EP2984572A1 - Système de traitement de données anti logiciels malveillants - Google Patents
Système de traitement de données anti logiciels malveillantsInfo
- Publication number
- EP2984572A1 EP2984572A1 EP14715865.3A EP14715865A EP2984572A1 EP 2984572 A1 EP2984572 A1 EP 2984572A1 EP 14715865 A EP14715865 A EP 14715865A EP 2984572 A1 EP2984572 A1 EP 2984572A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- processor
- memory
- access
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/10—Program control for peripheral devices
- G06F13/12—Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
- G06F13/122—Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor where hardware performs an I/O function other than control of data transfer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Definitions
- the present invention relates to a data processing system having the features of the preamble of claim 1.
- Electronic data processing systems are complex structures for solving data processing tasks. They are composed of subsystems whose interaction enables the task to be fulfilled. Important subsystems are: a) the instrumental components: hardware, software, firmware (microprogramming), orgware (organizational knowledge) and b) the application side components: tasks, users,
- a control unit Underlying the architecture: a control unit, an arithmetic unit, a memory, an input unit and an output unit.
- the central unit is the main memory and the main processor, which contains the control and calculator.
- the main processor carries information from the
- Main memory in its own registers and back via a bus system, which consists of a bidirectional instruction bus and a bidirectional operand bus.
- bus system which consists of a bidirectional instruction bus and a bidirectional operand bus.
- both buses carry information that is interpreted as instructions or operands depending on the bus considered.
- the transported data are determined by their respective address.
- Both buses usually have access to the same memory areas.
- malware can execute unwanted and potentially harmful functions within the computer system in the form of computer programs by the user. Malware benefits from the
- Hardware architecture commercial computer in that they come in the form of operands or modified instructions in the memory areas and from there via the instruction bus to the processors in which they cause their harmful effect.
- This process has as its main disadvantage that it is the creations of the creators of
- a data processing system comprises at least one
- Main processor at least one permanent data storage and
- At least one main processor is connected to at least one input / output hardware (interface), and wherein the at least one main processor communicates with the at least one
- Main memory communicates via at least one instruction bus and via at least one operand bus and communicates bidirectionally separately with the at least one permanent data memory provided with at least one loading processor which communicates bidirectionally with at least one permanent software memory and at least one external software memory and which communicates with the at least one main memory via at least one instruction bus and at least one
- Main processor communicates, wherein the communication between the at least one main processor and the at least one random access memory via the at least one instruction bus and the at least one
- Operand bus takes place, the communication between the at least one loading processor and the at least one main memory via the at least one instruction bus and the at least one operand bus, both the communication between the at least one main processor and the at least one input / output hardware and the at least one permanent data memory as well as the communication between the at least one loading processor and the at least one external one
- Software memory and the at least one permanent software storage are controlled by access attributes. Due to the presence of the main processor and the separate charging processor, the
- the data in the at least one main memory are categorized according to data categories, wherein in
- main processor access attributes for the at least one main processor and load processor access attributes for the at least one loading processor, and wherein data of the same data categories are the same
- Main processor and load processor may be different to the same data category.
- the following data categories are preferably provided: address data, instructions, function-internal data, target data of the at least one
- Main processors main processor target data
- target data of the at least one loading processor loading processor target data
- the at least one main processor has no access to the at least one permanent software memory, access to the at least one
- Charge processor target data of the at least one charging processor has.
- the at least one loading processor has access to the at least one external software memory and that this is limited to the access mode "read” and has access to the at least one permanent software memory and this in the access modes
- Main processor target data of the at least one main processor.
- the data processing system comprises a media processor which communicates via at least one instruction bus and at least one operand bus in each case bidirectionally with at least one separate main memory for media data, wherein the media processor has its own has permanent media data storage with which it communicates bidirectionally, and where the Media processor with its own input / output hardware (interface) is connected.
