WO2005020069A1 - コンピュータシステムのcpu(中央処理装置) - Google Patents
コンピュータシステムのcpu(中央処理装置) Download PDFInfo
- Publication number
- WO2005020069A1 WO2005020069A1 PCT/JP2004/012165 JP2004012165W WO2005020069A1 WO 2005020069 A1 WO2005020069 A1 WO 2005020069A1 JP 2004012165 W JP2004012165 W JP 2004012165W WO 2005020069 A1 WO2005020069 A1 WO 2005020069A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- cpu
- stack
- stack register
- program
- Prior art date
Links
- 230000006870 function Effects 0.000 claims description 24
- 238000000034 method Methods 0.000 claims description 19
- 241000700605 Viruses Species 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 11
- 230000007257 malfunction Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline or look ahead
- G06F9/3802—Instruction prefetching
- G06F9/3804—Instruction prefetching for branches, e.g. hedging, branch folding
- G06F9/3806—Instruction prefetching for branches, e.g. hedging, branch folding using address prediction, e.g. return stack, branch history buffer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Definitions
- CPU central processing unit
- the present invention relates to a CPU (central processing unit) of a highly secure computer system that is not easily infected by computer viruses.
- Non-Patent Documents 1-14 Computer systems and acts by malicious network connection persons are described in Non-Patent Documents 1-14, respectively.
- Non Patent Literature 1 "Hacker 'Programming Great", by UNYUN
- Non-Patent Document 2 "OPERATING SYSTEM Internals and Design J, by William S talings, Ph. D.
- Non-Patent Document 3 "Intel's Optimization Technology Manual”
- Non-Patent Document 4 "IA-32 Intel Architecture Software Developer's Manua
- One of the causes of security holes is said to be the buffer overrun phenomenon.
- the maximum number of characters that can be entered in the addressee's mail address is 50 characters.
- FIG. 1 is a diagram schematically showing the configuration of a storage device (also called a memory) used when executing a program in a general computer.
- a storage device also called a memory
- the program is stored in area Al. Then, areas A12, A13 and A14 are secured as areas used for data processing of the program. Of these, area A12 is used to read and write data used by the entire program. Area A13 is used when it is desired to secure a data area at the time of program execution, and the area in memory is expanded or contracted during program execution. Area A14 is a special memory area called a stack memory, which manages execution of small and structured programs called subroutines that constitute programs and manages data used temporarily by subroutines. Area for
- the subroutine is defined as follows in this document.
- a subroutine is defined as a program which stores the start address of the next program to be executed when the subroutine has been executed in advance in the stack memory and executes the program.
- a subroutine call indicates that this subroutine is called, that is, executed.
- FIG. 2 schematically shows the function of the stack memory of area A14 together with the sample program.
- the sample program is written in c language.
- the sample program is configured to call a subroutine (child program) named test on line 12 of the program and execute it. Also, when the subroutine is executed, four data called arguments are passed. That is, the arguments are four: ' ⁇ ', ⁇ ',' S ', and' T '. These data are written to the areas ⁇ 21, ⁇ 22, ⁇ 23, ⁇ 24 on the stack memory.
- control is transferred to the subroutine 'test'.
- address data indicating the third line of the program 13 is stored in the area A25 of the stack memory so that control returns to the 13th line of the program after completion of the subroutine execution.
- the memory area where the variable s exists is intentionally addressed, and it is instructed to write 100 characters of zero (0) to the memory from there. That is, when this is executed, the entire contents of 100 characters including the areas A21 to A26 will be overwritten to zero, and the program flow will be destroyed as a result.
- the phenomenon that is illegally written beyond the originally set memory area is called a buffer overrun.
- a vulnerability exists in the present CPU (central processing unit), and computer viruses and unauthorized access illegally act on computer systems using the phenomenon described above.
- computer viruses and unauthorized access when overwriting memory, write the memory address to your own convenience, direct the control of the program to be transferred to it, and make the unauthorized work work. ing.
