 Furthermore, the main memory 2, the category target data for the
  • Target data for the load processor 15 is data that has software functions that do not belong to the software function. They are writable and read accessible only for the loading processor 8 via its operand bus 71. The main processor 1 has no access to this target data 15.
  • the loading processor 8 is hierarchically subordinate to the main processor 1. Its instruction bus 61 and operand bus 71 are of those of the main processor 1.
  • Main processors 60, 70 separate and independent. He has to fulfill the following tasks:
  • the system environment determines the performance of the loading processor 8. For systems with a low number of software loads, eg. B.
  • the load processor 8 may be an external component that is connected to the system only for this purpose.
  • the main processor 1 fulfills all other intended tasks of the
  • the main processor 1 is not in the intended transfer of
  • Main processor 1 has access to this data.
  • the loading processor 8 has no access to this data, neither writing nor reading.
  • non-volatile memory for software 9 are data of the categories
  • the loading processor 8 can access this data in writing and reading. No other processor is allowed to access this memory. Access to this Memory 9 is exclusively related to installing and initializing software.
  • the permanent software memory 9 is described solely for the purpose of software installation.
  • FIG. 3 shows the main component
  • the structure has a permanent media data memory 16, a media data memory 17, a media data bus system with instruction and
  • Operand bus 62, 72, a dedicated input / output hardware 40 and a media processor 18 for the processing of data and for the execution of software that are made available via media.
  • the media processor 18 communicates bi-directionally with the input / output hardware 40 and has no access to the other present memories 2, 3, 9.
  • Media data memory 17 has access to only the media processor associated media processor 18 and the main processor 1. Furthermore, only the media associated with the permanent media data store 16
  • the computer system is thus able by means of a separate media processor 18 to securely execute the software made available by the media.
  • FIG. 4 essentially shows the block diagram from FIG. 2, wherein the external software memory has been replaced by an external software device 19.
  • the interface to the external software carrier reader 19 is physically arranged so that conventional disk readers can not be operated thereby preventing inadvertent software loading.
  • Applications of this invention are, for example, in embedded systems and in organizations where the same
  • FIG. 5 shows next to a main processor 1, which communicates bidirectionally with an input / output hardware 4 and a permanent data memory 3, a memory 2, via a
  • Bus system 50 is in communication with the main processor 1 and an external charger 20 for loading software.
  • the bus system 50 includes for communication between the main processor 1 and memory 2 a Instruction bus 60 and an operand bus 70.
  • the memory 2 is divided into four physical memory units. The following data categories are stored in these: instructions 11, address data 12,
  • the main processor 1 and the external charger 20 have different access rights to the data according to the data categories
  • the external charger 20 exclusively accesses the instructions 11, address data 12 and function-internal data 13
  • the main processor 1 reads the instructions 11 via the instruction bus 60 and the address data 12 of the main memory 2 via the operand bus 70. Furthermore, the main processor 1 can write to and read the function-internal data 13 and the target data of the
  • Main processor 14 of the working memory 2 access.
  • the external charger 20 represents a separate processor for loading software, wherein the computer system thus equipped does not have its own loading processor and its associated memory. Thus, it does not have the ability to read software directly from external software storage, or to configure software during operation.
  • an external device is required in this embodiment, which physically via a corresponding
  • Exemplary embodiments are, for example, systems whose software is not configured during operation.
  • FIG. 6 shows a first and a second main processor 1, 21, which function independently of each other and which each have a fixed set of associated functional elements.
  • the respective main processor 1, 21 is bidirectionally connected to the respective input / output hardware 4, 22 and the respective permanent data memory 3, 23. Furthermore, each main processor 1, 21 has a
  • Bus system consisting of instruction and operand bus 60, 63, 70, 73 via which it communicates with the respective main memory 2, 24.
  • the respective working memory 2, 24 is physically separated from each other in four
  • the loading processor 8 which communicates bidirectionally with an external software memory 10 and a permanent software memory 9, has a bus system consisting of an instruction bus and an operand bus 61, 71. There is also additional memory for the target data of the
  • the respective main processor 1, 21 accesses via the respective instruction bus 60, 63 to the instructions 11, 25 and via the operand bus 70, 73 to the address data 12, 26 of the respective random access memory 2, 24 to read. Both read and write the access of the respective main processor 1, 21 takes place on the function-internal data 13, 27 and the target data of the respective main processor 14, 28 in the respective random access memory 2, 24. Bidiretational grab both main processors 1, 21 via their respective operand bus 70, 73 to the memory for transfer data 29 too. On the instructions 11 of the first main processor 1 and the instructions 25 of the second
  • Main processor 21 is writing from the loading processor 8 via the
  • Operand bus 71 accessed.
  • Main processors 1 are read by the instruction bus 61 of the loading processor 8. Via the operand bus 71 of the loading processor 8, the address data 12, 26 and the function-internal data 13, 27 of the respective main processor 1, 21 and target data of the loading processor 15 are bidirectionally accessed.
  • This two-processor version allows, for example, the secure transfer of data between networks with different
  • the computer systems usually have access to both networks, namely software that has been specially structured and extensively tested for this purpose in order to prevent unintentional or unauthorized data transfers. The same problem occurs in the
  • FIG. 7 shows a further embodiment whose block diagram in FIG.
  • Main memory for target data of the main processors 30 is present, to which both main processors 1, 21 bidirectionally access via their respective operand bus 70, 73.
  • a typical operand bus 70, 73 In this embodiment, a typical
  • Target data for the load processor within the in-function data In this case, the data category target data of the loading processor can be dispensed with.
  • Data processing system is applicable in principle to all sizes, from mainframes and multiprocessor systems down to mobile devices. It is understood that the inventive
  • Data processing system is not limited to the described computer components and number of processors. Depending on the given