- the bidirectional access of the main processor to the media data via the operand bus enables the computer system to securely execute software made available to media.
- the data processing system is applicable.
- the main processors can be used independently of one another, each main processor having a memory for main processor target data which is permanently assigned to it
- Arrangement can be realized, for example, a computer system with "red-black separation".
- main processors are used independently, all the main processors having common memory for main processor target data with access attributes "Write” and "Read".
- the shared memory for common target data for controlled data transfer does not exist here and is replaced by a shared memory for all main processor target data.
- an external reading device for reading software is provided in the main memory and that the reading device is controlled by the at least one charging processor, wherein the at least one charging processor with the external reading device for software forms an interface that physically so is set up that conventional
- Data carriers for data carriers can not be operated so that inadvertent loading of software is prevented.
- An external reader may be desirable, for example, in organizations where the same computing equipment is required in terms of software.
- Charger is connected to the computer system.
- the data categories may be preferable for the data categories to have functionally internal data (13) and
- Loading processor target data (15) are assigned to the same physical memory.
- a computer program implementing programs executing on the von Neumann architecture or the Harvard architecture is preferably provided, the conversion taking place in such a way that the data categories are created and generated as data segments which are generated by the
- Data processing systems according to the invention can be processed.
- FIG. 1 shows a block diagram of a Von Neumann hardware architecture
- Fig. 2 is a block diagram of an inventive arrangement with
- 3 is a block diagram of the inventive arrangement with additional media processor
- Fig. 4 is a block diagram of an inventive arrangement with
- Fig. 5 is a block diagram of an inventive arrangement with
- Fig. 6 is a block diagram of an arrangement according to the invention with two independent main processors, each main processor communicating with dedicated main memory destination data memory and both
- FIG. 7 shows a block diagram of an arrangement according to the invention with two independent main processors, wherein the
- Major processors have shared memory for main processor target data.
- Fig. 1 shows the prior art in the form of a block diagram.
- the illustrated von Neumann hardware architecture consists of a
- Main processor 1 a random access memory 2, a permanent one
- Data memory 3 an input / output hardware 4 and a bus system 50.
- bus system 50 a distinction is made between instruction bus 60, which transmits the instructions and operand bus 70, which transmits the operands.
- the main processor 1 communicates bidirectionally with the main memory 2 via the bus system 50. Furthermore, the main processor 1 has bidirectional access to the permanent data memory 3.
- Fig. 2 is an embodiment of the invention
- the loading processor 8 communicates bidirectionally with its own permanent memory 9 for storing software and its own external software memory 10. Both processors are connected via a respective bus system 50, 51 in conjunction with a main memory 2.
- the bus systems 50, 51 each comprise an instruction bus 60, 61 and a
- Operand bus 70, 71 which the respective processor 1, 8 with the
- Memory 2 connect.
- the memory 2 is divided into five physical memory units. In these are the following
- the main processor 1 and the loading processor 8 have different access rights to the working storage units according to the data categories.
- the bus structure 50, 51 becomes closer with the definitions of the data categories and the access rights
- the first category of data is that of instructions 11.
- Instructions 11 are the smallest pieces of software to be executed by the processors. They are read-only accessible to all instructed processors via their instruction bus 60, 61. Only the loading processor 8 may access instructions 11 via its operand bus 71, which is a prerequisite for loading software. Instructions 11 are generated and loaded as part of the generation of software under quality and configuration control.
- Address data 12 serve to associate values with the addresses of the associated software functions. They are read-only accessible to all processors 1 dependent thereon via their operand bus 70. Only the loading processor 8 may write access to address data 12 via its operand bus 71, which is a prerequisite for loading software. Address data 12 are used in the generation of software under quality and
- Another data category is the function-internal data 13.
- Functional data 13 are part of the software that controls the Functional sequence serve. They are accessible to read and write access for all processors 1, 8 dependent thereon via their operand bus 70, 71.
