KR20230071023A - Storage device and operation method thereof - Google Patents

Abstract

Provided is an operating method of a storage device. The operating method of the storage device according to one embodiment comprises: a step of detecting abnormal operation of an HMB located outside of the storage device, during data processing; and a step of updating a security policy applied when the storage device writes the data to the HMB or reads the data of the HMB, when the abnormal operation is detected. Therefore, the present invention is capable of providing the storage device that can enhance security.

Description

Storage device and its operating method {STORAGE DEVICE AND OPERATION METHOD THEREOF}

The present disclosure relates to a storage device and an operating method thereof.

Semiconductor memory includes volatile memory devices such as SRAM (Static Random Access Memory) and DRAM (Dynamic RAM), in which stored data is lost when the power supply is cut off, flash memory devices, PRAM (Phase-change RAM), and MRAM (Magnetic RAM). ), RRAM (Resistive RAM), FRAM (ferroelectric RAM), etc.

As various electronic devices are used by many people and generate a large amount of data, a large amount of resources are required to handle data in a storage device, and a memory of sufficient capacity is required to process a large amount of data. It can be.

However, it can be difficult to implement a storage device with sufficient resources due to various issues such as cost, device size, design limitations, and the like. In this respect, it may be beneficial to use already existing resources to provide sufficient resources for the storage device. For example, the storage device may receive and use a memory buffer allocated from the host.

An embodiment is intended to provide a storage device capable of enhancing the security of a host memory buffer and an operating method thereof.

A method of operating a storage device according to an embodiment includes detecting an abnormal operation of a host memory buffer (HMB) located outside a storage device during data processing; and updating, by the storage device, a security policy applied when writing data to or reading data from the HMB when the abnormal operation is detected.

The method may include receiving allocation information of the HMB from a host; dividing the HMB into a plurality of areas based on the allocation information; and matching a security policy to each of a plurality of areas, wherein the updating of the security policy may include updating at least one of the security policies matched to each of the plurality of areas. .

The matching of the security policy may include matching a security IP (Intellectual Property) for each of the plurality of areas; and matching a key to each of the plurality of areas.

The plurality of areas include a first area and a second area, the security policy includes a first security policy and a second security policy different from the first security policy, and the matching of the security policies comprises: matching the first security policy to a first area; and matching the second security policy to the second area.

The security requirement level of the first area may be higher than that of the second area, and the security level of the first security policy may be higher than that of the second security policy.

The matching of the security policies includes matching security IPs for each of the plurality of areas, and the updating of at least one of the security policies matched to each of the plurality of areas includes: Among them, a step of changing a security IP matched to an area in which an abnormal operation has occurred may be included.

The matching of the security policy may include matching a key to each of the plurality of areas, and the updating of at least one of the security policies matched to each of the plurality of areas may include: A step of changing a key of an area in which an abnormal operation has occurred may be included.

The detecting of the abnormal operation may include detecting the abnormal operation for each of the plurality of regions, and the abnormal operation may include: when a key valid time has elapsed; If a data integrity check fails; and a case in which an abnormal HMB allocation is detected.

The case where the data integrity check fails may include a case where a data error rate exceeds an error rate threshold.

The case in which the abnormal HMB allocation is detected may include a case in which an allocation location is detected to be changed using log information of the HMB.

1 is a block diagram showing a storage system according to an exemplary embodiment of the present disclosure by way of example.
FIG. 2 is a block diagram showing the HMB controller of FIG. 1 in more detail.
FIG. 3 is a diagram showing an example of an HMB allocation table (HMBAT) generated by the HMB manager of FIG. 2 .
4A to 4D are diagrams illustrating examples of HMB mapping tables (HMBMT) created by an HMB manager.
5 is a diagram showing an example of a plurality of areas of the HMB and a table managed by the HMB manager.
6 is a flowchart illustrating an example of an operation of a storage device.
7 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 .
8 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 .
9 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 .
10 is a flowchart showing step S410 of FIG. 9 in more detail.
10A and 10B are diagrams illustrating an example of an operation of the storage device of FIG. 1 .
12 is a flowchart showing step S410 of FIG. 9 in more detail.
13A and 13B are diagrams illustrating an example of an operation of the storage device of FIG. 1 .
14 is a flowchart showing step S410 of FIG. 9 in more detail.
15A and 15B are diagrams illustrating an example of an operation of the storage device of FIG. 1 .
16 is a block diagram illustrating an example of a data center to which a storage device according to an embodiment of the present disclosure is applied.

Hereinafter, with reference to the accompanying drawings, embodiments of the present invention will be described in detail so that those skilled in the art can easily carry out the present invention. However, the present invention may be implemented in many different forms and is not limited to the embodiments described herein.

And in order to clearly explain the present invention in the drawings, parts irrelevant to the description are omitted, and similar reference numerals are attached to similar parts throughout the specification. In the flowchart described with reference to the drawings, the order of operations may be changed, several operations may be merged, a certain operation may be divided, and a specific operation may not be performed.

In addition, expressions written in the singular may be interpreted in the singular or plural unless explicit expressions such as “one” or “single” are used. Terms including ordinal numbers, such as first and second, may be used to describe various components, but the components are not limited by these terms. These terms may be used for the purpose of distinguishing one component from another.

1 is a block diagram showing a storage system according to an exemplary embodiment of the present disclosure by way of example. Referring to FIG. 1 , a storage system 10 may include a host 11 and a storage device 1000 . In one embodiment, the storage system 10 is an information processing device configured to process various information and store the processed information, such as a personal computer, laptop, server, workstation, smart phone, tablet PC, digital camera, black box, etc. may be one of them.

The host 11 may control overall operations of the storage system 10 . For example, the host 11 may transmit a request for storing data in the storage device 1000 or reading data stored in the storage device 1000 to the storage device 1000 . In one embodiment, the host 11 is a processor core such as a central processing unit (CPU) configured to control the storage system 10, an application processor (AP), or a computing node connected through a network. can be

In one embodiment, the host 11 may include a host controller 12 and a host memory 13 . The host controller 12 may be a device configured to control overall operations of the host 11 or to control the storage device 1000 from the host 11 side. The host memory 13 may be a buffer memory, cache memory, or operating memory used in the host 11 . The host memory 13 may be loaded with application programs, file systems, device drivers, and the like. The host memory 13 may be loaded with various software or data driven by the host 11 .

In one embodiment, the host memory 13 may include a host memory buffer (HMB) 14. The HMB 14 may be one in which a partial area of the host memory 13 is allocated as a buffer of the storage device 1000 .

In one embodiment, the HMB 14 may be managed by the storage device 1000 . Data of the storage device 1000 may be stored in the HMB 14 . For example, metadata or a mapping table of the storage device 1000 may be stored in the HMB 14 . The mapping table may include mapping information between a logical address from the host 11 and a physical address of the storage device 1000 .

The storage device 1000 may operate under the control of the host 11 . The storage device 1000 may include a storage controller 1100 and a nonvolatile memory device 1200 . The storage controller 1100 may store data in the nonvolatile memory device 1200 or read data stored in the nonvolatile memory device 1200 under the control of the host 11 . In one embodiment, the storage controller 1100 may perform various management operations for efficiently using the nonvolatile memory device 1200 .

The storage controller 1100 includes a central processing unit (CPU) 1110, a flash translation layer (FTL) 1120, an error correction code (ECC) engine 1130, and AES. (advanced encryption standard) engine 1140, buffer memory 1150, host interface circuit 1160, memory interface circuit 1170, and HMB controller 1180 may be included.

The CPU 1110 may control overall operations of the storage controller 1100 . The FTL 1120 may perform various operations to efficiently use the nonvolatile memory device 1200 . For example, the host 11 may manage the storage space of the storage device 1000 as a logical address. The FTL 1120 may be configured to manage address mapping between a logical address from the host 11 and a physical address of the storage device 1000 . The FTL 1120 may prevent excessive deterioration of a specific memory block among memory blocks of the nonvolatile memory device 1200 by performing a wear leveling operation. The lifespan of the nonvolatile memory device 1200 may be improved by the wear leveling operation of the FTL 1120 . The FTL 1120 may secure a free memory block by performing garbage collection on the nonvolatile memory device 1200 .

The ECC engine 1130 may perform error detection and error correction on data read from the nonvolatile memory device 1200 . For example, the ECC engine 1130 may generate error correction codes (or parity bits) for data to be written in the nonvolatile memory device 1200 . The generated error correction code (or parity bit) may be stored in the nonvolatile memory device 1200 together with data to be written. Subsequently, when data written from the nonvolatile memory device 1200 is read, the ECC engine 1130 detects errors in the read data based on the read data and corresponding error correction codes (or corresponding parity bits). can be detected and corrected.