Abstract

L'invention concerne un système de traitement de données à séparation stricte des tâches de processeur et des catégories de données, les tâches de processeur étant séparées en chargement et initialisation de logiciels (processeur de chargement (8)) et en traitement de fichiers (processeur principal (1)) et les catégories de données étant séparées en données d'adresse (12), en instructions (11), en données spécifiques de fonction (13), en données cibles du processeur principal (14) et en données cibles du processeur de chargement (15). L'invention assure de ce fait une protection contre les logiciels malveillants indépendamment du support de transmission et du type de logiciel malveillant, ainsi qu'une protection contre de futurs logiciels malveillants et sans pertes de puissance du système informatique.
EP14715865.3A 2013-04-09 2014-03-27 Système de traitement de données anti logiciels malveillants Withdrawn EP2984572A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102013005971.2A DE102013005971B3 (de) 2013-04-09 2013-04-09 Schadsoftware-sicheres Datenverarbeitungssystem
PCT/EP2014/056190 WO2014166753A1 (fr) 2013-04-09 2014-03-27 Système de traitement de données anti logiciels malveillants

Publications (1)

Publication Number Publication Date
EP2984572A1 true EP2984572A1 (fr) 2016-02-17

Family

ID=50442491

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14715865.3A Withdrawn EP2984572A1 (fr) 2013-04-09 2014-03-27 Système de traitement de données anti logiciels malveillants

Country Status (4)

Country Link
US (1) US9881169B2 (fr)
EP (1) EP2984572A1 (fr)
DE (1) DE102013005971B3 (fr)
WO (1) WO2014166753A1 (fr)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6112263A (en) * 1997-12-15 2000-08-29 Intel Corporation Method for multiple independent processes controlling access to I/O devices in a computer system
JP3623379B2 (ja) * 1998-12-01 2005-02-23 富士通株式会社 マイクロプロセッサ
US6615890B1 (en) * 2000-06-09 2003-09-09 Venture Tape Corp. Tape applicator for glazing applications
US7000092B2 (en) * 2002-12-12 2006-02-14 Lsi Logic Corporation Heterogeneous multi-processor reference design
US8117642B2 (en) * 2008-03-21 2012-02-14 Freescale Semiconductor, Inc. Computing device with entry authentication into trusted execution environment and method therefor
US8478997B2 (en) * 2010-09-10 2013-07-02 Raytheon Company Multi-level security software architecture

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2014166753A1 *

Also Published As

Publication number Publication date
WO2014166753A1 (fr) 2014-10-16
US9881169B2 (en) 2018-01-30
DE102013005971B3 (de) 2014-08-28
US20160070916A1 (en) 2016-03-10

Similar Documents

Publication Publication Date Title
DE10197121B4 (de) Neuer Prozessormodus zum Begrenzen des Betriebes von auf einer virtuellen Maschine laufender Gast-Software mit Unterstützung eines Virtuelle-Maschine-Monitors
DE10392320B4 (de) Verfahren und Vorrichtung zum Laden eines vertrauenswürdigen Betriebssystems
EP2807558B1 (fr) Contrôleur de mémoire pour la fourniture de plusieurs secteurs définis d'un support d'enregistrement de masse en tant que mémoire de masse indépendante sur un noyau du système d'exploitation maître en vue de la fourniture exclusive à des machines virtuelles
DE2458065C2 (de) Datenverarbeitungsanlage
DE102006061939B4 (de) Verfahren und Vorrichtung zum Zugriff auf eine speicherabgebildete Vorrichtung durch einen Gast
DE102018115670A1 (de) Technologien für die Ausführung von nicht vertrauenswürdigem Code mit Prozessor-Sandbox-Unterstützung
DE102013022299B3 (de) Schutz globaler Register in einem Multithreaded-Prozessor
DE102013200503A1 (de) Virtualisierungs-Support zum Speichern und Wiederherstellen von Zuständen einer Sprungvorhersage-Logik
DE102014003690A1 (de) Prozessoren, Verfahren und Systeme zur Befehlsemulation
DE112013001711T5 (de) Optimieren von Unterroutine-Aufrufen auf der Grundlage der Architekturebene einer aufgerufenen Unterroutine
DE102014003705A1 (de) Prozessoren, Verfahren und Systeme zur Befehlsemulation
DE112011102876T5 (de) Ressourcenverwaltungs- und Sicherheitssystem
DE102014002181B4 (de) Chip und Verfahren zum Betreiben eines Chips
DE112013004065B4 (de) Integrierte Schaltung
DE102018132970A1 (de) Verfahren und Vorrichtung zur Isolation von sensiblem nichtvertrauenswürdigem Programmcode auf mobilen Endgeräten
DE112007003206T5 (de) Neukonfigurieren eines sicheren Systems
DE102011108077A1 (de) Verfahren zur Speicherplatzverwaltung in einem multitaskingfähigen Datenverarbeitungssystem
WO2021122734A1 (fr) Procédé et dispositif d'exploitation d'un dispositif informatique
DE102008050631A1 (de) Datenverarbeitungssystem
DE60212169T2 (de) Laden von software
DE102013005971B3 (de) Schadsoftware-sicheres Datenverarbeitungssystem
EP2793196B1 (fr) Tachygraphe et unité embarquée pour un véhicule utilitaire
DE102013016114B3 (de) Bussystem und Verfahren für geschützte Speicherzugriffe
DE102015210539A1 (de) Speicherschutzeinheit, Speicherverwaltungseinheit und Mikrocontroller
EP1917587B1 (fr) Procede et dispositif pour commander un systeme informatique

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20151020

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20180711

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20181122