- the present invention has been made under the circumstances as described above, and prevents buffer overrun phenomenon which is said to be a cause of security holes, and suppresses computer viruses and unauthorized access.
- the purpose is to provide a CPU (central processing unit) of a computer system that can
- the CPU (central processing unit) of the computer system indicates which address of the storage device is currently used, and every time the storage device is used,
- a CPU (central processing unit) of a computer system comprising a plurality of stack register devices having a function of calculating values so as to indicate addresses of unused storage devices, the first stack used for processing data used by a program.
- the present invention is characterized by at least comprising: a register device; and a second stack register device used to store a return address to be written when making a subroutine call.
- the second stack register device dedicated to the address processing is provided, and the address data for determining the flow of the program is stored on the stack, so the data other than the address is stored. Even if one stack register device is illegally overwritten and there is a risk that a buffer overflow phenomenon may occur, it is possible to prevent an unauthorized change in the flow of the whole program.
- the present invention it is possible to limit the damage within the stack device for data processing when the data on the stack is continuously overwritten and the contents are destroyed due to the failure of the program. As a result, it is possible to protect the contents of the address storage dedicated stack and to prevent an unauthorized change in the flow of the whole program even if there is a risk that a buffer overflow phenomenon may occur.
- FIG. 3 is an example of a schematic configuration diagram of a CPU according to the present invention. This configuration is based on the configuration of a CPU called IA32 from Intel Corporation.
- the register 'set 100a indicates a set of general-purpose registers possessed by the CPU.
- An instruction register (Instruction Register) 100b stores an instruction read by the CPU 100 from memory and to be executed next, and according to the contents, control signals required by the CPU control unit 100d are internally and externally to the CPU. Distribute.
- ALU (Arithmetic Logical Unit) 100 c is an arithmetic logic operation mechanism. That is, the logical operation and arithmetic operation required in CPU 100 are performed. Also, it exists inside the CPU 100 as a black box.
- An address buffer 100e relays when the CPU 100 is connected to an external bus. That is, this mechanism relays address information to control the external bus.
- the data buffer 100 f relays when the CPU 100 is connected to an external bus. That is, this mechanism relays data information to control the external bus.
- the CPU 100 according to the present invention is characterized in the register set 100a, and is based on the configuration of the register 'set possessed by the IA 32, for example.
- FIG. 4 is a schematic block diagram of the register set of the IA 32.
- FIG. 5 is a schematic block diagram of the register set 100a based on the configuration of FIG.
- the present invention can be applied to all CPUs provided with a stack register.
- the present invention will be described by taking IA 32 as an example.
- the register set 200a of the IA 32 shown in FIG. 4 includes a stack register Rl 1 (32-bit representation ESP register) and a program counter R12 (32-bit representation EIP register).
- the program counter R12 indicates the memory address of the program that the CPU wants to execute from now.
- EAX, EBX, ECX, EDX, ESI, EDI, and EBP registers in 32-bit expression names shown in the figure are general-purpose registers.
- EAX, EBX, EDX are mainly for general operations use.
- ECX is a general-purpose register that extends its functions for counter processing in addition to general operations.
- ESI and EDI are general-purpose registers that enhance the function called index reference.
- EBP is an abuse register with an enhanced function to be used in conjunction with stack register R11.
- the register set 100a of the CPU 100 shown in FIG. 5 has a configuration in which an address processing dedicated stack register R3 (second stack register device) is added to the configuration of FIG. Also, as in the configuration of FIG. 4, a stack register R1 (first stack register device) and a program counter R2 are provided. However, stack register R1 shown in FIG. 5 is the stack register shown in FIG.
- the reduced functions are processing (function) for storing the return address at the time of subroutine call on the stack, and processing (function) for acquiring the returned address stored at the end of subroutine call.
- Other functions in stack register R1 are similar to those of stack register R11.
