GB2114331A - Program storage hardware - Google Patents
Program storage hardware Download PDFInfo
- Publication number
- GB2114331A GB2114331A GB8236388A GB8236388A GB2114331A GB 2114331 A GB2114331 A GB 2114331A GB 8236388 A GB8236388 A GB 8236388A GB 8236388 A GB8236388 A GB 8236388A GB 2114331 A GB2114331 A GB 2114331A
- Authority
- GB
- United Kingdom
- Prior art keywords
- address
- addresses
- dummy
- offset
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000004044 response Effects 0.000 claims abstract description 10
- 239000003607 modifier Substances 0.000 claims abstract description 7
- 238000000034 method Methods 0.000 claims description 14
- 230000000295 complement effect Effects 0.000 claims description 8
- 102100039250 Essential MCU regulator, mitochondrial Human genes 0.000 description 10
- 101000813097 Homo sapiens Essential MCU regulator, mitochondrial Proteins 0.000 description 10
- 238000012545 processing Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 229940036310 program Drugs 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C17/00—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards
- G11C17/14—Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
A computer generally includes a program storage device for storage in memory of program or other information. The software or program may be expensive to produce yet can be copied without undue difficulty from the storage device. A program storage device is provided which does not output an address, as part of an instruction, if it is an address within the device. The data output from a programmable read only memory (PROM) (1) is output to a data modifier (3) where in response to controller (4) it is changed to a dummy address for output. Information to reconstitute the address is held in a stack (6) then when the dummy address returns the controller (4) causes an offset adder (2) to restore the original address. Steps can be taken to deal appropriately with conditional instructions and relative instructions. <IMAGE>
Description
SPECIFICATION
Improvements relating to program storage hardware
This invention relates to program storage devices and especially although not exclusively to, read-only memory (ROM) devices. The invention particularly relates to such devices for use with computers, the word computer being broadly interpreted as electro- nic circuits operative in response to a predetermined stored program for computation or control or the like.
Frequently, the development of a program or other information, for storage in memory devices, and subsequent marketing incurs considerable cost.
Obviously, unauthorised access to the device contents allows copying and consequent diminution of the market value of the memory device. Simple listing of the program device contents by incrementing the address bus thereof may be obviated by utilization of a sequence of legal access steps.
Nevertheless, techniques have been devised by means of which it is possible to derive, from such a
ROM device, information as to its contents.
It is an object of this invention to provide an improved program storage device featuring greater security of the device contents, whilst maintaining conventional techniques of both device usage and programming.
According to one aspect of the invention there is provided a program storage device for a computer, the device including means capable of falsifying output data and further including complementary systems capable, in response to false inputs occuring as a consequence of said false output data, of correcting said false inputs.
In a preferred embodiment the program storage device contains an addressed array that may hold data and the known inaccuracy may be created in output program data contents including references to addresses. Furthermore, the inaccuracy may be created in the referenced address, to replace it with a dummy address, which inaccuracy is corrected when said dummy address is accessed.
In a sequence of instructions stored at addresses in a program storage device, referals between different addresses is a common occurrence. If simple listing of the sequence within the storage device and hence the address contents is eliminated, then study by an external operator, of the instructions in operation, may indirectly reveal the contents of the devices addresses. However, by making it appear to the external operator that referals to addresses are in fact referals to a single address, little information about the sequence of instructions may be gleaned by external study.
Consequently all call addresses and jump addresses appearing in the output program data sequence are made inaccurate by replacement with a dummy address. The difference or offset between the actual call or jump address and the dummy address is retained and subsequently added to the dummy address when the device is accessed at the dummy address. It is apparent that utilization of the stored sequence in the device should appear to be standard to a device user.
For a better understanding of the invention and to show how it may be carried into effect, reference will now be made by way of example only, to the accompanying drawing, the single figure of which illustrates a program storage device of the invention
A program storage device 10 comprises a programmable read-only memory (PROM) section 1 connected through a data modifier 3 to a data bus 7.
A sequence decoder and controller 4 monitors the sequence of data from the PROM section to the modifier and may cause the modifier to act on the data as required. If for example a jump to address xxxx is to form part of the program data sequence relayed from the PROM section, then the controller 4 detects this and causes modifier 3 to replace address xxxx with a dummy address DDDD before the data sequence appears at data bus 7. The offset, being the difference between xxxx and DDDD, is relayed to an offset stack 6.
When a processing unit (not shown), for example a Z80 manufactured by Zilog Inc., California, acts on that part of the sequence instructing it to jump to address DDDD, dummy address DDDD appears at an address bus 8 of the device 10. This address is relayed to an offset address adder 2 connected to controller 4, which monitors for the dummy address.
