JP2008071250A - Access control device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To protect a program logic of a user who has developed a program library, from illegal use by giving variability in password authentication in debugging when carrying out debugging using an ICE (in-circuit emulator). <P>SOLUTION: An information processor having an emulator and decoding an encrypted program code into a memory, has a table register extracting and storing control data from the program code after decoding the program code, and a control circuit for controlling permission or prohibition of data transfer from the emulator to a central processing unit. The control circuit compares an address for accessing the memory by the emulator through the central processing unit, with data of address space on the memory of the program code determined by data stored in the table register, and prohibits data transfer from the emulator to the central processing unit when in agreement. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information processing apparatus for protecting data stored in a built-in ROM from unauthorized access during debugging by a debugger connected to the emulator circuit in a processor including an emulator circuit.

  In recent years, image processors have been speeded up, and sufficient performance has been obtained even when complicated image processing or the like processed using dedicated hardware is processed by software. Not only that, image processing technology by software has advanced, and it has become possible to easily perform flexible processing and change of processing contents that cannot be done with dedicated hardware at low cost.

  At the same time, there is an increasing need for a device capable of debugging the operation of software to be developed in the software development stage of the processor. This is because the characteristics of the processor can be grasped by creating a program at the initial stage of software development, and a program code that makes use of the characteristics of the processor can be created.

  As an apparatus for debugging, devices using ICE (In Circuit Emulator) are widely used as in the case of general microcomputers. The ICE main body has an ICE interface used for connection to a personal computer (hereinafter referred to as a PC) and an emulation interface used for connection to a processor (see FIG. 6).

  The ICE main unit executes a program for the processor (CPU) 2 according to an instruction from the PC (ICE debugger) 14, dumps the contents of the memory mounted on the target board, performs step execution to execute the program one instruction at a time, Emulator functions such as a break to stop at a predetermined address and a program trace to see the program execution trajectory can be used. As a result, it becomes possible to refer to the internal memory and analyze the execution trajectory of the program for the processor 2 connected to the ICE 8, and to develop, debug, and analyze the failure of the program.

  By using such an ICE function, information stored in the internal ROM of the processor may be easily read out of the processor. In other words, this makes it possible for unspecified users other than specific users to refer to and analyze highly confidential programs stored inside the processor, and to leak program logic to be protected. And the falsification of information occurs.

  As a technique for solving the above problem, there is an invention disclosed in Patent Document 1. The information processing apparatus disclosed in Patent Document 1 protects information stored in a ROM (Read Only Memory) from unauthorized access by a debugging tool provided outside, and is provided with a pre-registered code and the outside. The debug function by ICE is validated only when the passwords are verified and they match. However, even in this information processing apparatus, once the password of the debugger is decrypted, all the information inside the processor can be read from the ICE and output to the outside, resulting in a problem that security is eventually weakened.

  Another problem is that the processing contents of the program library existing in the program are known to unspecified users, and thus the program logic is illegally stolen. Here, the program library is an encrypted program code for performing processing such as unique high-speed image processing. As shown in FIG. 7, an unspecified user can call and use a program library in a program created by the user like a C language function.

  Developers who provide program libraries usually allow unspecified users to use them. However, since the developer does not want to illegally steal the program logic because the internal detailed algorithm is known, the developer encrypts the program code itself.

  However, when the program library is downloaded to the main memory inside the processor, it is expanded into a non-encrypted program by a decryption circuit (see FIG. 1) in the processor. For this reason, if the user is given the authority to use the debugger even once, the user can use the debugger to take out the processing contents of the unencrypted program library in the main memory. . For this reason, the developer's program logic (code) cannot be fully protected.

  Furthermore, when a program library developed by two or more developers is expanded and stored in a memory, there is a problem that access authority for each developer library must be managed.

  When a program is created using a plurality of program libraries, the program code stored in the storage area of the processor is managed as shown in FIG. 8, for example. First, the program library created by developer A is stored unencrypted at address 0 of the storage area, and then the program library (processing B) created by a general user is stored at address 1 and address 2 is stored at address 2. In addition, the program library created by the general user (Processing C), and the program library created by the developer B is stored unencrypted at the last address 3.