- In-house data 13 are generated and loaded as part of the generation of software under quality and configuration control.
- Another category is the target data for the main processor 14. This data is not part of the program function, but program functions affect that data. They are for the main processor 1 and additional
- Processors write and read accessible via their operand bus 70.
- the loading processor 8 has no access - neither writing nor reading - to this target data 14. This prevents target data 14 can get in this way in memory areas, the instructions 11 or
- Address data 12 are reserved.
- main memory 2 Furthermore, the main memory 2, the category target data for the
- Target data for the load processor 15 is data that has software functions that do not belong to the software function. They are writable and read accessible only for the loading processor 8 via its operand bus 71. The main processor 1 has no access to this target data 15.
- the loading processor 8 is hierarchically subordinate to the main processor 1. Its instruction bus 61 and operand bus 71 are of those of the main processor 1.
- Main processors 60, 70 separate and independent. He has to fulfill the following tasks:
- the system environment determines the performance of the loading processor 8. For systems with a low number of software loads, eg. B.
- the load processor 8 may be an external component that is connected to the system only for this purpose.
- the main processor 1 fulfills all other intended tasks of the
- the main processor 1 is not in the intended transfer of
- Main processor 1 has access to this data.
- the loading processor 8 has no access to this data, neither writing nor reading.
- non-volatile memory for software 9 are data of the categories
- the loading processor 8 can access this data in writing and reading. No other processor is allowed to access this memory. Access to this Memory 9 is exclusively related to installing and initializing software.
- the permanent software memory 9 is described solely for the purpose of software installation.
- FIG. 3 shows the main component
- the structure has a permanent media data memory 16, a media data memory 17, a media data bus system with instruction and
- Operand bus 62, 72, a dedicated input / output hardware 40 and a media processor 18 for the processing of data and for the execution of software that are made available via media.
- the media processor 18 communicates bi-directionally with the input / output hardware 40 and has no access to the other present memories 2, 3, 9.
- Media data memory 17 has access to only the media processor associated media processor 18 and the main processor 1. Furthermore, only the media associated with the permanent media data store 16
- the computer system is thus able by means of a separate media processor 18 to securely execute the software made available by the media.
- FIG. 4 essentially shows the block diagram from FIG. 2, wherein the external software memory has been replaced by an external software device 19.
- the interface to the external software carrier reader 19 is physically arranged so that conventional disk readers can not be operated thereby preventing inadvertent software loading.
- Applications of this invention are, for example, in embedded systems and in organizations where the same
- FIG. 5 shows next to a main processor 1, which communicates bidirectionally with an input / output hardware 4 and a permanent data memory 3, a memory 2, via a
- Bus system 50 is in communication with the main processor 1 and an external charger 20 for loading software.
- the bus system 50 includes for communication between the main processor 1 and memory 2 a Instruction bus 60 and an operand bus 70.
- the memory 2 is divided into four physical memory units. The following data categories are stored in these: instructions 11, address data 12,
- the main processor 1 and the external charger 20 have different access rights to the data according to the data categories
- the external charger 20 exclusively accesses the instructions 11, address data 12 and function-internal data 13
- the main processor 1 reads the instructions 11 via the instruction bus 60 and the address data 12 of the main memory 2 via the operand bus 70. Furthermore, the main processor 1 can write to and read the function-internal data 13 and the target data of the
- Main processor 14 of the working memory 2 access.
- the external charger 20 represents a separate processor for loading software, wherein the computer system thus equipped does not have its own loading processor and its associated memory. Thus, it does not have the ability to read software directly from external software storage, or to configure software during operation.
- an external device is required in this embodiment, which physically via a corresponding
- Exemplary embodiments are, for example, systems whose software is not configured during operation.
- FIG. 6 shows a first and a second main processor 1, 21, which function independently of each other and which each have a fixed set of associated functional elements.