The AES engine 1140 may perform an encryption operation or a decryption operation on data received from the host 11 or the nonvolatile memory device 1200 . In one embodiment, an encryption operation or a decryption operation may be performed based on a symmetric-key algorithm.

In one embodiment, at least one of the FTL 1120, the ECC engine 1130, and the AES engine 1140 may be implemented as software or hardware. When at least one of the FTL 1120, the ECC engine 1130, and the AES engine 1140 is implemented as software, program codes or information may be stored in the buffer memory 1150 and executed by the CPU 1110. there is. When at least one of the FTL 1120, the ECC engine 1130, and the AES engine 1140 is implemented in hardware, to perform an operation of at least one of the FTL 1120, the ECC engine 1130, and the AES engine 1140. A configured hardware accelerator may be provided separately from the CPU 1110.

The buffer memory 1150 may be a write buffer or a read buffer configured to temporarily store data input to the storage controller 1100 . Alternatively, the buffer memory 1150 may be configured to store various information necessary for the storage controller 1100 to operate. For example, the buffer memory 1150 may store a mapping table managed by the FTL 1120 . Alternatively, the buffer memory 1150 may store software, firmware, or information related to the FTL 1120 . More specifically, the buffer memory 1150 may store an HMB allocation table (HMBAT), an HMB state table (HMBST), an HMB mapping table (HMBMT), and the like. The buffer memory 1150 may store meta data for memory blocks.

In one embodiment, the buffer memory 1150 may be SRAM, but the scope of the present disclosure is not limited thereto, and the buffer memory 1150 may be implemented with various types of memory devices such as DRAM, MRAM, and PRAM. . Although the buffer memory 1150 is illustrated in FIG. 1 as being included in the storage controller 1100, the scope of the present disclosure is not limited thereto. The buffer memory 1150 may be located outside the storage controller 1100, and the storage controller 1100 may communicate with the buffer memory through a separate communication channel or interface.

The host interface circuit 1160 may be configured to communicate with the host 11 according to predetermined interface rules. In one embodiment, the predetermined interface protocol is an Advanced Technology Attachment (ATA) interface, a Serial ATA (SATA) interface, an external SATA (e-SATA) interface, a Small Computer Small Interface (SCSI) interface, and a Serial Attached SCSI (SAS) interface. , PCI (Peripheral Component Interconnection) interface, PCIe (PCI express) interface, NVMe (NVM express) interface, IEEE 1394, USB (universal serial bus) interface, SD (secure digital) card, MMC (multi-media card) interface, It may include at least one of various interface protocols such as an embedded multi-media card (eMMC) interface, a universal flash storage (UFS) interface, an embedded universal flash storage (eUFS) interface, a compact flash (CF) card interface, or a network interface. can The host interface circuit 1160 may receive a signal based on a predetermined interface rule from the host 11 and operate based on the received signal. Alternatively, the host interface circuit 1160 may transmit a signal based on a predetermined interface rule to the host 11 .

The memory interface circuit 1170 may be configured to communicate with the nonvolatile memory device 1200 according to predetermined interface rules. In one embodiment, the predetermined interface protocol may include at least one of various interface rules such as a toggle interface and an open NAND Flash Interface (ONFI) interface. In an embodiment, the memory interface circuit 1170 may communicate with the nonvolatile memory device 1200 based on a toggle interface. In this case, the memory interface circuit 1170 may communicate with the nonvolatile memory device 1200 through a plurality of channels. In one embodiment, each of the plurality of channels may include a plurality of signal lines configured to transmit various control signals, data signals, and a data strobe signal.

The HMB controller 1180 may manage the HMB 14 . The HMB controller 1180 may store and manage various data by using the HMB 14 as a buffer. For data reliability or security, the HMB controller 1180 may perform an encoding operation on data based on a security policy and store the encoded data in the HMB 14 . The HMB controller 1180 may read encoded data from the HMB 14 and perform a decoding operation on the corresponding data.

In one embodiment, the HMB controller 1180 divides the HMB 14 into a plurality of areas based on HMB allocation information provided from the host 11 and manages the divided areas. The HMB controller 1180 may select a security policy for each of the plurality of areas. For example, the HMB controller 1180 may set the same or different security policies for each of a plurality of areas. The HMB controller 1180 may select security policies for each of the plurality of areas based on characteristics of each of the plurality of areas and various pieces of information.

In an embodiment, the HMB controller 1180 may set a security policy for each area of the HMB 14 based on at least one of a reliability level and a security level for each area of the HMB 14 . For example, the HMB controller 1180 may set a security policy based on the type of data to be stored in a specific area. The HMB controller 1180 may set a security policy based on reliability or security of data required for a specific area. The HMB controller 1180 may set a security policy based on characteristics of a memory device corresponding to a specific area. For example, a security policy may relate to techniques for encrypting or decrypting data to provide information protection or security for users. In addition, the security policy may include a policy for writing data to or reading data from the HMB 14 using a security IP (Intellectual Property) or a key. Secure IP may include an Integrated Circuit (IC) designed to use a secure algorithm.

In an embodiment, the HMB controller 1180 may change a corresponding security policy when a change condition for each of the plurality of areas is satisfied. For example, the HMB controller 1180 may change a security policy for a specific area during operation (eg, during runtime). The HMB controller 1180 determines whether the characteristics of a memory device corresponding to a specific area change, the type of data to be stored in a specific area changes, the reliability requirement level for a specific area changes, or the security requirement level for a specific area changes. It may be determined that the change condition of the security policy is satisfied when the security policy changes, the key validity time elapses, data integrity check fails, or abnormal memory buffer allocation is detected.

Here, when data requiring high security is stored, when the reliability requirement level is raised, when the security requirement level is raised, when the key validity time has elapsed, when data integrity check fails, or when abnormal memory A case in which buffer allocation is detected may be a case in which security enhancement is required. When a change condition for enhancing security is satisfied, the HMB controller 1180 may change a specific area to a security IP with high security or a key with high security. For example, a change to a key with high security may mean a change to a key having more bits than a previous key.

Alternatively, when the key validity time has elapsed, the HMB controller 1180 may change to another security policy having the same security.

In addition, when data requiring low security is stored, when the reliability requirement level is lowered, or when the security requirement level is lowered, security mitigation may be required. When a change condition for security relaxation is satisfied, the HMB controller 1180 may change a specific area to a security IP with low security or a key with low security. For example, a change to a key having low security may mean a change to a key having fewer bits than a previous key.

The storage device 1000 according to this embodiment may select an appropriate security policy for each area of the HMB 14 . For example, the storage device 1000 may set a high-security security policy for an area with a high data reliability requirement, and set a low-security security policy for an area with a low data reliability requirement.

Accordingly, when only the same security policy can be set for the entire HMB 14, that is, when an appropriate security policy cannot be selected for each area of the HMB 14, only for some of the data to be stored in the HMB 14. Even when a security policy with high security is required, a security policy with high security must be used for all data to be stored in the HMB (14), and using a security policy with high security increases overhead or complicates calculations. By doing this, it is possible to improve the increase in latency. Accordingly, performance of the storage device 1000 may be improved.

As described above, the storage device 1000 may select an appropriate security policy for each area of the HMB 14 and change the security policy corresponding to the area of the HMB 14 when a change condition is satisfied. Accordingly, the storage device 1000 may have improved performance and improved reliability. An operating method of the host 11 and the storage device 1000 according to an embodiment of the present disclosure will be described in detail with reference to the following drawings.

FIG. 2 is a block diagram showing the HMB controller of FIG. 1 in more detail. FIG. 3 is a diagram showing an example of an HMB allocation table (HMBAT) created by the HMB manager of FIG. 2 . 4A to 4D are diagrams illustrating examples of HMB mapping tables (HMBMT) created by an HMB manager.

Referring to FIGS. 1 , 2 , 3 , and 4A to 4D , the storage device 1000 may use resources of the host 11 . For example, the storage device 1000 may manage various data by using the HMB 14 as a buffer. Accordingly, sufficient resources may be provided for the storage device 1000 .

The HMB controller 1180 includes an HMB manager 1181, a security IP pool 1182, an abnormality detector 1183, an encoder 1188, and a decoder. ) (1189).

The HMB manager 1181 may control overall operations of the HMB controller 1180 . For example, the HMB manager 1181 may receive HMB allocation information from the host 11 and divide the HMB 14 into a plurality of areas based on the HMB allocation information.