  Here, when a general user uses ICE, a storage area that may be accessed from ICE is other than address 0 or address 3. However, when the developer B uses ICE, it is necessary to make the address 3 accessible in addition to the storage area that the general user may access.

In the information security microcomputer described in Patent Document 2, when the ICE accesses to read the internal data of the information processing apparatus, it is determined whether or not the access is permitted by the authentication program. When access that cannot be authenticated is performed, the function of the information processing apparatus is stopped. Further, the processor described in Patent Document 3 has a 1-bit security bit at all address addresses of the memory circuit. If the security bit at an address address of the memory circuit is turned ON, the data at the address address becomes inaccessible from the central processing unit. If the security bit of the memory circuit is turned OFF, the data at the address address becomes central processing unit. It becomes accessible from. Patent Document 4 discloses a signal for controlling a circuit for masking access from the central processing unit to the memory and access from the debugger to the central processing unit. Furthermore, Patent Document 5 discloses a technique for providing an authentication function for determining whether or not to permit use of a debug function to an electronic device. The authentication code used in the authentication function is a user code received from the external storage device.
JP 2000-347942 A JP 2004-213216 A JP 2005-25122 A JP 2005-309758 A JP 2003-177938 A

  An object of the present invention is to provide a mechanism for protecting the program logic of a user who has developed a program library from illegal theft by providing variability in password authentication during debugging when debugging using ICE. And

The present invention has been made to achieve the above object. The information processing apparatus according to claim 1 according to the present invention includes:
An information processing apparatus that includes an emulator that emulates a program and decrypts and downloads an encrypted program code to a memory. In such an information processing apparatus,
A table register for extracting and storing control data from the program code after decoding the program code;
A control circuit that controls permission or prohibition of data transfer from the emulator to the central processing unit;
The control circuit compares the address at which the emulator accesses the memory via the central processing unit and the address space determined by the data stored in the table register. Control is performed to prohibit data transfer to the processing device.

An information processing apparatus according to claim 2 according to the present invention includes:
The table register has a plurality of block registers, and the memory is divided into a plurality of block areas for each block register,
2. The information processing apparatus according to claim 1, wherein the control circuit controls permission or prohibition of data transfer from the emulator to the central processing unit for each block area.

An information processing apparatus according to a third aspect of the present invention includes:
The block register stores authentication key data,
The control circuit compares the authentication data included in the signal from the emulator with the data of the authentication key, and controls to permit data transfer from the emulator to the central processing unit if they match. The information processing apparatus according to claim 2.

An information processing apparatus according to a fourth aspect of the present invention includes:
A trace memory for storing an execution history in the central processing unit;
The control circuit compares the address at which the emulator accesses the trace memory and the address space determined from the block register. If the two match, the output signal from the emulator to the trace memory and the trace memory 3. The information processing apparatus according to claim 2, wherein control is performed so that an input signal to the emulator is invalidated.

  By utilizing the present invention, the emulator can be prohibited from accessing a memory area having an address space determined from data stored in the table register. Further, since the address space determined by the data stored in the table register is determined by a part of the program code developed by the user, the memory address space where memory access from the emulator is prohibited is the program. It can be determined in the code. As a result, it is possible to prohibit unspecified users from accessing the memory using the emulator and taking out the program code downloaded to the memory. It is not known to unspecified users.

  Further, by utilizing the present invention, the table register includes one or more block registers, and each can set an address space. As a result, the emulator can be prohibited from accessing a plurality of address spaces.

  In addition, by using the present invention, each of a plurality of block registers in the table register can hold an authentication key, thereby enabling unique authentication for each area in which control from the emulator is managed. Necessary. That is, when program data developed by a plurality of developers is stored in the memory (see FIG. 8), it is necessary to input a unique authentication key from the outside in order to access the program data of each developer. Therefore, it is possible to prevent unauthorized theft of program logic on a developer basis.