When this dummy address appears, the controller causes offset stack 6 to transfer the contents at the bottom of the stack to the adder 2. Addition of this value to the dummy address recovers the actual address required, xxxx. The actual address is subsequently relayed to the PROM section, where the contents of that address proceed towards the outut bus7.
In operation the device 10 may initially be user programmed, verified and erased except for an address at the top of the PROM section 1, which is allocated as a control word. All routines within the
PROM section are arranged by the user to be able to be called by an external source only through access to a jump table located at the bottom addresses of the PROM section. This table consists of a number of, jump directly to address xxxx statements, and the table may for example hold up to 32 instructions.
Utilization of such tables is good programming practice and the requirement for this table encourages better programming techniques.
Typically an area near the top of the PROM section is designated free PROM, which may be accessed directly and may hold tables or messages as required. A section 5 acts as an address decoder, to sense if the external source is requesting access to this free PROM area.
Conventional programming and chip enable contact is maintained between the processing unit, the controller 4 and the PROM section 1. The program storage device 10 is thus compatible with a simple
PROM device and is substantially indistinguishable from such a device to the processing unit.
It is arranged that when programming of the
PROM section is complete, the least significant bit of the control word mentioned herein above may be programmed, resulting in a fusible link within the controller 4 breaking, initiating it to modify data as described hereinabove. Consequently verification of the stored program data is prohibited. F.urthermore if further verification is attempted the controller is arranged to alter the data bus to output all '1's.
Therefore the device may be accessed only within the jump table, the designated free PROM area or naturally as determined by the output data sequence. This will normally be at the address one above the last access address. Clearly multiple accesses of the same address are also allowed.
Therefore, when an address within the jump table is accessed, the jump to address xxxx statement is made incorrect by replacement with address DDDD before the statement arrives at the data bus 7. The offset between xxxx and DDDD is retained and added back to the address DDDD when it appears at address bus 8. Consequently to a person studying the device 10, all instructions within thejump table have as their address destination, address DDDD. It will be apparentthat many forms of dummy addressing may be utilized.-ln addition random jumps to address DDDD may be added between valid-prog- ram code.
To illustrate further the embodiment described hereinbefore, the operation of the device for a number of instruction statements will .be illustrated.
When a direct absolute jump statement appears within the output from PROM section 1, the-control- ler detects the characteristic code-co.mmand for a direct absolute jump statement and examines the destination address to check for its location -within the device 10. If it is located therein then the dummy address is substituted for the destination address and the offset evaluated and ~later added to .the dummy address by address adder 2 when the dummy address-appears at the address but 8; the correct-destination address proceeding -through to the PROM section 1.If the address destination is external to the device 10, then when the dummy address is accessed the correct address is again calculated, but in this instance the controller 4 substitutes a direct absolute jump characteristic code followed by the correct address, which is relayed to data bus 7. It will be apparent that a slight delay is incurred for external jumps, resulting from this extra instruction.
A conditional absolute jump statement produces an-absolute jump-that is conditional on an external flag being set. Again, the controller detects the characteristic code command, substitutes the dummy address for the correct destination address and calculates the offset. Subsequentlythe controller monitors address accesses at the -address bus 8.
When the external condition -is met, the following access will be to the.dummy-address and the offset is therefore added to recover the correct destination address as hereinabove. However, should the next address accessed be the previous access address plus one, which isellowable, then the-condition has clearly notbeen met and the offset is discarded, since the conditional absolute jump statement will recur as required. It will be apparent to those skilled in theart, the sequence of events that is followed when the destination address is either internal to device 10 or external to device 10.
In the case of a direct relative jump wherein the destination address of the jump is the present address + xx where xx is t 128, the problem arises that the dummy address may be located more than 128 addresses from the present address. Consequently when a direct relative jump characteristic code command is monitored by the controller in
PROM section output, it replaces, the code with that for a direct absolute jump and the destination address with the dummy address. The offset is evaluated from the difference between, the original present address plus the relative jump xx, and the dummy address. The offset is added to the dummy address when it is accessed in order that the correct destination address is relayed to the PROM section.
Naturally a slight delay results from this method of treating direct relative jumps since the original two byte instruction has been replaced with a three byte one.
A further instruction type is a conditional relative jump statement, which follows the direct relative jump procedure outlined above, only when an external condition is met. When the controller, monitoring PROM section output, detects the characteristic code command of the conditional relative jump, it replaces the command with a conditional absolute jump having a destination address located at the dummy address, and employs the procedure appropriate to that command. The offset, it is clear, will be calculated according to the method outlined for direct relative jumps. Clearly a problem may arise if the external condition is not met, that is to say, if the following access address is not the dummy address, because a two byte instruction has been replaced with a three byte one.Consequently, the processor program counter will have advanced by one too many, necessitating the offset addresss to be decremented.