As shown in FIG. 3, the HMB manager 1181 includes physical addresses 3010, logical addresses 3020, mapping status 3030, tag information 3040, etc. of a plurality of areas of the HMB 14. HMB Allocation Table (HMBAT) can be created and saved.

The physical address 3010 may indicate a real address of each area of the HMB 14 divided by the HMB manager 1181.

The logical address 3020 may be a logical entry set by the HMB manager 1181 to manage areas of the HMB 14 . Logical address 3020 may correspond to physical address 3010 .

Mapping 3030 may indicate whether the physical address 3010 and the logical address 3020 are mapped. For example, a case of mapping may be represented by '1', and a case of not mapping may be represented by '0'.

The tag information 3040 may indicate identifiers of regions of the HMB 14 . For example, the HMB manager 1181 can divide the HMB 14 into area 0, area 1, ..., area N (where N is a natural number), and the tag information 3040 identifies the corresponding areas. Values for '0', '1', ..., 'N' may be included.

The HMB manager 1181 may set a security policy for each of a plurality of areas. For example, the HMB manager 1181 may set a security IP or key in each of a plurality of areas, and create and store an HMB mapping table (HMBMT). The HMB mapping table (HMBMT) may include tag information 3110 of the area of the HMB 14 , security IP 3120 , and key 3130 . The HMB manager 1181 may change the security policy of a specific area when a change condition is satisfied. For example, when an abnormal operation of the HMB 14 is detected, the HMB manager 1181 may change at least one of a security IP and a key. Changing the security IP may change the key value generation method. Changing a key may mean changing a key value of a corresponding area in a key mapping table. The HMB manager 1181 may reflect the changed security policy to the HMB mapping table (HMBMT).

As shown in FIG. 4A , the HMB manager 1181 may set a security IP (IP #1) in area 0 of the HMB 14 and set a 128-bit key of '010011010...'. The HMB manager 1181 may set a security IP (IP #0) in area 1 of the HMB 14 and set a 256-bit key of '110110000101001100...'. The HMB manager 1181 may set a security IP (IP #2) in area N of the HMB 14 and set a 128-bit key of '110011011..'.

After the security policy is set as shown in FIG. 4A , the abnormality detector 1184 may detect an abnormal operation of region 1 of the HMB 14 and notify the HMB manager 1181 . As shown in FIG. 4B , the HMB manager 1181 may change the key of area 1 to a 256-bit key of '000110100010111111..'.

When the abnormality detector 1184 detects an abnormal operation of area 0 of the HMB 14 and notifies the HMB manager 1181, the HMB manager 1181 assigns the security IP of area 0 to the security IP as shown in FIG. 4C. (IP #1) can be changed to secure IP (IP #0), and the key can be changed to a 256-bit key of '110110011101001100..'.

When the abnormality detector 1184 detects an abnormal operation of area N of the HMB 14 and notifies the HMB manager 1181, the HMB manager 1181 assigns the security IP of area N to the security IP as shown in FIG. 4D. (IP #2) to secure IP (IP #1).

The HMB manager 1181 may manage HMB-related information. For example, the HMB manager 1181 may create and manage an HMB allocation table (HMBAT), an HMB mapping table (HMBMT), and an HMB state table (HMBST).

The secure IP pool 1182 may include a plurality of secure IPs IP #0 to IP #n (where n is a natural number). Each of the plurality of security IPs (IP #0 to IP #n) may be implemented as a logic operation module that performs a security procedure according to a set security policy. Different security policies are set for the plurality of security IPs (IP #0 to IP #n), and each of the plurality of security IPs (IP #0 to IP #n) can generate a key value in a different way. . Accordingly, the plurality of security IPs (IP #0 to IP #n) may perform security procedures in different ways according to different security policies. Security procedures may include procedures such as encryption, decryption, and authentication.

The security policy is a cyclic redundancy check (CRC) (eg, CRC-16, CRC-32, CRC-64, CRC-128, CRC-256, etc.), Hamming Code, Low Density Parity Check (LDPC) , BCH code (Bose-Chaudhuri-Hocquenghem Code), RS code (Reed-Solomon Code), Viterbi code, Turbo code, Advanced Encryption Standard (AES) (e.g. AES-128, AES-192, AES-256) , SHA (Secure Hash Algorithm), RSA (Rivest Shamir Adleman), PCIe IDE (Peripheral Component Interconnect Express Integrity and Data Encryption), or PCIe DOE (Data Object Exchange).

Encoder 1188 may perform an encoding operation on the data to generate encoded data. The encoder 1188 may perform an encoding operation on data using one of a plurality of security IPs (IP #0 to IP #n) selected by the HMB manager 1181. Data encoded by encoder 1188 may be transmitted to HMB 14.

The decoder 1189 may generate decoded data by performing a decoding operation on the encoded data. Decoded data may be data before encoding. The decoder 1189 may perform a decoding operation on data encoded using one of a plurality of security IPs (IP #0 to IP #n) selected by the HMB manager 1181.

In FIG. 2, for convenience of explanation, the encoder 1188 and the decoder 1189 are illustrated as being disposed outside the secure IP pool 1182, but it is not necessarily limited thereto, and the encoder 1188 and the decoder 1189 are It may be implemented by configuring one module together with the secure IP pool 1182.

The abnormality detector 1183 may monitor whether a change condition of the security policy is satisfied. The change condition of the security policy may include a case where an abnormal operation of at least one area of the HMB 14 occurs. When the change condition of the security policy is satisfied, the abnormal detector 1183 may output a change signal indicating that the change condition is satisfied to the HMB manager 1181 .

The anomaly detector 1183 may include a timer 1184, a data integrity checker 1185, and an HMB allocation checker 1186. The timer 1184 may be configured to count a predetermined time from the time when a specific event related to the change condition of the security policy occurs (hereinafter referred to as a specific time point). For example, the timer 1184 may be configured to count a system clock or an operating clock to count elapsed time from a specific point in time or a predetermined time.

In one embodiment, the timer 1184 may count the elapsed time from a specific point in time (eg, from the point in time when data is first written in the first area) for each of the plurality of areas. The count result of the timer 1184 is referred to as elapsed time. When the elapsed time for each of the plurality of areas exceeds the reference time corresponding to the elapsed time information included in the HMB state table (HMBST), the abnormality detector 1183 determines that the security policy change condition for the corresponding area is met. can The reference time may be set differently for each data type or region. Accordingly, the abnormal detector 1183 outputs a change signal indicating that the change condition is satisfied to the HMB manager 1181, and the HMB manager 1181 may change the security policy for a specific area.

The data integrity checker 1185 may check integrity of data stored in a plurality of areas of the HMB 14 . For example, the data integrity checker 1185 may monitor an error rate of data.

In one embodiment, the data integrity checker 1185 may refer to the HMB state table (HMBST) to determine whether the monitored error rate satisfies the change condition. A change condition may be met, for example, if the value of the error rate being monitored reaches a threshold value. Accordingly, the abnormal detector 1183 outputs a change signal indicating that the change condition is satisfied to the HMB manager 1181, and the HMB manager 1181 may change the security policy for a specific area.

The HMB allocation checker 1186 may monitor state information of a plurality of regions of the HMB 14 . For example, the HMB allocation checker 1186 may monitor the state of the memory device, the state of the HMB, the state of a plurality of regions, the type of the memory device, the percentage of invalid memory regions, and the like. In this case, the HMB allocation checker 1186 may perform monitoring using log information of a plurality of areas.

In one embodiment, the HMB allocation checker 1186 may refer to the HMB state table (HMBST) to determine whether the monitored states satisfy the change condition. A change condition may be satisfied, for example, when the value of the monitored state reaches a threshold.

The threshold may be selected in consideration of a level of a state for which a change condition operation is required.

5 is a diagram showing an example of a plurality of areas of the HMB and a table managed by the HMB manager 1181. Referring to FIGS. 1 and 5 , the HMB manager 1181 divides the HMB 14 into a plurality of regions R1 to R4 based on HMB allocation information provided from the host 11 and manages the HMB 14 . It is assumed that the HMB 14 includes first to fourth regions R1 to R4. However, the scope of the present disclosure is not limited thereto, and the number of regions included in the HMB 14 may be increased or decreased according to implementation.

The HMB manager 1181 may manage information related to HMB. For example, the HMB manager 1181 may manage an HMB allocation table (HMBAT), an HMB state table (HMBST), and an HMB mapping table (HMBMT). The HMB allocation table (HMBAT), HMB state table (HMBST), and HMB mapping table (HMBMT) may be stored in the buffer memory 1150 or the nonvolatile memory device 1200.