- a dummy return address may be stored in the stack register R1 in order to maintain higher compatibility with a conventional computer program. However, in this case, only write to stack register R1 as a dummy, and do not use it as a program return value. What is used as the return value of the actual program is the value stored in the address processing stack register R3.
- FIG. 6 schematically shows a configuration of a storage device used when executing a program in the CPU 100.
- the memory area allocated to the executed program is shown. That is, as shown in the figure, program area A31, data area A32, heap area A33, stack area dedicated to address processing A37, stack area (stack area dedicated to data processing) A34, argument area A35, environment variables in order from address 0. Area A36, etc. are allocated.
- an address processing dedicated stack area A37 is added.
- the address processing dedicated stack area A37 is linked to the address processing dedicated stack register R3, and the address processing dedicated stack register R3 always indicates and stores the memory of the stack area A37.
- the memory area where the variable s exists is intentionally instructed to write 100 characters of zero (0) to the memory, and when this is executed, A41 A46 The contents of all 100 characters are overwritten to zero, including:
- the area A45 of the stack area A37 dedicated to address processing that determines the flow of the program is not affected because it is in an area different from the area where the zero is overwritten.
- step S1 the content of the current program counter R2 is written to the address indicated by the address processing dedicated stack register R3 (step S1).
- stack register R1 In a conventional CPU, stack register R1
- step S2 Since data is written to the memory indicated by the address processing dedicated stack register R3, the content held by the address processing dedicated stack register R3 is subtracted to indicate an unused memory (step S2).
- step S3 the address of the program to be subroutine called is set in the program counter R2 (step S3). Thereafter, the execution of the CPU shifts to a subroutine.
- step S11 the address processing dedicated stack register R3 is activated. Subsequently, the process will be described based on the flowchart of FIG. The value held by the address processing dedicated stack register R3 is added so that the return address is indicated in step 31 of FIG. 8 (step S11).
- step SI in Figure 8 The address written in step SI in Figure 8 is stored in the address indicated by the address processing stack register R3. This address (ie, the address indicated by the stack dedicated to address processing) is read (step S12).
- step S11 the program counter R2 is set to the value read in step S11 (step S11).
- the address processing dedicated stack register R3 is provided, and address data for determining the flow of the program is stored in the memory area indicated by the address processing dedicated stack register R3.
- the configuration of the storage device used when executing the program shown in FIG. 6 is an example, and not limited to this. .
- the same effect as that of the first embodiment can be obtained even if other configurations shown in FIGS. 10 to 13 are used.
- the CPU 100 shown in the second embodiment is configured to include means for causing conventionally existing software to operate without any problem.
- the conventional software only controls the stack register device which exists only in one CPU. Therefore, as in the first embodiment, if two stack register devices exist and always function, a malfunction will occur. Therefore, in the second embodiment, the configuration and operation of the CPU 100 which operates without any problem with conventional software will be described.
- FIG. 14 is a schematic block diagram of a register set showing a second embodiment of a CPU of a computer system according to the present invention.
- the configuration of FIG. 14 is described in the first embodiment.
- a switch device R4 (including first and second switch devices) which is a register for setting the operating state of the CPU 100 is provided.
- each register of the addition value storage device R5, the protection start address storage device R6, and the protection end address storage device R7 for storing and storing the predetermined value is newly provided.
- each register (hereinafter referred to as an additional register group for convenience) of each of the switch device R4, the addition value storage device R5, the protection start address storage device R6, and the protection end address storage device R7 is a conventional one. It does not exist in the CPU, and is a characteristic configuration requirement of the CPU 100 according to the present invention, together with the address processing dedicated stack register R3.
- segment register R8 and control registers R9 and R10 shown in FIG. 14 are provided in an existing CPU.
- a simple method of controlling the additional register group is to newly define in the CPU 100 an instruction to write data directly to each of the registers.
- using a new instruction means that it operates only on the program power CPU 100 that includes this new instruction and does not operate on other CPUs. Therefore, in the CPU 100 according to the present invention, a mechanism capable of controlling the register group only with an instruction of a conventional CPU is implemented.