An absolute call statement, to call a routine at an address xxxx is treated in a similar manner to a direct absolute jump statement - the call address is replaced with the dummy address and an offset evaluated accordingly. It will be apparent that if dummy addresses are already in use, the respective offsets must not be lost. They are therefore stored in the offset stack 6 to be recalled in due course when a return command appears. This procedure allows -multiple calls within calls to be handled, limited only by the length of the stack. In the event that the address referred to by the call command is located outside the device 10, the offsets stored remain unchanged until the return command of the call routine appears.
The treatment of a conditional call statement is analogous to that for conditional jumps. The conditional call is replaced with an absolute call to a dummy address, the command is only utilized if the controller monitors the next access at the dummy address, that is to say, the condition has been met.
The procedure may be interrupted, and execute completely different procedures, for example calling routines. Provided the interrupt command exits by a return instruction the correct offset is maintained, since when the device is accessed via the jump table, the existing offset is stored on the stack. Similarly, it is important to employ the jump table for the statement type, "jump to an address defined by the contents of a register", otherwise access will be denied by the controller as illegal. It will be apparent that the jump may be handled as disclosed hereinbefore.
A further statement type involves a relative jump by x when a decrement register becomes zero. The controller may handle this by replacing the jump by x, with a zero jump. Clearly monitoring of the following access address indicates whether the decrement register is zero. When it is, the actual jump may dealt with in the same way as a relative jump above. Similarly a conditional return statement may be replaced with a conditional jump to address
DDDD. If the next address is to the dummy address, a return statement is supplied by the controller and the correct offset evaluated from the stack contents.
Naturally the controller must on occasions respond very rapidly. Do nothing instructions may be inserted as required to increase available time for response, however the offsets must be decremented. The device of the invention should run at approximately processor speeds and may require very slight variation in programming techniques which will be apparent, in the specific circumstances in which they occur, to those skilled in the art. It will be apparent that the preferred program storage device should be constructed as a single chip, thereby preventing access to the transfer routes between the data modifier and its associated components, and the offset adder and its associated components.
As mentioned hereinbefore, in normal program operation the device will be indistinguishable from a simple PROM. However a program stored within a program storage device of the invention will therefore appear as a large series of segments starting from the dummy address, thereby safeguarding the contents against copying and use in alternative equipment.
Furthermore, since the controller monitors the sequence of instructions received, the device can detect attempts to read the program stored therein as opposed to simply running it. Defensive steps such as the output of all 1's may be taken in response to detection of such attempts.
It will be understood that the embodiment illustrated shows an application of the invention in one form onlyforthe purposes of illustration. In practice the invention may be applied to many different configurations, the detailed embodiments being straightforward for those skilled in the art to implement.
Claims (19)
1. A program storage device for a computer, the device including means capable of falsifying output data and further including complementary systems capable, in response to false inputs occurring as a consequence of said false output data, of correcting said false inputs.
2. A device according to Claim 1 which includes an addressed array adapted to hold data and to output, as required, data including references to addresses, wherein the means capable of falsifying output data is adapted to create a predetermined inaccuracy in at least some of said references to addresses.
3. A device according to Claim 2 wherein said complementary systems are adapted to operate on false inputs including said references to addresses to remove said predetermined inaccuracy.
4. A device according to either Claim 2 or Claim 3 wherein the means capable of falsifying output data is adapted to operate in response to a referenced address to replace it with a dummy address and the complementary systems are adapted in response to the dummy address to correct it to the last referenced correct address.
5. A device according to Claim 4 in which the same dummy address is used irrespective of the identity of the referenced address.
6. A device according to either Claim 4 or Claim 5 including a supplementary system adapted to hold an offset derived from the difference between the dummy address and the referenced address and to provide said offset to the complementary circuits when required for correction.
7. A device according to Claim 6 in which the supplementary system includes an offset stack.
8. A device according to Claim 6 or Claim 7 in which the complementary circuits are adapted to combine the dummy address portion of the false in put with the respective offset to recover the respective referenced address.
9. A device according to any of Claims 6 - 8 in which the means capable of falsifying output data is adapted to distinguish between absolute and conditional instructions and to cooperate with the complementary circuits to discard the offset if the condition is not satisfied.
10. A device according to any of Claims 4 - 9 in which the output data includes the referenced address in the form of an address relative to another address wherein the means capable of falsifying the output data is adapted to provide the said dummy address identified as an absolute address and to cooperate using the complementary circuits so that the correct destination address is derived from the dummy address.
11. A device according to any of Claims 4 - 10 in which the means capable of falsifying output data is adapted to distinguish between addresses within the device itself and addresses external thereto and to falsify only the addresses within the device.
12. A program storage device for a computer, the device being substantially as herein described with reference to the accompanying drawings.