In an embodiment, the HMB manager 1181 may create an HMB allocation table (HMBAT) based on HMB allocation information and store it in the buffer memory 1150 . The HMB manager 1181 may store and update allocation information for each of the plurality of areas R1 to R4 in the HMB allocation table HMBAT. Allocation information for each region of the HMB 14 may be managed and updated in units of divided regions. For example, allocation information may include tag information for each area, the type (or types) of data stored or buffered in each area, the release priority for each area, the status of each area, the size of each area, and the host of each area. It may include a memory address range, a reliability requirement level of each area, a security requirement level of each area, and the like. However, the scope of the present disclosure is not limited thereto, and allocation information stored in the HMB allocation table (HMBAT) may include other parameters for each of the plurality of regions R1 to R4 of the HMB 14.

For example, the tag information may be an attribute referred to uniquely identify each of the plurality of regions R1 to R4 of the HMB 14 . However, if another criterion can be used to uniquely identify the plurality of regions R1 to R4, the HMB allocation table HMBAT may not include tag information.

In one embodiment, each of the plurality of regions R1 to R4 may be configured to store one type of data. For example, types of data include mapping data, user data, metadata (e.g., ECC data, state data, etc.), powergating data (e.g., data that needs to be preserved in case of a power outage), etc. can do. A plurality of regions can store different types of data. However, the scope of the present disclosure is not limited thereto, and the type of data may include other types of data used in the storage device, one area stores two or more types of data, or two or more areas store one type of data. Of data can be stored, or the area can be configured regardless of the type of data.

The HMB manager 1181 may create an HMB state table (HMBST), store the HMB state table (HMBST) in the buffer memory 1150, and manage it. The HMB manager 1181 may store and update degradation information or error information (ie, state information) for each of the plurality of regions R1 to R4 in the HMB state table HMBST.

State information for each region of the HMB 14 may be managed and updated in units of divided regions. For example, the status information for each area includes the number of writes and reads of the area, the error rate detected from the data stored in the area (for example, the ratio of the number of error bits to the total number of bits of read data), and the elapsed time. , error occurrence ratio (eg, ratio of the number of errors detected and the total number of HMB read requests), the number of read retries, the ratio of invalid memory spaces, available capacity, and the like. However, the scope of the present disclosure is not limited thereto, and state information stored in the HMB state table HMBST may include other parameters for each of the plurality of regions R1 to R4 of the HMB 14 .

The HMB manager 1181 may create an HMB mapping table (HMBMT), store and manage the HMB mapping table (HMBMT) in the buffer memory 1150. The HMB manager 1181 may store and update mapping information for each of the plurality of regions R1 to R4 and the security policy corresponding to each region in the HMB mapping table HMBMT.

The HMB manager 1181 may select a security policy for each of the plurality of regions R1 to R4 and manage mapping information therefor in the HMB mapping table HMBMT. For example, the first area R1 corresponds to the first security policy SP1, the second area R2 corresponds to the second security policy SP2, and the third area R3 corresponds to the third security policy. It can correspond with the policy (SP3). The HMB manager 1181 may not set any security policy for the fourth area R4. In this case, an initial value may be stored in a table cell related to the fourth region R4 in the HMB mapping table HMBMT. The HMB mapping table (HMBMT) shown in FIG. 5 is an example, and the scope of the present disclosure is not limited thereto.

6 is a flowchart illustrating an example of an operation of a storage device. Referring to FIGS. 1 , 5 , and 6 , in step S110 , the storage device 1000 may receive HMB allocation information from the host 11 . For example, the storage device 1000 may receive HMB allocation information through a set-feature command. The HMB allocation information may include HMB size information, HMB activation information, or a HMB descriptor list. The HMB descriptor list may include a plurality of HMB descriptor entries. The HMB descriptor entry may point to a memory address space allocated to the HMB. The HMB descriptor entry may include buffer address information and buffer size information. The buffer address may indicate address information of a host memory buffer indicated by the HMB descriptor entry. The buffer size information may indicate the number of consecutive memory pages in a memory space indicated by the HMB descriptor entry.

In one embodiment, the storage device 1000 may recognize the HMB 14 based on HMB allocation information. The storage device 1000 may divide the HMB 14 into a plurality of regions. A plurality of areas of the HMB 14 may be managed by the storage device 1000 . Referring to FIG. 5 , the storage device 1000 may divide the HMB 14 into first to fourth regions R1 to R4 based on HMB allocation information.

In one embodiment, the plurality of areas managed by the storage device may be different from the plurality of memory spaces indicated by the HMB descriptor entry managed by the host. The storage device 1000 may recognize memory spaces indicated by HMB descriptor entries as the HMB 14 . The storage device 1000 may classify the HMB 14 into a plurality of areas as needed and use them.

In step S120 , the storage device 1000 may determine a security level for each area of the HMB 14 . In this case, the storage device 100 may use information of data stored in each area. For example, the storage device 1000 may determine a high security level for an area with a high data reliability requirement and a low security level for an area with a low data reliability requirement. As another example, the storage device 1000 determines a high security level for data requiring high security (eg, data that is difficult to be easily deciphered from the outside) based on the type (or type) of data, and determines a low security level. A low security level may be determined for data requiring security (eg, raw data, log data, etc.).

In step S130 , the storage device 1000 may set a security policy for each area of the HMB 14 . For example, the storage device 1000 may set one of a plurality of security policies for the plurality of regions R1 to R4. The storage device 1000 may select a first security policy SP1 from among a plurality of security policies for the first region R1. The storage device 1000 may select the second security policy SP2 for the second area R2 and select the third security policy SP3 for the third area R3. However, the storage device 1000 may not select any security policy for the fourth area R4.

In step S140 , the storage device 1000 may store information about the security policy in the HMB mapping table (HMBMT). For example, referring to FIG. 5 , the storage device 1000 may store the first security policy SP1 in the HMB mapping table HMBMT in relation to the first area R1. The storage device 1000 may store the second security policy SP2 in the HMB mapping table HMBMT in relation to the second region R2. The storage device 1000 may store the third security policy SP3 in the HMB mapping table HMBMT in relation to the third area R3. The storage device 1000 may store a default in the HMB mapping table HMBMT in relation to the fourth region R4 . That is, the storage device 1000 may set not to apply any security policy to the fourth area R4. In other words, the storage device 1000 may not perform an encoding or decoding operation on data corresponding to the fourth region R4.

7 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 . Referring to FIGS. 1 and 7 , in step S210, the HMB controller 1180 may receive an HMB write request and data. For example, the HMB controller 1180 may detect or receive an HMB write request to the HMB 14 provided from the CPU 1110 or the FTL 1120 .

In step S220, the HMB controller 1180 may determine a security policy based on the HMB mapping table (HMBMT). For example, the HMB controller 1180 may determine an area of the HMB 14 in which data is to be stored based on the HMB write request. Specifically, the HMB controller 1180 may determine the HMB included in the HMB write request ( Based on the address of 14), an area of the HMB 14 in which data is to be stored may be determined among the plurality of areas R1 to R4. Alternatively, the HMB controller 1180 may determine an area of the HMB 14 in which data is to be stored among the plurality of areas R1 to R4 based on the type (or type) of data included in the HMB write request. The HMB controller 1180 may check a security policy corresponding to an area of the HMB 14 from an HMB mapping table (HMBMT) based on an area of the HMB 14 in which data is to be stored.

For example, it is assumed that the address included in the HMB write request points to the first region R1 of the HMB 14 . Based on the address included in the HMB write request, the HMB controller 1180 may determine that the first area R1 is an area where data is to be stored. The HMB controller 1180 may determine that the security policy corresponding to the first region R1 is the first security policy SP1 based on the HMB mapping table HMBMT.

In step S230, the HMB controller 1180 may perform an encoding operation based on the determined security policy. For example, the HMB controller 1180 may perform an encoding operation on data based on the first security policy SP1. In step S240, the HMB controller 1180 may write the encoded data to the HMB 14. For example, the HMB controller 1180 may transmit a write command and encoded data to the HMB 14 .

However, when the area of the HMB 14 corresponding to the HMB write request is the fourth area R4 (ie, when the determined security policy points to the default value), the HMB controller 1180 sends the HMB write request An encoding operation on data corresponding to may not be performed. Accordingly, the HMB controller 1180 may write unencoded data into the HMB 14 .