- the switch device R4 is means for switching the operation setting of the CPU 100. That is, according to the setting, the additional register group and the address processing dedicated stack register R3 can be validated and functioned or invalidated, and a conventional CPU environment S can be obtained. For example, in a conventional environment, a conventional operating environment can be provided for existing software.
- the switch may be switched to activate or deactivate the additional register group or the like. In that case, the contents of the program counter R2 are in the state of being held.
- each setting of the switch device R4 can be freely set during program execution. Therefore, it is possible to switch the switch and execute the program in an optimal state at any time according to the application of software.
- FIG. 15A G shows a detailed configuration of the switch device R4.
- the switch device R4 has a 32-bit register configuration. Of these, switch on / off of each bit from zero to 6th bit It is used as.
- FIG. 15A-G illustrate operation in each switch mode. That is, FIG.
- A indicates whether or not the additional register group and the address processing dedicated stack register R3 are to be used or not.
- FIG. 15B shows the settings for determining the roles of the stack register R1 and the address processing dedicated stack register R3.
- FIG. 15C shows a setting as to whether or not to automatically set the address processing dedicated stack register R3 when a program writes a new value to the stack register R1.
- FIG. 15D shows the setting of the method of automatic setting to the address processing dedicated stack register R3.
- Fig. 15E shows the settings for using the protection start address storage device R6 and the protection end address storage device R7.
- FIG. 15F shows the setting of the extension direction of the stack register R1.
- FIG. 15G shows the setting of the extension direction of the stack register R3 for address processing. That is, FIG. 15F and FIG. 15G show the function as the second switch device.
- FIG. 16 is an assembler implementation example for realizing the on / off operation of the switch device R4.
- the stack register R1 is written as esp.
- Program P41 is a program for setting each function according to the present invention and enabling each function. As a specific process, this program 41 sets the value 0 to the stack register R1. By this execution, the switch device R4 as the first switch device is turned ON, and each of the addition value storage device R5, the protection start address storage device R6, the protection end address storage device R7, and the address processing dedicated stack register R3. Data can be written to the register (this state is called the extended setting mode).
- the program P42 is a program for disabling each function according to the present invention. That is, it is a program for canceling the extension setting mode. Specifically, for example, The data is transferred by setting a value to the stack register Rl (esp register) and copying itself to itself with the mov instruction (copying the contents of esp to esp). As a result, the CPU 100 is in the same state as the conventional CPU.
- the switch device R4 is brought into the switch-on state when at least the stack register R1 is set to the value zero.
- the program P51 in FIG. 17 is a sample program for setting the stack area in the stack register R1.
- Conventional software always sets the stack area in stack register R1 in this way when starting a program.
- the program P52 is a program for utilizing each function according to the present invention. That is, in order to utilize the respective functions, the part which has been described as in the conventional program P51 may be described as in the program P52.
- esp is a stack register Rl
- eax is a switch device R4
- ecx is a protection start address storage device R6
- edx is a protection end address storage device R7
- esi is an address processing dedicated stack register R3.
- the CPU 100 is set to the expansion setting mode. Then, set the CPU mode to switch device R4. Next, the stack memory zero-side address (STACK_L ⁇ ⁇ ⁇ ⁇ W) is set in the protection start address storage device R6, and the high-order address (STACK_L W W + 8 Oth) of the stack memory is set in the protection end address storage device R7. . And the start address of the stack dedicated to address processing (STACK L ⁇ W) is set, and finally, the CPU 100 is returned to its original state.
- STACK_L ⁇ ⁇ ⁇ W the stack memory zero-side address
- STACK_L W W + 8 Oth the high-order address of the stack memory
- Figure 18 shows the memory layout when program P52 is used. As shown in the figure, a memory area indicated by the address processing dedicated stack register R3 is secured in an area different from the memory area indicated by the stack register R1. Further, the address processing dedicated stack is protected in the memory area designated by the protection start address storage device R6 and the protection end address storage device R7. That is, in this area, writing of data other than the storage address of the subroutine call is prohibited.