  Furthermore, the history of the program code executed by the central processing unit is stored in the trace memory in the information processing apparatus. By analyzing the trace memory by an unspecified user, the program logic stored in the main memory ( However, by using the present invention, it is possible to limit the extraction of data in the trace memory from the emulator.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.

<< First Embodiment >>
FIG. 1 is a block diagram of an information processing apparatus 1 according to the first embodiment of the present invention. The information processing apparatus 1 is connected to a central processing unit 2, an internal storage device 4 in which instruction codes (program codes) for the central processing unit 2 are stored, and an external ICE debugger 14. The emulator 8 for providing the control, the control circuit 6 for controlling the access from the emulator 8 to the central processing unit 2 and the trace memory 18, the table register 10, and the decryption for decrypting the encryption program sent from the external storage device The circuit 12 is configured.

  The central processing unit 2 shown in FIG. 1 controls a plurality of logical calculation circuits by a control code created by passing data transferred from the internal storage device 4 through an instruction decoder.

  Next, the internal storage device 2 shown in FIG. 1 is a memory circuit having a structure managed by a plurality of addresses. The internal storage device 2 stores program code 16 fetched from an external storage device (hard disk, reambal disk, etc.).

  The emulator 8 shown in FIG. 1 is used in a microcomputer or the like and is called an ICE (In Circuit Emulator). The ICE usually has a function of grasping the states of the central processing unit and the internal storage device and outputting them to the outside, and can issue a control command to the central processing unit and execute arbitrary processing.

  The trace memory 18 shown in FIG. 1 stores the instruction codes executed by the central processing unit 2 in time series. The decryption circuit 12 shown in FIG. 1 includes a logic circuit for decrypting encrypted data, and has a function of receiving the encrypted program code 16 as an input and outputting the decrypted program code.

  The table register 10 shown in FIG. 1 is composed of one or more block registers as shown in FIG. The block register is a register that holds data representing a start address, an end address, a control bit, and an authentication key. The table register 10 extracts the start address, the end address, and the authentication key from the program code output from the decryption circuit 12, and stores them in its own block register.

  As shown in FIG. 4, the control circuit 6 shown in FIG. 1 includes a circuit that takes out the data representing the block register and the part representing the address from the output signal of the emulator 4 (as will be described later) and compares them. The circuit to be compared is configured to output a mask signal if they match by comparison and not to output a mask signal if they do not match.

  Further, the control circuit 6 includes an authentication circuit for validating or invalidating the mask signal as shown in FIG. The authentication circuit includes a circuit for comparing the data 24 representing authentication from the emulator 8 with the authentication key in the block register, and if the two match by the comparison, the mask signal is invalidated, otherwise the mask signal remains valid. Is output to the mask circuit 22 as follows.

  The mask circuit 22 shown in FIG. 5 receives the mask signal output from the authentication circuit. If the received mask signal is ON (valid), the mask circuit 22 invalidates the access signal from the emulator 8 to the central processing unit 2 and the trace memory 18, and masks the mask signal. If the signal is OFF (invalid), the signal is validated.

  Next, a specific data flow will be described.

  The encrypted program code 16 sent from the external storage device shown in FIG. 1 is decrypted by the decryption circuit 12 of FIG. 1 and stored in the internal storage device 4. At this time, the program code decrypted by the decryption circuit 12 has a data structure in accordance with the protocol shown in FIG. 2, and the table register stores data indicating the start address, end address, and authentication key in the protocol. Is done. Program data in the program code is stored from the address of the aforementioned start address of the internal storage device 4 to the address of the aforementioned end address.

  The data stored in the table register 10 is stored in the order in which the block registers in the table register 10 shown in FIG. The start address and end address stored in the block registers Nos. 1 to N are referred to by the control circuit 6 shown in FIG.

  The control circuit 6 shown in FIG. 1 creates data representing an address space with reference to the start address and end address of the block register as shown in FIG. 4, takes out the address portion of the access signal from the emulator, and takes the address portion. And the above address space. The control circuit 6 creates a mask signal if they match, and does not create a mask signal if they do not match.