- the respective main processor 1, 21 is bidirectionally connected to the respective input / output hardware 4, 22 and the respective permanent data memory 3, 23. Furthermore, each main processor 1, 21 has a
- Bus system consisting of instruction and operand bus 60, 63, 70, 73 via which it communicates with the respective main memory 2, 24.
- the respective working memory 2, 24 is physically separated from each other in four
- the loading processor 8 which communicates bidirectionally with an external software memory 10 and a permanent software memory 9, has a bus system consisting of an instruction bus and an operand bus 61, 71. There is also additional memory for the target data of the
- the respective main processor 1, 21 accesses via the respective instruction bus 60, 63 to the instructions 11, 25 and via the operand bus 70, 73 to the address data 12, 26 of the respective random access memory 2, 24 to read. Both read and write the access of the respective main processor 1, 21 takes place on the function-internal data 13, 27 and the target data of the respective main processor 14, 28 in the respective random access memory 2, 24. Bidiretational grab both main processors 1, 21 via their respective operand bus 70, 73 to the memory for transfer data 29 too. On the instructions 11 of the first main processor 1 and the instructions 25 of the second
- Main processor 21 is writing from the loading processor 8 via the
- Operand bus 71 accessed.
- Main processors 1 are read by the instruction bus 61 of the loading processor 8. Via the operand bus 71 of the loading processor 8, the address data 12, 26 and the function-internal data 13, 27 of the respective main processor 1, 21 and target data of the loading processor 15 are bidirectionally accessed.
- This two-processor version allows, for example, the secure transfer of data between networks with different
- the computer systems usually have access to both networks, namely software that has been specially structured and extensively tested for this purpose in order to prevent unintentional or unauthorized data transfers. The same problem occurs in the
- FIG. 7 shows a further embodiment whose block diagram in FIG.
- Main memory for target data of the main processors 30 is present, to which both main processors 1, 21 bidirectionally access via their respective operand bus 70, 73.
- a typical operand bus 70, 73 In this embodiment, a typical
- Target data for the load processor within the in-function data In this case, the data category target data of the loading processor can be dispensed with.
- Data processing system is applicable in principle to all sizes, from mainframes and multiprocessor systems down to mobile devices. It is understood that the inventive
- Data processing system is not limited to the described computer components and number of processors. Depending on the given
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102013005971.2A DE102013005971B3 (de) | 2013-04-09 | 2013-04-09 | Schadsoftware-sicheres Datenverarbeitungssystem |
PCT/EP2014/056190 WO2014166753A1 (fr) | 2013-04-09 | 2014-03-27 | Système de traitement de données anti logiciels malveillants |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2984572A1 true EP2984572A1 (fr) | 2016-02-17 |
Family
ID=50442491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP14715865.3A Withdrawn EP2984572A1 (fr) | 2013-04-09 | 2014-03-27 | Système de traitement de données anti logiciels malveillants |
Country Status (4)
Country | Link |
---|---|
US (1) | US9881169B2 (fr) |
EP (1) | EP2984572A1 (fr) |
DE (1) | DE102013005971B3 (fr) |
WO (1) | WO2014166753A1 (fr) |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6112263A (en) * | 1997-12-15 | 2000-08-29 | Intel Corporation | Method for multiple independent processes controlling access to I/O devices in a computer system |