- the program P51 when the program P51 is included in the application start program of the OS, the program P51 may be changed to the program P52 to the OS.
- the CPU does not implement the new function in the present invention, it merely executes an apparently meaningless instruction, and can execute the conventional program without any problem.
- This method is to automatically address when data is written to stack register R1 during program execution.
- This is a method to initialize the processing-specific stack register R3 and make it available (referred to as automatic setting processing).
- FIG. 19 shows control that is automatically performed when program P71 shown in the figure is executed.
- Program P71 is an arbitrary constant STA in stack register R1
- program P71 is executed to set stack register R1 to an arbitrary constant (STACK_H
- IGH is set (step S71 in FIG. 19).
- step S72 if the content of stack register R1 is at the first end of the high-order side of the memory area secured for the stack (step S72), it is judged that the stack area has been set, and the stack area R3 The initial value of is set (step S73).
- Information on the leading edge address of the stack memory area can be obtained by referring to the program counter R2 in IA32 (Intel's 32-bit microphone processor).
- IA32 In the protect mode operating with 32 bits, the memory area management information defining the stack area can be obtained by referring to the program counter R2, the segment register R8 and the control register R9. Furthermore, it is preferable to omit the determination processing in step S72, but to prevent erroneous operation.
- the setting of the value in the address processing dedicated stack register R3 in step S73 depends on the third bit of the switch device R4 (see FIG. 15D). That is, when the third bit is off (logic 0), the value of the stack register R1 is set as the stack area. When the third bit is on (logic 1), the value of the leading edge on the zero side set in the stack area is set. In IA32, this value can be obtained by referring to program counter R2, segment register R8 and control register R9.
- step S74 the value stored in the addition value storage device R5 is added to the address processing dedicated stack register R3 (step S74).
- This addition process is a safety process to avoid the risk of directly inserting the leading edge of the stack area.
- the addition value is determined with reference to the start address on the zero address side of the stack memory area so that the addition result is set in the free area of the stack memory area.
- a negative number may be set and added to the addition value storage device R5, or if the value set in the stack register R1 is a high-order value, the addition value storage device R5 may be added. You may subtract the value of as a positive number.
- the address processing dedicated stack register R3 is automatically validated. That is, in the CPU 100, as in the conventional CPU, first, it operates with only one register device, and when data is set in the stack register R1, the address processing dedicated stack register R3 is initialized and can be used. State. Therefore, by making this setting in the CPU 100 during program execution, conventional software can be operated without any problem.
- FIG. 20 shows a memory arrangement in the case where the above-mentioned automatic setting processing is performed on the address processing dedicated stack register R3.
- FIG. 20 it is assumed that binary number 10100 00 (hexadecimal 50) is set for the switch device R4. Data is given to stack register R1
- the memory arrangement becomes as shown in FIG. This can automatically provide high compatibility with existing software.
- FIG. 21 is a view for explaining a method of securing a memory area in the 32-bit mode in which the IA 32 calls the protect mode.
- a segment selector 13 corresponds to the segment register R8 in FIG.
- the LDTR local descriptor table register
- GDT global descriptor table
- LDT local descriptor table
- the LDTR 16 has information indicating the start address and the end address of the memory area. Therefore, when the functions of the CPU 100 according to the present invention are implemented in the IA 32, when the start address and the end address of the memory area are required, they may be acquired by referring to the LDTR 16.
- the provision of the switch device R4 makes it possible to validate the function of the register group added as a configuration according to the present invention and the stack processing R3 for address processing. It is possible to switch whether to disable or to disable, and when it is disabled, it is possible to provide the conventional software with the same operating environment as a conventional CPU.