  Further, when the mask signal is turned on as described above (that is, when the mask signal is generated), the control circuit 6 shown in FIG. 1 refers to the authentication key of the block register as shown in FIG. The authentication data part included in the access signal from is taken out, and the authentication key and the authentication data part are compared. If they match, the mask signal is invalidated. If they do not match, the mask signal remains valid. The mask signal that remains valid invalidates the output signal from the emulator 8 to the central processing 2. On the contrary, if the mask signal is invalid, the output signal from the emulator 8 to the central processing 2 is validated as it is.

  When the emulator 8 accesses the trace memory 18, the control circuit 6 takes out the address portion of the access signal from the emulator 8, and the address portion and the start address and end address of the block register as shown in FIG. 4. Is compared with the address space data created by referring to. If they match, a mask signal is created, and if they do not match, a mask signal is not created. When the mask signal is turned on (when the mask signal is generated), the authentication data portion included in the access signal from the emulator 8 is extracted by referring to the authentication key of the block register as shown in FIG. Compare the authentication data part. If they match, the mask signal is invalidated. If they do not match, the mask signal remains valid. The mask signal that remains valid invalidates the output signal from the emulator 8 to the trace memory 18 and the input signal from the trace memory 18 to the emulator 8. On the contrary, if the mask signal is invalid, the output signal from the emulator 8 to the central processing 2 is validated as it is.

<< Other Embodiments >>
In the information processing apparatus 1 according to the first embodiment of the present invention, the program code is stored in the external storage device. As shown in FIG. 9, this program code is stored in an internal storage device 4 (such as a ROM), and a start address, an end address, and an authentication key may be extracted in advance and stored in a block register in the table register 10. .

  Further, even when the information processing apparatus 1 shown in FIG. 1 includes a storage device other than the internal storage device 4 accessible from the emulator 8, the access authority from the emulator 8 can be controlled.

1 is a block diagram of an information processing apparatus according to a first embodiment of the present invention. It is a conceptual diagram which shows the protocol of the data structure which the program code decoded by the decoding circuit has It is a conceptual diagram which shows the relationship between a table register and a block register. It is a block diagram which shows a part of function of a control circuit. It is a block diagram which shows a part of function of a control circuit. It is a block diagram which shows the relationship between the debugger for ICE and the information processing apparatus which concerns on 1st Embodiment. It is a figure which shows a part of function of a program library. 7 is a table showing a mechanism for managing program codes on a memory when a program is created using a plurality of program libraries. It is a block diagram of the information processor concerning another embodiment of the present invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Information processing apparatus, 2 ... Central processing unit, 4 ... Internal storage device, 6 ... Control circuit, 8 ... Emulator (ICE), 10 ... Table register, 12. ..Composite circuit, 14 ... ICE debugger.

Claims (4)

In an information processing apparatus that has an emulator that emulates a program and decrypts and downloads the encrypted program code to a memory,
A table register for extracting and storing control data from the program code after decoding the program code;
A control circuit that controls permission or prohibition of data transfer from the emulator to the central processing unit;
The control circuit compares the address at which the emulator accesses the memory via the central processing unit and the address space determined by the data stored in the table register. An information processing apparatus that performs control so as to prohibit data transfer to a processing apparatus. The table register has a plurality of block registers, and the memory is divided into a plurality of block areas for each block register,
2. The information processing apparatus according to claim 1, wherein the control circuit controls permission or prohibition of data transfer from the emulator to the central processing unit for each block area. The block register stores authentication key data,
The control circuit compares the authentication data included in the signal from the emulator with the data of the authentication key, and controls to permit data transfer from the emulator to the central processing unit if they match. The information processing apparatus according to claim 2. A trace memory for storing an execution history in the central processing unit;
The control circuit compares the address at which the emulator accesses the trace memory and the address space determined from the block register. If the two match, the output signal from the emulator to the trace memory and the trace memory The information processing apparatus according to claim 2, wherein control is performed so as to invalidate an input signal to the emulator.

Images