JP3623379B2 (ja) * | 1998-12-01 | 2005-02-23 | 富士通株式会社 | マイクロプロセッサ |
US6615890B1 (en) * | 2000-06-09 | 2003-09-09 | Venture Tape Corp. | Tape applicator for glazing applications |
US7000092B2 (en) * | 2002-12-12 | 2006-02-14 | Lsi Logic Corporation | Heterogeneous multi-processor reference design |
US8117642B2 (en) * | 2008-03-21 | 2012-02-14 | Freescale Semiconductor, Inc. | Computing device with entry authentication into trusted execution environment and method therefor |
US8478997B2 (en) * | 2010-09-10 | 2013-07-02 | Raytheon Company | Multi-level security software architecture |
-
2013
- 2013-04-09 DE DE102013005971.2A patent/DE102013005971B3/de active Active
-
2014
- 2014-03-27 EP EP14715865.3A patent/EP2984572A1/fr not_active Withdrawn
- 2014-03-27 WO PCT/EP2014/056190 patent/WO2014166753A1/fr active Application Filing
- 2014-03-27 US US14/783,303 patent/US9881169B2/en active Active
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2014166753A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2014166753A1 (fr) | 2014-10-16 |
US9881169B2 (en) | 2018-01-30 |
DE102013005971B3 (de) | 2014-08-28 |
US20160070916A1 (en) | 2016-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE10197121B4 (de) | Neuer Prozessormodus zum Begrenzen des Betriebes von auf einer virtuellen Maschine laufender Gast-Software mit Unterstützung eines Virtuelle-Maschine-Monitors | |
DE10392320B4 (de) | Verfahren und Vorrichtung zum Laden eines vertrauenswürdigen Betriebssystems | |
EP2807558B1 (fr) | Contrôleur de mémoire pour la fourniture de plusieurs secteurs définis d'un support d'enregistrement de masse en tant que mémoire de masse indépendante sur un noyau du système d'exploitation maître en vue de la fourniture exclusive à des machines virtuelles | |
DE2458065C2 (de) | Datenverarbeitungsanlage | |
DE102006061939B4 (de) | Verfahren und Vorrichtung zum Zugriff auf eine speicherabgebildete Vorrichtung durch einen Gast | |
DE102018115670A1 (de) | Technologien für die Ausführung von nicht vertrauenswürdigem Code mit Prozessor-Sandbox-Unterstützung | |
DE102013022299B3 (de) | Schutz globaler Register in einem Multithreaded-Prozessor | |
DE102013200503A1 (de) | Virtualisierungs-Support zum Speichern und Wiederherstellen von Zuständen einer Sprungvorhersage-Logik | |
DE102014003690A1 (de) | Prozessoren, Verfahren und Systeme zur Befehlsemulation | |
DE112013001711T5 (de) | Optimieren von Unterroutine-Aufrufen auf der Grundlage der Architekturebene einer aufgerufenen Unterroutine | |
DE102014003705A1 (de) | Prozessoren, Verfahren und Systeme zur Befehlsemulation | |
DE112011102876T5 (de) | Ressourcenverwaltungs- und Sicherheitssystem | |
DE102014002181B4 (de) | Chip und Verfahren zum Betreiben eines Chips | |
DE112013004065B4 (de) | Integrierte Schaltung | |
DE102018132970A1 (de) | Verfahren und Vorrichtung zur Isolation von sensiblem nichtvertrauenswürdigem Programmcode auf mobilen Endgeräten | |
DE112007003206T5 (de) | Neukonfigurieren eines sicheren Systems | |
DE102011108077A1 (de) | Verfahren zur Speicherplatzverwaltung in einem multitaskingfähigen Datenverarbeitungssystem | |
WO2021122734A1 (fr) | Procédé et dispositif d'exploitation d'un dispositif informatique | |
DE102008050631A1 (de) | Datenverarbeitungssystem | |
DE60212169T2 (de) | Laden von software | |
DE102013005971B3 (de) | Schadsoftware-sicheres Datenverarbeitungssystem | |
EP2793196B1 (fr) | Tachygraphe et unité embarquée pour un véhicule utilitaire | |
DE102013016114B3 (de) | Bussystem und Verfahren für geschützte Speicherzugriffe | |
DE102015210539A1 (de) | Speicherschutzeinheit, Speicherverwaltungseinheit und Mikrocontroller | |
EP1917587B1 (fr) | Procede et dispositif pour commander un systeme informatique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20151020 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20180711 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20181122 |