- the software being executed writes the start address of the stack area to stack register R1, thereby automatically initializing address processing dedicated stack register R3. Settings are made. This enables the address processing dedicated stack register R3 to be available. Therefore, the conventional software can be operated as usual without any special operation, and the damage caused by the buffer overrun can be suppressed.
- a protection start address storage device R6 and a protection end address storage device R7 are provided, and in the address area stored in them, the writing of data other than the storage address of the subroutine call is inhibited to prevent the address. It is possible to protect the memory area used by the process-specific stack register R3.
- the memory securing direction indicated by the stack register R1 and the address processing dedicated stack register R3 is set to either the low direction (zero address direction) or the high direction. You can switch to Therefore, by setting the direction for securing the memory indicated by stack register R1 to the high direction, data corruption is performed on an unused area when a round-trip barran phenomenon occurs, causing damage. It can be kept to a minimum.
- the switch device R4 is shown as one register provided on the CPU 100.
- the switch device R4 may be configured as a plurality of registers for performing each setting separately.
- a bit string at a specific address may be defined as a switch on the memory, and this may be used as the switch device R4.
- FIG. 1 is a view schematically showing a configuration of a storage device (also referred to as a memory) used when executing a program in a general computer.
- a storage device also referred to as a memory
- FIG. 2 is a view schematically showing the operation of the sampling program and the stack memory.
- FIG. 3 is an example of a schematic block diagram of a CPU according to the present invention.
- Figure 4 is a schematic diagram of the register set of IA32 CPU of Intel Corporation.
- FIG. 5 is a schematic configuration diagram of a register set of the CPU according to the present invention in the first embodiment.
- FIG. 6 is a diagram schematically showing a configuration of a storage device used when executing a program in a CPU.
- FIG. 7 schematically shows a stack area dedicated to data processing and a stack area dedicated to address processing.
- FIG. 8 is a flowchart showing the operation of the CPU when address processing performed by a subroutine call occurs.
- FIG. 9 is a flow chart showing the operation when ending the subroutine call and returning to the caller (return processing).
- FIG. 10 shows another configuration example of a storage device used when executing a program.
- FIG. 11 shows another configuration example of a storage device used when executing a program.
- FIG. 12 shows another configuration example of a storage device used when executing a program.
- FIG. 13 shows another configuration example of a storage device used when executing a program.
- FIG. 14 is a schematic configuration diagram of a register set of the CPU according to the present invention in the second embodiment.
- FIGS. 15A-G are diagrams for explaining the detailed configuration of the switch device.
- Fig. 16 shows an example of assembler implementation for realizing the on / off operation of the switch device.
- Figure 17 is an example of a program that explicitly configures settings at OS or program startup.
- FIG. 18 is an example of a memory layout when the program of FIG. 17 is used.
- FIG. 19 is a flowchart for explaining the operation of the CPU when performing the automatic setting process.
- FIG. 20 shows an example of a memory arrangement in the case where automatic setting processing is performed on the address processing dedicated stack register.