13. A program storage device for a computer, the device including an addressed array adapted to hold data and output, as required, data including referenced addresses and circuits adapted to act on received instructions including those of said addresses which are within the device, wherein the device includes means for changing the referenced addresses, in the output data, which are within the device to a dummy address and means for retaining informa tion about said change and for correctly interpreting the dummy addresses in received instructions in terms of the referenced addresses.
14. A program storage device for a computer, the device including a read only memory, a data bus adapted to receive and transmit output data from the read only memory, a sequence decoder and controller adapted to monitor the output of the read only memory, a modifier adapted to operate on the said output prior to receipt by the data bus in response to instruction from the decoder and controller to replace selected addresses included therein with a dummy address, an offset stack adapted to retain and output as required an offset derived from the difference between the dummy address and a respective selected address, an address bus adapted to receive addresses included in instructions to the device, and an offset adder circuit adapted to receive the offset from the offset stack in response to instructions from the decoder and controller and to convert a dummy received address to the respective selected address for control input to the read only memory.
15. A device according to Claim 14 in which the read only memory is a programmable read only memory.
16. A device according to Claim 15 including means which, afterthe memory has been programmed, is changeable to a form in which the said replacement of selected addresses by the dummy address is operable.
17. A method of operating a program storage device for a computer, which provides output data including reference addresses, wherein at least some of those addresses which are within the device are changed prior to output to a dummy address and when received at the device the dummy address is changed back to the respective reference address
18. A method according to Claim 17 in which the device stores an offset derived from the difference between the dummy address and a respective reference address and uses the offset to reconstitute the respective reference address as required.
19. A method of operating a program storage device for a computer, the method being substantial- ly as herein described with reference to the accompanying drawing.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8200274 | 1982-01-06 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB2114331A true GB2114331A (en) | 1983-08-17 |
| GB2114331B GB2114331B (en) | 1985-10-09 |
Family
ID=10527481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB8236388A Expired GB2114331B (en) | 1982-01-06 | 1982-12-22 | Program storage hardware |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2114331B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2545244A1 (en) * | 1983-04-29 | 1984-11-02 | Philips Nv | MEMORY UNIT COMPRISING A MEMORY AND A PROTECTION DEVICE |
-
1982
- 1982-12-22 GB GB8236388A patent/GB2114331B/en not_active Expired
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2545244A1 (en) * | 1983-04-29 | 1984-11-02 | Philips Nv | MEMORY UNIT COMPRISING A MEMORY AND A PROTECTION DEVICE |
| GB2140592A (en) * | 1983-04-29 | 1984-11-28 | Philips Nv | Memory unit comprising a memory and a protection unit |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2114331B (en) | 1985-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4519036A (en) | Program storage hardware with security scheme | |
| US5860099A (en) | Stored program system with protected memory and secure signature extraction | |
| EP0402683A2 (en) | Method and apparatus for updating firmware resident in an electrically erasable programmable read-only memory | |
| JPH0196747A (en) | Data processor | |
| EP0735488B1 (en) | Multi-program execution controlling apparatus | |
| JPS6133218B2 (en) | ||
| US5842012A (en) | Efficient soft reset in a personal computer | |
| US10606771B2 (en) | Real time stack protection | |
| CA2551045C (en) | Input-output control apparatus, input-output control method, process control apparatus and process control method | |
| GB2114331A (en) | Program storage hardware | |
| KR20010078371A (en) | Privilege promotion based on check of previous privilege level | |
| JPS599937B2 (en) | information processing equipment | |
| US11256631B1 (en) | Enhanced security via dynamic regions for memory protection units (MPUs) | |
| JPH09198258A (en) | Task stack overflow detecting circuit | |
| EP0864983A2 (en) | Computer system including memory adress management circuit for protecting memory from illegal writing | |
| GB2140592A (en) | Memory unit comprising a memory and a protection unit | |
| US20050144408A1 (en) | Memory protection unit, memory protection method, and computer-readable record medium in which memory protection program is recorded | |
| JPS6329846A (en) | Protecting system for interruption vector table | |
| US20240168793A1 (en) | Methods and Systems for Checking Container Applications on a Host System for Manipulation | |
| KR950000551B1 (en) | Control unit and method of protecting computer virus | |
| GB2324179A (en) | Preventing access to a hard disc in a computer on booting-up from a floppy disc | |
| JPS5663652A (en) | Information processing unit | |
| JPH05334195A (en) | Information processor | |
| JPH04205144A (en) | Microprocessor | |
| JPH01180656A (en) | Memory protecting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 746 | Register noted 'licences of right' (sect. 46/1977) | ||
| 732 | Registration of transactions, instruments or events in the register (sect. 32/1977) | ||
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 19921222 |