8 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 . Referring to FIGS. 1 and 8 , in step S310, the HMB controller 1180 may receive an HMB read request. For example, the HMB controller 1180 may detect or receive a read request to the HMB 14 provided from the CPU 1110 or the FTL 1120 .

In step S320, the HMB controller 1180 may read data from the HMB 14. For example, the HMB controller 1180 may transmit a read command to the HMB 14 based on the HMB read request. The HMB controller 1180 may receive data corresponding to the read command from the HMB 14 . For example, the HMB controller 1180 may generate a read command based on the address of the HMB 14 included in the HMB read request. Alternatively, the HMB controller 1180 may generate a read command based on the type (or type) of data of the HMB 14 included in the HMB read request.

In step S330, the HMB controller 1180 may determine a security policy based on the HMB mapping table (HMBMT). For example, the HMB controller 1180 may determine an area of the HMB 14 in which data is stored based on the HMB read request.

Specifically, the HMB controller 1180 may determine an area of the HMB 14 in which data is stored among a plurality of areas R1 to R4 based on the address of the HMB 14 included in the HMB read request. Alternatively, the HMB controller 1180 may determine an area of the HMB 14 in which data is stored among a plurality of areas R1 to R4 based on the type (or type) of data included in the HMB read request. The HMB controller 1180 may check the security policy corresponding to the area of the HMB 14 from the HMB mapping table (HMBMT) based on the area of the HMB 14 in which data is stored.

For example, it is assumed that the address to be included in the HMB read request points to the first region R1 of the HMB 14 . Based on the address included in the HMB read request, the HMB controller 1180 may determine that the data storage area is the first area R1. The HMB manager 1181 may determine that the security policy corresponding to the first area R1 is the first security policy SP1 based on the HMB mapping table HMBMT.

In step S340, the HMB controller 1180 may perform a decoding operation based on the determined security policy. For example, the HMB controller 1180 may perform a decoding operation on data based on the first security policy SP1. At this time, the HMB controller 1180 may detect whether there is an error in the data, determine whether the error can be corrected if there is an error, and perform an error correction operation if the error can be corrected. If the error cannot be corrected, the HMB controller 1180 may transmit a failure response to the HMB read request to the CPU 1110 or the FTL 1120.

In step S350, the HMB controller 1180 may transmit decoded data. For example, the HMB controller 1180 may transmit decoded data to the CPU 1110 or the FTL 1120.

However, when the area corresponding to the HMB read request is the fourth area R4 (ie, the determined security policy indicates the default), the HMB controller 1180 stores data corresponding to the HMB read request. decoding operation may not be performed.

Accordingly, the HMB controller 1180 may transmit undecoded data to the CPU 1110 or the FTL 1120.

9 is a flowchart illustrating an example of an operation of the HMB controller of FIG. 1 . Referring to FIGS. 1 and 9 , in step S410 , the HMB controller 1180 may determine whether a change condition is satisfied by determining whether an abnormal operation is detected in the HMB 14 . That is, detection of an abnormal operation may mean that a security policy for a corresponding area needs to be changed.

If the change condition is satisfied, the HMB controller 1180 proceeds to step S420, and if the change condition is not satisfied, the HMB controller 1180 again proceeds to step S410. That is, when the change condition is not satisfied, the HMB controller 1180 may monitor whether the change condition is satisfied.

The HMB controller 1180 determines whether the characteristics of a memory device corresponding to a specific area change, the type of data to be stored in a specific area changes, the reliability requirement level for a specific area changes, or the security requirement level for a specific area changes. It may be determined that the change condition of the security policy is satisfied when the key is changed, the key validity time elapses, the data integrity check fails, or an abnormal memory buffer allocation is detected.

In an embodiment, the HMB controller 1180 may detect whether a change in the security policy for each of the plurality of regions R1 to R4 is required. That is, the HMB controller 1180 may monitor states related to the plurality of areas R1 to R4. The HMB controller 1180 may manage whether the monitored state satisfies the change condition. For example, the state monitored by the HMB controller 1180 is the lifespan of each of the plurality of regions R1 to R4, the reliability of data stored in each of the plurality of regions R1 to R4, and the plurality of regions R1 to R4. ~R4) may be related to various attributes such as the state of the memory device corresponding to each.

When the change condition is satisfied, this indicates that it is required to change the security policy for the area where the change condition is met in the storage device 1000 to improve the operating environment and characteristics of the storage device 1000 or the HMB 14. can The storage device 1000 may be implemented to change a security policy for a specific area in order to improve the operating environment and characteristics of the storage device 1000 or the HMB 14 .

In one embodiment, when the value of the monitored state reaches a threshold value, the HMB controller 1180 may determine that the monitored state satisfies the change condition. For example, looking at the first condition, the HMB controller 1180 determines the time elapsed from the time when data is first written in each of the plurality of areas R1 to R4, that is, the plurality of areas R1 to R4. Each elapsed time can be managed. Specifically, the HMB controller 1180 may determine whether the elapsed time of each of the plurality of regions R1 to R4 reaches the reference time. The HMB controller 1180 may use a timer or time stamp.

Looking at the second condition, the HMB controller 1180 may manage error rates of each of the plurality of areas R1 to R4. Specifically, the HMB controller 1180 may monitor the error rate of each of the plurality of areas and determine whether the error rate reaches a reference error rate.

Looking at the third condition, the HMB controller 1180 may manage allocation information of the HMB 14 by the host 11 . The HMB controller 1180 may determine whether the memory spaces of the host memory 13 for the plurality of areas R1 to R4 are changed based on the HMB mapping table HMBMT. That is, the HMB controller 1180 may determine whether allocation information for the plurality of regions R1 to R4 is changed.

Looking at the fourth condition, the HMB controller 1180 may manage a memory device corresponding to the HMB 14 . Specifically, the HMB controller 1180 may receive information about a memory device corresponding to the HMB 14 from the host 11 . The HMB controller 1180 may determine whether information on a memory device corresponding to the HMB 14 is received. The above-described first to fourth conditions are only some of possible examples of change conditions, the scope of the present disclosure is not limited to the above examples, and specific conditions may be variously changed or modified.

In one embodiment, the change condition may include all of the first to fourth conditions. For example, the HMB controller 1180 may determine whether the first to fourth conditions are satisfied for a specific area. That is, the HMB controller 1180 can simultaneously monitor all of the first to fourth conditions.

In one embodiment, the change condition may include at least one of the first to fourth conditions. For example, the HMB controller 1180 may determine whether a first condition is satisfied or a fourth condition is satisfied for a specific region. That is, the HMB controller 1180 may monitor at least one of a plurality of conditions.

In one embodiment, the HMB controller 1180 may change the security policy for a specific area when any one of the first to fourth conditions is satisfied. For example, even when only the first condition is satisfied and the second to fourth conditions are not satisfied, the HMB controller 1180 may determine that the change condition is satisfied and change the security policy for the specific area.

In one embodiment, the HMB controller 1180 may change the security policy for a specific area when at least two of a plurality of conditions are satisfied. For example, when only the first condition is satisfied and the second to fourth conditions are not satisfied, the HMB controller 1180 may determine that the change condition is not satisfied. When the first and second conditions are satisfied and the third and fourth conditions are not satisfied, the HMB controller 1180 may determine that the change condition is satisfied and change the security policy for the specific area.

As described above, the change condition may include one of the first to fourth conditions, or a combination of at least two of them. However, the scope of the present disclosure is not limited thereto and may be variously changed or modified.

In step S420, the HMB controller 1180 may change the security policy. Specifically, the HMB manager 1181 may change the security policy for an area in which the change condition is satisfied among the plurality of areas R1 to R4. For example, it is assumed that the condition for changing the first region R1 is satisfied. The HMB manager 1181 may change the security policy of the first region R1 from the first security policy SP1 to the fourth security policy SP4.

In step S430, the HMB controller 1180 may update the HMB mapping table (HMBMT). The HMB manager 1181 may store the newly selected security policy in the HMB mapping table HMBMT in relation to a corresponding region. For example, when the security policy of the first region R1 is changed from the first security policy SP1 to the fifth security policy SP5, the HMB controller 1180 may perform a fifth security policy in relation to the first region R1. The security policy (SP5) can be stored in the HMB mapping table (HMBMT).

The HMB controller 1180 may determine whether change conditions described below are satisfied for all of the plurality of areas R1 to R4. However, for conciseness of the drawings and convenience of description, it will be described whether the change condition is satisfied with respect to one specific area below. One specific region is assumed to be the first region R1. However, it will be well understood that the scope of the present disclosure is not limited thereto, and all of the following descriptions may be applied to the remaining regions R2 to R3.

10 is a flowchart showing step S410 of FIG. 9 in more detail. 11A and 11B are diagrams illustrating an example of an operation of the storage device of FIG. 1 . Referring to FIGS. 1, 10, 11a, and 11b, step S410 of FIG. 9 may include steps S411a to S413a of FIG. 10 . In step S411a, the HMB controller 1180 may receive a first write command and transmit data to a specific area of the HMB 14. For example, the CPU 1110 may transmit a first HMB write request for the first region R1 to the HMB controller 1180 ([1] in FIG. 11A). For example, the CPU 1110 may transmit an HMB write request to the HMB controller 1180 in order to first write data into the first region R1.

The HMB controller 1180 may transmit the first write data to the first region R1 ([2] in FIG. 11A). For example, the secure IP pool 1182 may perform an encoding operation on data based on the first security policy SP1 corresponding to the first region R1. The secure IP pool 1182 may transmit a first write command and encoded write data to the host 11 . The HMB controller 1180 may transmit a write command and data for the first time in a state in which no data is stored in the first region R1. That is, the HMB controller 1180 may first write data into the first area R1.

In step S412a, the HMB controller 1180 may start the timer 1184. The HMB controller 1180 may initiate a counting operation of the timer 1184 corresponding to the first region R1. In one embodiment, the HMB manager 1181 may set the reference time of the timer 1184 corresponding to the first region R1 ([3] in FIG. 11A).

For example, the reference time may be selected based on the type of data to be stored in the first region R1 and the characteristics of the host memory device corresponding to the first region R1. A reference time may be set to determine a time point for changing the security policy for the first region R1. In detail, in order to ensure data reliability before data loss, a reference time for determining when the HMB controller 1180 performs a security policy change operation may be set. The reference time may be a predetermined value. The reference time may be selected to be fixed or variable by designers, manufacturers, and/or users. For example, the reference time may be adjustable by the HMB controller 1180 depending on the state of the host memory device or the type of data.

In step S413a, the HMB controller 1180 may determine whether the timer 1184 has expired based on a signal from the timer 1184 corresponding to the area of the HMB 14 . The expiration of the timer 1184 may mean that the elapsed time counted by the timer 1184 corresponding to the corresponding area exceeds the reference time.

For example, the HMB manager 1181 may determine whether the timer 1184 corresponding to the first region R1 has expired. The timer 1184 may count the elapsed time from the time when data is first written in the first region R1. When the timer 1184 for the first region R1 expires, the timer 1184 may output a signal indicating elapse or expiration of the reference time to the HMB manager 1181 (see [4] in FIG. 11B). ). Accordingly, the HMB manager 1181 may determine that the change condition for the first region R1 is satisfied.

When the timer 1184 expires, the HMB controller 1180 proceeds to step S420, and when the timer 1184 does not expire, the HMB controller 1180 may continue the determination operation of S413a.

In step S420, the HMB controller 1180 may change the security policy corresponding to the first region R1. For example, the HMB manager 1181 may change the security policy of the first region R1 based on a signal output from the timer 1184 (ie, based on elapse or expiration of a reference time). The HMB manager 1181 may change the first security policy SP1 to the fifth security policy SP5 for the first region R1.

In step S430, the HMB controller 1180 may update the HMB mapping table (HMBMT). For example, the HMB manager 1181 may update the security policy for the first region R1 to a fifth security policy SP5 ([5] in FIG. 11B).

12 is a flowchart showing step S410 of FIG. 9 in more detail. 13A and 13B are diagrams illustrating an example of a method of operating the storage device of FIG. 1 .

Referring to FIGS. 12, 13a, and 13b, step S410 of FIG. 9 may include steps S411b and S412b.

In step S411b, the HMB controller 1180 may monitor the error rate. For example, the CPU 1110 may transmit an HMB read request for the first region R1 to the HMB controller 1180 ([1] in FIG. 13A). The secure IP pool 1182 may read read data RDATA from the first region R1 ([2] in FIG. 13A). The secure IP pool 1182 may determine whether there is an error in the read data. If there is an error, secure IP pool 1182 can detect the error rate. Or, if there is an error, the secure IP pool 1182 can calculate an error rate. For example, the error rate may mean a ratio between the number of error bits and the total number of bits of read data. The secure IP pool 1182 may transmit the error rate to the data integrity checker 1185 ([3] in FIG. 13A). The data integrity checker 1185 may monitor the error rate. The data integrity checker 1185 may store or update the error rate in the HMB state table (HMBST) (([4] in FIG. 13A).

In step S412b, the HMB controller 1180 may determine whether the error rate exceeds the reference error rate Re. For example, the data integrity checker 1185 refers to the HMB state table HMBST to detect whether the error rate corresponding to the first region R1 reaches the reference error rate corresponding to the first region R1. can When the error rate reaches the reference error rate, the data integrity checker 1185 proceeds to step S420, and when the error rate does not reach the reference error rate, the data integrity checker 1185 proceeds to step S412b. When the error rate reaches the reference error rate, the data integrity checker 1185 can determine that the change condition has been met. The HMB controller 1180 may additionally determine whether or not the error can be corrected, and perform an error correction operation if correction is possible. The data integrity checker 1185 may output a signal indicating that the change condition is satisfied to the HMB manager 1181 ([5] in FIG. 13B).

In step S420, the HMB controller 1180 determines the security policy of the first region R1 in response to the signal output from the data integrity checker 1185 (ie, based on the error rate reaching the reference error rate). The security policy (SP1) may be changed to the fifth security policy (SP5). In step S430, the HMB controller 1180 may update the HMB mapping table (HMBMT). For example, the HMB manager 1181 may update the security policy for the first region R1 to a fifth security policy SP5 ([6] in FIG. 13B).

In one embodiment, the storage device 1000 may monitor conditions related to reliability and security of data in addition to the error rate. For example, the monitored status is the elapsed time of each area of the HMB 14, the error occurrence rate (ie, the ratio of the number of errors detected and the total number of HMB read requests), the number of writes, the number of reads, the number of read retries, It may include the percentage of invalid memory spaces, available capacity, etc., but the present disclosure is not limited thereto.

In one embodiment, the abnormality detector 1183 may determine whether the monitored state satisfies a change condition. A change condition may be satisfied, for example, when the value of the monitored state reaches a threshold. The threshold may be selected in consideration of reliability and security levels required for each of the areas.

For example, the abnormality detector 1183 may use the data integrity checker 1185 instead of the timer 1184 to manage elapsed time. The data integrity checker 1185 may manage various times of each of the plurality of areas R1 to R4. For example, the HMB manager 1181 may manage the elapsed time of the plurality of regions R1 to R4. The elapsed time refers to the elapsed time from the time when data is first written in each of the plurality of areas to the present. The HMB manager 1181 may store the time when data is first written into the area, that is, the start time as a time stamp in the HMB state table (HMBST).

The data integrity checker 1185 may refer to the HMB state table (HMBST) and calculate a difference between the start time stored in the HMB state table (HMBST) and the current time as elapsed time. The data integrity checker 1185 may compare the calculated elapsed time with the reference time to determine whether the elapsed time exceeds the reference time. When the elapsed time exceeds the reference time, the data integrity checker 1185 may detect that the change condition of the first region R1 is satisfied. The data integrity checker 1185 may output a signal indicating that the change condition is satisfied to the HMB manager 1181 .

Also, the data integrity checker 1185 may manage an error occurrence rate. The monitoring unit 1185 may manage an error occurrence rate (ie, a ratio between the number of error occurrences and the number of HMB reads) based on the HMB state table (HMBST). The data integrity checker 1185 may calculate an error occurrence rate whenever an HMB read operation is performed. The data integrity checker 1185 may store or update the error occurrence rate in the HMB state table (HMBST). The data integrity checker 1185 sends a signal to the HMB manager 1181 indicating that the change condition has been met when the error rate reaches a threshold (eg, the error rate rises above the threshold). ) can be output.

14 is a flowchart showing step S410 of FIG. 9 in more detail. 15A and 15B are diagrams illustrating an example of an operation of the storage device of FIG. 1 . Referring to FIGS. 14 , 15A and 15B , the storage device 1000 may change the security policy of a specific area based on the change of the area allocated to the HMB 14 of the host 11 .

The host 11 de-allocates the already allocated memory space of the HMB 14 for use of the storage device 1000, or the host 11 de-allocates the already allocated memory space of the HMB 14. There may be cases where a return is requested for . For example, the host 11 sets a memory return (MR) field included in a set-feature command (eg, a feature identifier (FID) indicates a host memory buffer) to '1'. By setting, the allocated memory space of the HMB 14 can be deallocated.

The HMB manager 1181 may allocate an area corresponding to the deallocated memory space of the HMB 14 as another memory space. For example, an unused portion of the already allocated memory space of the HMB 14 may be allocated as an area. Alternatively, the host 11 may further allocate a new memory space of the host memory 13 to the HMB 14 . For example, the host 11 may allocate a new memory space to the HMB 14 through a set-feature command. The HMB manager 1181 may allocate a new memory space as an area of the deallocated memory space.

In one embodiment, step S410 of FIG. 9 may include steps S411c to S413c. In step S411c, the storage device 1000 may receive HMB allocation information from the host 11. For example, the host 11 may transmit a set-feature command including HMB allocation information to the storage device 1000 ([1] in FIG. 15A). The set-feature command may include first to fifth memory address ranges MR1 to MR5. For example, the first to fifth memory address ranges MR1 to MR5 may indicate a range of addresses corresponding to the HMB 14 in the host memory 13 .

In step S412c, the storage device 1000 may set a plurality of regions R1 to R4 based on the HMB allocation information. For example, the HMB manager 1181 may divide the HMB 14 into first to fourth regions R1 to R4 in response to HMB allocation information of the host 11 . The HMB manager 1181 allocates the first area R1 to the first memory address range MR1 of the host memory 13 and allocates the second area R1 to the second memory address range MR2 of the host memory 13 ( R2), the third area R3 is allocated to the third memory address range MR3 of the host memory 13, and the fourth area R3 is allocated to the fourth memory address range MR4 of the host memory 13. R4) can be assigned. The HMB manager 1181 may leave the fifth memory address range MR5 as an empty space without allocating it to any area.

In one embodiment, the HMB manager 1181 determines to store the first data type DT1 in the first area R1 and to store the second data type DT2 in the second area R2; , it may be determined to store the third data type DT3 in the third area R3 and to store the fourth data type DT4 in the fourth area R4.

In one embodiment, the HMB manager 1181 may update the HMB allocation table (HMBAT) ([2] of FIG. 15A). For example, the HMB manager 1181 stores the first data type DT1 and the first memory address range MR1 in relation to the first area R1 in the HMB allocation table HMBAT, and stores the second area ( In relation to R2, the second data type DT2 and the second memory address range MR2 are stored, and in relation to the third area R3, the third data type DT3 and the third memory address range MR3 are stored. ), and in relation to the fourth area R4, a fourth data type DT4 and a fourth memory address range MR4 may be stored.

In step S413c, the storage device 1000 may determine whether the assigned location of a region is changed by monitoring state information of a plurality of regions. The storage device 1000 may determine whether the assigned location is changed based on the set-feature command received from the host 11 .

For example, the storage device 1000 may count the number of times assigned positions of the plurality of areas are changed. The storage device 1000 may determine that the HMB 14 operates abnormally when the number of location changes exceeds a threshold value.

As another example, the storage device 1000 may count the number of times allocation of the plurality of regions is released. The storage device 1000 may determine that the HMB 14 operates abnormally when the number of times of allocation release exceeds a threshold value.

The threshold may be selected in consideration of a situation in which an abnormal operation occurs, and may be set to 1, for example.

In an embodiment, the HMB allocation checker 1186 may monitor allocation information of each of a plurality of regions. When the HMB allocation checker 1186 determines that the HMB 14 operates abnormally, it outputs a signal indicating that the change condition has been met to the HMB manager 1181 ([3] in FIG. 15B), and may proceed to step S420. . If the location to which any area is allocated has not changed, the storage device 1000 proceeds to step S413c again.

In step S414c, the storage device 1000 may reset a plurality of regions based on the positions of the changed regions. For example, the storage device 1000 may determine that the allocation of the first memory address range MR1 is released and determine that the HMB 14 operates abnormally. Accordingly, the HMB manager 1181 may set the first region R1 again. Since the HMB manager 1181 cannot use the first memory address range MR1, it can set a fifth memory address range MR5 to which no area is allocated as the first area R1. That is, the HMB manager 1181 may allocate the first area R1 to the fifth memory address range MR5 of the host memory 13 .

In step S415c, the HMB controller 1180 may update the HMB allocation table (HMBAT). For example, the HMB manager 1181 may store the fifth memory address range MR5 in the HMB allocation table HMBAT in relation to the first region R1 ([4] in FIG. 15B). In an embodiment, the HMB manager 1181 may determine that the change condition of the security policy for the first region R1 is satisfied because the allocation information for the first region R1 is changed.

In step S420, the HMB controller 1180 may change the security policy. For example, the HMB manager 1181 sets the security policy of the first region R1 to the first security policy SP1 based on the signal output from the HMB allocation checker 1186 or the HMB allocation information for the region is changed. can be changed to the fifth security policy (SP5). In step S430, the HMB controller 1180 may update the HMB mapping table (HMBMT). For example, the HMB manager 1181 may update the security policy for the first region R1 to a fifth security policy SP5 ([5] in FIG. 15B).

16 is a block diagram illustrating an example of a data center to which a storage device according to an embodiment of the present disclosure is applied. The data center 2000 is a facility that maintains and manages various data and provides various services for the various data, and may be referred to as a data storage center. The data center 200 may be a system for operating a search engine or database, and may be a computing system used in various institutions. The data center 2000 may include a plurality of application servers 2100_1 to 2100_n and a plurality of storage servers 2200_1 to 2200_m. The number of the plurality of application servers 2100_1 to 2100_n and the number of the plurality of storage servers 2200_1 to 2200_m may be variously modified.

Hereinafter, for convenience of description, an example of the first storage server 2200_1 is described. Each of the remaining storage servers 2200_2 to 2200_m and the plurality of application servers 2100_1 to 2100_n may have a structure similar to that of the first storage server 2200_1.

The first storage server 2200_1 may include a processor 2210_1, a memory 2220_1, a switch 2230_1, a network interface connector (NIC) 2240_1, and a storage device 2250_1. The processor 2210_1 may control overall operations of the first storage server 2200_1. The memory 2220_1 may store various commands or data under the control of the processor 2210_1. The processor 2210_1 may be configured to access the memory 2220_1 to execute various instructions or to process data. In one embodiment, the memory 2220_1 may include DDR Double Data Rate Synchronous DRAM (SDRAM), High Bandwidth Memory (HBM), Hybrid Memory Cube (HMC), Dual In-line Memory Module (DIMM), Optane DIMM, or NVDIMM (Non-VDIMM). -Volatile DIMM) may include at least one of various types of memory devices.

In one embodiment, the number of processors 2210_1 and the number of memories 2220_1 included in the first storage server 2200_1 may be variously modified. In one embodiment, the processor 2210_1 and the memory 2220_1 included in the first storage server 2200_1 may constitute a processor-memory pair, and the processor-memory pair included in the first storage server 2200_1 The number can be variously modified. In one embodiment, the number of processors 2210_1 and the number of memories 2220_1 included in the first storage server 2200_1 may be different from each other. The processor 2210_1 may include a single-core processor or a multi-core processor.

The switch 2230_1 may selectively connect the processor 2210_1 and the storage device 2250_1 or selectively connect the NIC 2240_1 and the storage device 2250_1 under the control of the processor 2210_1.

The NIC 2240_1 may be configured to connect the first storage server 2200_1 to the network NT. The NIC 2240_1 may include a network interface card, a network adapter, and the like. The NIC 2240_1 may be connected to the network NT through a wired interface, a wireless interface, a Bluetooth interface, an optical interface, or the like. The NIC 2240_1 may include an internal memory, a DSP, a host bus interface, and the like, and may be connected to the processor 2210_1 or the switch 2230_1 through the host bus interface. Host bus interfaces include Advanced Technology Attachment (ATA), Serial ATA (SATA), external SATA (e-SATA), Small Computer Small Interface (SCSI), Serial Attached SCSI (SAS), Peripheral Component Interconnection (PCI), PCIe ( PCI express), NVM express (NVMe), IEEE 1394, universal serial bus (USB), secure digital (SD) card, multi-media card (MMC), embedded multi-media card (eMMC), universal flash storage (UFS) , embedded universal flash storage (eUFS), compact flash (CF) card interface, and the like. In one embodiment, the NIC 2240_1 may be integrated with at least one of the processor 2210_1, the switch 2230_1, and the storage device 2250_1.

The storage device 2250_1 may store data or output the stored data under the control of the processor 2210_1. The storage device 2250_1 may include a controller 2251_1, a nonvolatile memory 2252_1, a DRAM 2253_1, and an interface 2254_1. In one embodiment, the storage device 2250_1 may further include a Secure Element (SE) for security or privacy.

The controller 2251_1 may control overall operations of the storage device 2250_1. In one embodiment, the controller 2251_1 may include SRAM. The controller 2251_1 may store data in the nonvolatile memory 2252_1 or output data stored in the nonvolatile memory 2252_1 in response to signals received through the interface 2254_1. In one embodiment, the controller 2251_1 may be configured to control the nonvolatile memory 2252_1 based on a toggle interface or an ONFI interface.

The DRAM 2253_1 may be configured to temporarily store data to be stored in the nonvolatile memory 2252_1 or data read from the nonvolatile memory 2252_1. The DRAM 2253_1 may be configured to store various data (eg, meta data, mapping data, etc.) necessary for the controller 2251_1 to operate. The interface 2254_1 may provide a physical connection between the processor 2210_1, the switch 2230_1, or the NIC 2240_1 and the controller 2251_1. In one embodiment, the interface 2254_1 may be implemented in a Direct Attached Storage (DAS) method that directly connects the storage device 2250_1 with a dedicated cable. In one embodiment, the interface 2254_1 may be configured based on at least one of the various interfaces described above through the host interface bus.

The configurations of the above-described first storage server 2200_1 are exemplary, and the scope of the present disclosure is not limited thereto. The configurations of the above-described first storage server 2200_1 may be applied to other storage servers or each of a plurality of application servers. In one embodiment, in each of the plurality of application servers 2100_1 to 2100_n, the storage device 2150_1 may be selectively omitted.

The plurality of application servers 2100_1 to 2100_n and the plurality of storage servers 2200_1 to 2200_m may communicate with each other through the network NT. The network NT may be implemented using Fiber Channel (FC) or Ethernet. At this time, FC is a medium used for relatively high-speed data transmission, and an optical switch providing high performance/high availability may be used. Depending on the access method of the network NT, the storage servers 2200_1 to 2200_m may be provided as file storage, block storage, or object storage.

In one embodiment, the network NT may be a storage-only network such as a Storage Area Network (SAN). For example, the SAN may be an FC-SAN that uses an FC network and is implemented according to FC Protocol (FCP). Alternatively, the SAN may be an IP-SAN using a TCP/IP network and implemented according to the iSCSI (SCSI over TCP/IP or Internet SCSI) protocol. In one embodiment, network NT may be a general network such as a TCP/IP network. For example, the network NT may be implemented according to protocols such as FC over Ethernet (FCoE), Network Attached Storage (NAS), and NVMe over Fabrics (NVMe-oF).

In one embodiment, at least one of the plurality of application servers 2100_1 to 2100_n connects to at least one other of the plurality of application servers 2100_1 to 2100_n or the plurality of storage servers 2200_1 to 2200_m through the network NT. It may be configured to access at least one of them.

For example, the first application server 2100_1 may store data requested by a user or client in at least one of a plurality of storage servers 2200_1 to 2200_m through the network NT. Alternatively, the first application server 2100_1 may obtain data requested by a user or client from at least one of the plurality of storage servers 2200_1 to 2200_m through the network NT. In this case, the first application server 2100_1 may be implemented as a web server or a database management system (DBMS).

That is, the processor 2110_1 of the first application server 2100_1 may access the memory 2120_n or the storage device 2150_n of another application server (eg, 2100_n) through the network NT. Alternatively, the processor 2110_1 of the first application server 2100_1 may access the memory 2220_1 or the storage device 2250_1 of the first storage server 2200_1 through the network NT. Through this, the first application server 2100_1 may perform various operations on data stored in the other application servers 2100_2 to 2100_n or the plurality of storage servers 2200_1 to 2200_m. For example, the first application server 2100_1 executes or issues a command for moving or copying data between other application servers 2100_2 to 2100_n or a plurality of storage servers 2200_1 to 2200_m. can do. In this case, data to be moved or copied is transferred from the storage devices 2250_1 to 2250_m of the storage servers 2200_1 to 2200_m through the memories 2220_1 to 2220_m of the storage servers 2200_1 to 2200_m or directly to the application server. It can be moved to the memories (2120_1 to 2120_n) of (2100_1 to 2100_n). Data transmitted over the network NT may be encrypted data for security or privacy.

In one embodiment, the above-described storage servers 2200_1 to 2200_m or storage devices 2150_1 to 2150_n and 2250_1 to 2250_m may include an HMB controller according to an embodiment of the present disclosure. That is, at least one of the storage servers 2200_1 to 2200_m or the storage devices 2150_1 to 2150_n and 2250_1 to 2250_m has a security policy applied to each region of the host memory buffer based on the method described with reference to FIGS. 1 to 15 . can be set, encoding/decoding operations are performed based on the set security policy, and the security policy of each area can be changed when the change conditions are met.

In the above-described embodiments, elements according to the technical idea of the present disclosure have been described using terms such as 0th, 1st, 2nd, and 3rd. However, terms such as 0, 1, 2, 3, etc. are used to distinguish components from each other and do not limit the present disclosure. For example, terms such as 0, 1, 2, 3, etc. do not imply order or numerical meaning in any form.

In the above-described embodiments, components according to embodiments of the present disclosure are referred to using a unit, module, layer, or block. A unit, module, layer or block is a variety of hardware devices such as IC (Integrated Circuit), ASIC (Application Specific IC), FPGA (Field Programmable Gate Array), CPLD (Complex Programmable Logic Device), etc., and firmware that runs on hardware devices. , software such as an application, or a combination of a hardware device and software. In addition, a block may include circuits composed of semiconductor elements in an IC or circuits registered as IPs.

The foregoing are specific embodiments for carrying out the present disclosure. The present disclosure will include not only the above-described embodiments, but also embodiments that can be simply or easily changed in design. In addition, the present disclosure will also include techniques that can be easily modified and implemented using the embodiments. Therefore, the scope of the present disclosure should not be limited to the above-described embodiments and should not be defined by the following claims as well as those equivalent to the claims of this invention.

Claims (10)

Detecting an abnormal operation of a Host Memory Buffer (HMB) located outside a storage device during data processing; and
If the abnormal operation is detected, updating a security policy applied when the storage device writes data to the HMB or reads data from the HMB.
A method of operating a storage device comprising a. According to claim 1,
receiving allocation information of the HMB from a host;
dividing the HMB into a plurality of areas based on the allocation information; and
Step of matching security policy for each of a plurality of areas
Including more,
Updating the security policy,
Updating at least one of the security policies matched to each of the plurality of areas.
Including, the operating method of the storage device. According to claim 2,
The step of matching the security policy,
matching a security IP (Intellectual Property) for each of the plurality of areas; and
Matching a key to each of the plurality of areas
A method of operating a storage device, including at least one of the following. According to claim 2,
The plurality of regions include a first region and a second region,
The security policy includes a first security policy and a second security policy different from the first security policy;
The step of matching the security policy,
matching the first security policy to the first area; and
Matching the second security policy to the second area,
A method of operating a storage device. According to claim 4,
The security requirement level of the first area is higher than the security requirement level of the second area;
The security level of the first security policy is higher than that of the second security policy;
A method of operating a storage device. According to claim 2,
The step of matching the security policy,
Matching a security IP for each of the plurality of areas
including,
Updating at least one of the security policies matched with each of the plurality of areas includes:
Changing a security IP matched to an area in which an abnormal operation has occurred among the plurality of areas
Including, the operating method of the storage device. According to claim 2,
The step of matching the security policy,
Matching keys for each of the plurality of areas
including,
Updating at least one of the security policies matched with each of the plurality of areas includes:
Changing a key of an area in which an abnormal operation has occurred among the plurality of areas;
Including, the operating method of the storage device. According to claim 2,
The step of detecting the abnormal operation,
Detecting the abnormal operation in each of the plurality of areas
including,
The abnormal behavior,
When the key validity time has elapsed;
If a data integrity check fails; and
When abnormal HMB allocation is detected
A method of operating a storage device, including at least one of the following. According to claim 8,
If the data integrity check fails,
When the data error rate reaches the error rate threshold
Including, the operating method of the storage device. According to claim 8,
When the abnormal HMB allocation is detected,
When it is detected that the allocation location is changed using the log information of the HMB
Including, the operating method of the storage device.

Images