- FIG. 21 is a view for explaining a method of securing a memory area in 32-bit mode in which IA 32 calls protect mode.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Executing Machine-Instructions (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005513345A JPWO2005020069A1 (ja) | 2003-08-25 | 2004-08-25 | コンピュータシステムのcpu(中央処理装置) |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-300641 | 2003-08-25 | ||
JP2003300641 | 2003-08-25 | ||
JP2004127688 | 2004-04-23 | ||
JP2004-127688 | 2004-04-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005020069A1 true WO2005020069A1 (ja) | 2005-03-03 |
Family
ID=34220725
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/012165 WO2005020069A1 (ja) | 2003-08-25 | 2004-08-25 | コンピュータシステムのcpu(中央処理装置) |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2005020069A1 (ja) |
WO (1) | WO2005020069A1 (ja) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS59165145A (ja) * | 1983-03-10 | 1984-09-18 | Fujitsu Ltd | スタックポインタ回路 |
JPH05181703A (ja) * | 1992-01-07 | 1993-07-23 | Mitsubishi Electric Corp | データ処理装置 |
JPH05305491A (ja) * | 1992-04-27 | 1993-11-19 | Showa Alum Corp | フラックス埋込みAlろう材粉末の製造方法 |
JPH1196007A (ja) * | 1997-09-24 | 1999-04-09 | Sanyo Electric Co Ltd | プロセッサの戻り番地読み出し制御方法及びプロセッサ |
JP2001511271A (ja) * | 1997-01-15 | 2001-08-07 | シーメンス アクチエンゲゼルシヤフト | ソフトウェアプログラムの規定通りの実行を監視するための方法 |
-
2004
- 2004-08-25 WO PCT/JP2004/012165 patent/WO2005020069A1/ja active Application Filing
- 2004-08-25 JP JP2005513345A patent/JPWO2005020069A1/ja active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS59165145A (ja) * | 1983-03-10 | 1984-09-18 | Fujitsu Ltd | スタックポインタ回路 |
JPH05181703A (ja) * | 1992-01-07 | 1993-07-23 | Mitsubishi Electric Corp | データ処理装置 |
JPH05305491A (ja) * | 1992-04-27 | 1993-11-19 | Showa Alum Corp | フラックス埋込みAlろう材粉末の製造方法 |
JP2001511271A (ja) * | 1997-01-15 | 2001-08-07 | シーメンス アクチエンゲゼルシヤフト | ソフトウェアプログラムの規定通りの実行を監視するための方法 |
JPH1196007A (ja) * | 1997-09-24 | 1999-04-09 | Sanyo Electric Co Ltd | プロセッサの戻り番地読み出し制御方法及びプロセッサ |
Also Published As
Publication number | Publication date |
---|---|
JPWO2005020069A1 (ja) | 2006-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4759059B2 (ja) | メモリページをプログラムに対応付けるページカラーリング | |
JP4156611B2 (ja) | 64ビットx86プロセッサ上でレガシ32ビットx86仮想マシンを実行するためのシステムおよび方法 | |
US8327415B2 (en) | Enabling byte-code based image isolation | |
US20050086517A1 (en) | Page granular curtained memory via mapping control | |
JP6370098B2 (ja) | 情報処理装置、情報処理監視方法、プログラム、及び記録媒体 | |
TW200813833A (en) | Launching hypervisor under running operating system | |
Tang et al. | Exploring control flow guard in windows 10 | |
RU2580016C1 (ru) | Способ передачи управления между областями памяти | |
US11727110B2 (en) | Verifying stack pointer | |
JP2004258840A (ja) | 仮想化されたi/oデバイスをもつ計算機システム | |
CN107463513B (zh) | 在存储位置之间转移控制的系统和方法 | |
JP2005316599A (ja) | 割込制御装置 | |
JP5716824B2 (ja) | マルチコアプロセッサシステム | |
JP6920286B2 (ja) | 例外処理 | |
WO2005020069A1 (ja) | コンピュータシステムのcpu(中央処理装置) | |
Duflot et al. | System management mode design and security issues | |
Geater | ARM® TrustZone® | |
Carikli et al. | The Intel Management Engine: An Attack on Computer Users’ Freedom | |
JP5920509B2 (ja) | コントローラの制御プログラム、およびコントローラの制御方法 | |
JP2018036695A (ja) | 情報処理監視装置、情報処理監視方法、監視プログラム、記録媒体及び情報処理装置 | |
RU2623883C1 (ru) | Способ выполнения инструкций в системной памяти | |
Chen et al. | DScope: To Reliably and Securely Acquire Live Data from Kernel-Compromised ARM Devices | |
JPWO2005029328A1 (ja) | オペレーティングシステム、及びそれを記録した記録媒体 | |
Early | ESPRIT LTR 21917 (Pegasus II) Deliverable 2.1. 2 Pentium Port Report | |
Hu et al. | Research on Hardware Built-in Computer Safety |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005513345 Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |