WO2005121979A1 - Access control device and access control method - Google Patents

Access control device and access control method Download PDF

Info

Publication number
WO2005121979A1
WO2005121979A1 PCT/JP2005/009512 JP2005009512W WO2005121979A1 WO 2005121979 A1 WO2005121979 A1 WO 2005121979A1 JP 2005009512 W JP2005009512 W JP 2005009512W WO 2005121979 A1 WO2005121979 A1 WO 2005121979A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
permission
bus master
bus
shared
Prior art date
Application number
PCT/JP2005/009512
Other languages
French (fr)
Japanese (ja)
Inventor
Masaaki Harada
Hideyuki Kanzaki
Tomohiko Kitamura
Original Assignee
Matsushita Electric Industrial Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co., Ltd. filed Critical Matsushita Electric Industrial Co., Ltd.
Publication of WO2005121979A1 publication Critical patent/WO2005121979A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/36Handling requests for interconnection or transfer for access to common bus or bus system
    • G06F13/362Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control
    • G06F13/364Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control using independent requests or grants, e.g. using separated request and grant lines

Definitions

  • the present invention relates to an access control device that controls access between a bus master and a shared bus slave.
  • Patent Document 1 discloses a multiprocessor system in which each processor has an access restriction mechanism as a mechanism for restricting access to a shared memory.
  • the access restriction mechanism in each processor restricts access by executing software programs that prevent the generation of addresses.
  • Patent Document 2 discloses a method in which a dedicated memory is provided for each processor so that only the specific processor can access the dedicated memory of the specific processor.
  • Patent Document 1 Patent No. 2661733
  • Patent Document 2 JP-A-6-96235
  • an address generation protection device is provided for each central processing unit as an access restriction mechanism. Then, access control to the shared memory of the corresponding processor is performed by software processing for each address generation protection device. Also, there is no restriction on rewriting of software for restricting access. Therefore, for example, the sequence of a program that executes access restrictions or the specifications of hardware are exploited, and if the program is tampered with, unauthorized access to the access-restricted area of another processor can be made. Like this. As a result, there is a risk that confidential data and programs are falsified or stolen, which poses a security problem.
  • an object of the present invention is to improve security in a multiprocessor system while reducing cost increase.
  • the first invention of the present application is an access control device that performs access control on access to at least one shared bus slave that is shared by a plurality of bus masters in order to solve the above problem. And the following components.
  • the bus master moves the bus master to an area of the shared bus slave to which the access request is made based on the access permission information of the access permission information storage unit.
  • An access permission / non-permission determining unit that determines whether or not access is possible.
  • the access permission / inhibition determination section determines access permission / inhibition based on the access permission / inhibition information.
  • the shared bus slave means a shared resource such as a general-purpose memory and various control registers shared by a plurality of nosmasters. If access is prohibited by the access permission / inhibition judgment unit, the no-smaster cannot access the area requested by the shared bus slave. Therefore, only the bus master permitted by the access permission / non-permission determining unit can access the predetermined area of the shared bus slave, so that a dedicated area for a specific bus master can be secured on the shared bus slave.
  • bus masters share the shared bus slaves, it is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
  • the second invention of the present application is the bus master identification unit according to the first invention of the present application, which identifies a bus master that has made the access request based on an access request from the bus master to a desired area of the shared bus slave.
  • the access control device further comprises: an access control unit that performs the determination based on the access control information of the bus master identified by the bus master identification unit.
  • the bus master identification unit identifies whether an access request is made by any of the bus masters, and outputs the access request to the access availability determination unit.
  • the bus master identification unit may select whether to accept an access request from a shifted bus master. For example, an access request from a high-priority bus master is accepted.
  • the access permission / prohibition information is a prohibition address designating an access prohibition area or a permission address designating an access permission area in the shared bus slave for each path master.
  • the access permission / inhibition judging unit is characterized in that the bus master judges whether or not the bus master can access the area of the shared bus slave to which the access request is made, based on a prohibition address or a permission address corresponding to the bus master.
  • An access control device is provided.
  • the access permission / non-permission information storage unit stores, for each bus master, a prohibited address of an area in the shared bus slave where access is prohibited or a permitted address of an area where access is permitted.
  • the prohibited address or permitted address is compared with the address of the area of the shared bus slave to which the bus master has issued the access request. If the address of the access request destination is a prohibited address, the access by the bus master can be prohibited. On the other hand, if the address of the access request destination is a permitted address, access by the nosmaster can be permitted.
  • the prohibited address is a write access prohibited area for a shared bus slave for each bus master, or a read access prohibited area or a shared bus slave for the shared bus slave power.
  • the permission address specifies a read access permission area to the shared bus slave, a read access permission area from the shared bus slave, or a total access permission area to the shared bus slave.
  • An access control device characterized in that it is an address to be accessed.
  • the access permission / inhibition information is stored for each operation state of each bus master, and the access permission / inhibition determination unit operates in the operation state of the bus master that has issued the access request.
  • the access permission / inhibition determination unit operates in the operation state of the bus master that has issued the access request.
  • the access permission / non-permission information for each operation state of the bus master based on whether the bus master that has made the access request can access the area of the shared bus slave to which the access request is made or not.
  • the present invention provides an access control device characterized by determining
  • the shared bus slave is various control registers
  • the access availability information is information for inhibiting access to the various control registers.
  • the access permission / inhibition determination unit is configured to perform the access request based on the access permission / inhibition information for the various control registers.
  • the present invention provides an access control device for determining whether or not an access request destination is capable of accessing various control register areas.
  • An access request is made from the bus master to a desired area of the shared control registers.
  • the access permission / inhibition determination unit determines access permission / inhibition based on the access permission / inhibition information. Therefore, only the bus master permitted by the access permission / inhibition judging section can access the areas of the shared various control registers. For example, it is possible to prevent a bus master other than a specific bus master from illegally accessing various control registers and rewriting various control information.
  • the various control registers are DMA control registers for storing DMA (Direct Memory Access) control information, and the access availability information is stored in the DMA control registers.
  • DMA Direct Memory Access
  • the access permission / inhibition determination unit determines whether or not the area of the DMA control register of the access request destination is accessible.
  • a DMA that can be activated only by a specific bus master for example, a DMA that decrypts encrypted data and transfers it to the local memory inside the LSI, and a bus master other than the specific bus master specifies the transfer destination to the LSI external memory and activates the DMA
  • a specific bus master for example, a DMA that decrypts encrypted data and transfers it to the local memory inside the LSI
  • a bus master other than the specific bus master specifies the transfer destination to the LSI external memory and activates the DMA
  • the eighth invention of the present application is the invention according to the first invention of the present application, wherein the data output to the shared bus slave is encrypted on the data bus between the bus master and the shared bus slave, Shared bus slave capability
  • An access control device further comprising a bus encryption unit for decrypting data output to the bus master.
  • bus encryption unit By providing the bus encryption unit on the data bus between the bus master and the shared bus slave, analysis by monitoring the data bus can be prevented. Therefore, security can be further improved.
  • the ninth invention of the present application is the first invention of the present application, further comprising a program authentication unit that authenticates a program executed by the bus master that has made the access request, wherein the access permission / inhibition determination unit includes: Based on the authentication result and the access availability information in the access availability information storage unit, the bus master that has made the access request determines whether or not it is possible to access the shared bus slave area of the access request destination. You An access control device is provided.
  • the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed.
  • An access request for decoding the instruction and accessing the access permission / inhibition information is issued.
  • the access permission / inhibition determination unit receives the access request based on the dedicated instruction and receives the access request based on the program authentication unit.
  • An access control device is provided, which determines whether to execute the access request.
  • the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed.
  • An access control device for decoding an instruction and issuing an access request for accessing the access availability information is provided.
  • the access permission / non-permission information storage unit is a register to which a specific address is assigned, and the bus master accesses the specific address so that the access is performed.
  • An access control device characterized in that access to access permission information stored in a permission information storage unit is enabled.
  • the access permission / non-permission information includes restriction information on whether or not the user has permission to access the access permission / prohibition information. And an access control device for determining whether or not the access permission / inhibition information is accessible based on the restriction information.
  • the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made.
  • the access control device further includes a dummy response unit that performs a dummy response to the bus master that has made the access request.
  • the dummy response means a dummy response that causes the bus master to erroneously recognize that the response is a response obtained from the actual access request destination.
  • a bus master performs a write operation in an access prohibited area of a shared bus slave
  • a dummy response such as completion of reception of an access request and completion of data writing is performed without performing a write operation as requested.
  • a dummy response such as completion of acceptance of an access request is performed without performing the read operation as requested. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave, and analysis for accessing the access prohibited area can be prevented.
  • the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made.
  • the access control apparatus further includes a dummy access unit that performs a dummy access to the shared bus slave of the access request destination.
  • the dummy access means a dummy access that causes a bus observer to mistakenly determine that an access has been made to an actual access request destination. Even if it is determined that the nosmaster cannot access the shared bus slave area, some dummy access is performed to the shared bus slave. This dummy access can prevent analysis by monitoring the data bus between the bus master and the shared bus slave. For example, the analysis of the data bus for distinguishing between the access prohibited area and the access permitted area on the shared bus slave can be prevented.
  • a dummy access in the case of a write operation, for example, an access destination Access is performed by writing while masking the data in the area, or issuing a read command instead of a write command. In the case of a read operation, for example, an access such as issuing a read command to an area to which access is permitted is performed.
  • a sixteenth invention of the present application includes a plurality of bus masters, and an access control device that performs access control on access to at least one shared bus slave whose power is also shared by the plurality of bus masters,
  • the access control device includes: an access permission / non-permission information storage unit that stores access permission / prohibition information for prohibiting access from the bus master to the shared bus slave; and an access request from the bus master to a desired area of the shared bus slave.
  • the access permission / inhibition determination unit determines whether the bus master can access the area of the shared bus slave of the access request destination based on the access permission information in the access permission information storage unit.
  • a system LSI characterized by having
  • a seventeenth invention of the present application provides the system LSI of the sixteenth invention of the present application, further comprising another bus slave accessible to the plurality of bus masters.
  • the number of masters is not limited to one, and a plurality of masters can be provided.
  • the eighteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters.
  • the memory scheduler has the access control device of the first invention of the present application.
  • the bus master S memory scheduler when accessing a shared bus slave via the bus master S memory scheduler, only the bus master permitted by the access permission / non-permission determining unit can access a predetermined area of the shared bus slave. Therefore, similarly to the first invention of the present application, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal operations by bus masters other than the specific bus master are performed. Access can be prohibited and security can be improved.
  • bus masters share the shared bus slaves! /, It is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
  • the nineteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters.
  • a DMA controller that performs direct memory transfer has the access control device of the first invention of the present application.
  • the bus master accesses the shared bus slave via the DMA controller, only the nosmaster permitted by the access permission / non-permission judgment unit can access a predetermined area of the shared bus slave. Therefore, the same effect as the first invention of the present application can be obtained.
  • the twentieth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters.
  • the bus master can access the shared bus slave via a memory scheduler or a DMA controller. Therefore, since each of the memory scheduler and the DMA controller has the access control device, the access to the shared bus slave can be restricted.
  • the twentieth invention of the present application is directed to an access control for performing access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters.
  • a method for storing access permission / prohibition information for inhibiting access to the shared bus slave from the bus master, and when an access request to a desired area of the shared bus slave is made from the bus master, Determining whether the bus master can access the area of the shared bus slave to which the access request is made, based on the access permission information of the access permission information storage unit. Provide a method.
  • the access control device of the present invention By using the access control device of the present invention, unauthorized access to the shared bus slave by a bus master other than a specific bus master can be prohibited, and security can be improved.
  • FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment.
  • FIG. 2 is an example of access permission information stored in DB33.
  • FIG. 3 is an example of a flowchart showing an example of access control processing.
  • FIG. 4 is a configuration diagram of a multiprocessor system according to a second embodiment.
  • FIG. 5 is an example of access permission / prohibition information corresponding to an operation state stored in DB33.
  • FIG. 6 is a configuration diagram of a multiprocessor system according to a third embodiment.
  • Access permission information An example of rewrite command permission information in DB33.
  • FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment.
  • FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment.
  • FIG. 10 is a configuration diagram of a multiprocessor system according to a sixth embodiment.
  • FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment.
  • FIG. 12 is another configuration diagram of the multiprocessor system according to the seventh embodiment.
  • FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment.
  • FIG. 14 is another configuration diagram of the multiprocessor system according to the eighth embodiment.
  • FIG. 15 is a configuration diagram of a multiprocessor system according to a ninth embodiment.
  • FIG. 16 is a configuration diagram (1) of a multiprocessor system according to a tenth embodiment.
  • FIG. 17 is a configuration diagram (2) of a multiprocessor system according to a tenth embodiment.
  • FIG. 18 is a configuration diagram (3) of a multiprocessor system according to a tenth embodiment.
  • FIG. 19 is a configuration diagram (4) of a multiprocessor system according to a tenth embodiment.
  • the multiprocessor system having the access control unit of the present invention shares resources such as processor memories.
  • the shared memory of the multiprocessor system is configured by a dedicated processor dedicated area, which area is divided and assigned to each processor, and a shared area shared by the multiprocessors.
  • a plurality of processors constituting the multiprocessor system are connected to an access control unit for restricting access to the shared memory.
  • the access control unit prohibits accesses other than the area allocated to the processor. Therefore, unauthorized access by processors other than the specific processor can be prohibited, and security can be improved.
  • FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment of the present invention.
  • a multiprocessor system 1000 having an access control unit includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, an IF (lnterFace) unit 400, and a shared bus slave 500.
  • the multiprocessor 100 has a first bus master 10a, a second bus master 10b, and a third bus master 10c, which are processors.
  • the first bus master 10a, the second bus master 10b, the third bus master 10c,... Share the shared bus slave 500 as a shared resource such as a memory.
  • the nosmaster identification unit 200 is connected to the first bus master 10a, the second bus master 10b, the third bus master 10c,..., And receives an access request from each nosmaster 10.
  • the identification result and the access request in the bus master identification unit 200 are input to the access control unit 300, and are input to the shared bus slave 500 via the IF unit 400. Then, the access result from the shared bus slave 500 is output to each bus master 10 via the IF unit 400.
  • the shared bus slave 500, the bus master identification unit 200, the access control unit 300, and the IF unit 400 will be described.
  • the shared bus slave 500 is a general-purpose memory or the like, and is shared by the first bus master 10a, the second bus master 10b, the third bus master 10c,.
  • the shared bus slave 500 is divided, and as shown in FIG. 1, a first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and so on are assigned to each bus master.
  • the shared area 51 to be shared is allocated.
  • the bus master identification unit 200 Upon receiving an access request from the bus master 10 to the shared bus slave 500, the bus master identification unit 200 identifies which bus master 10 is the access request. Then, it outputs the access request and the identification result to access control section 300.
  • an access request is made from a plurality of bus masters 10, for example, it is determined which access request from which bus master 10 has priority according to the priority.
  • the bus master is identified by detecting which input port accesses the bus. There is a way to do it.
  • the access request is made by a signal such as an address for accessing a desired area in the shared bus slave 500 and write data.
  • the access control section 300 includes an access permission / non-permission determining section 31 and an access permission / non-permission information DB33.
  • Access permission information DB33 stores access permission information for each nosmaster 10.
  • the access permission / prohibition information is information that prohibits the shared bus slave 500 from accessing a predetermined area for each bus master 10.
  • FIG. 2 shows an example of the access permission information stored in the access permission information DB 33.
  • the access prohibited area in the shared bus slave 500 is designated for each bus master 10 by the access prohibited area start address and the access prohibited area end address. If the access prohibited area start address and the access prohibited area end address are the same address, the access prohibited area exists. Shall not. Based on the access permission / non-permission information shown in FIG.
  • the access prohibited area is an area that prohibits only write access to the shared bus slave 500, an area that prohibits only read access from the shared bus slave 500, or prohibits both write and read access. Or an area where all access is prohibited. By doing so, it is possible to increase the degree of freedom such as permitting only reading of data from the shared bus slave or permitting only writing for each nosmaster.
  • the access permission / non-permission determining section 31 determines access permission / rejection by comparing the access request / identification result input from the bus master identification section 200 with the access permission / prohibition information in the access permission / prohibition information DB 33. For example, it is assumed that the second bus master 10b is identified by the bus master identification unit 200, and an access request to the address 0x8000-0000 in the shared bus slave 500 is input from the second bus master 10b to the access availability determination unit 31.
  • the access permission / inhibition determination unit 31 refers to the access permission / inhibition information DB 33 and prohibits the second bus master 10b from accessing the address 0x8000 — 0000 to 8000 — FFFF! 2 Access to address 0x8000—0000 of bus master 10b is prohibited.
  • the access permission / non-permission determination unit 31 permits the second bus master 10b to access the shared bus slave 500. I do.
  • the access permission / non-permission judgment unit 31 outputs the result of the judgment to the IF unit 400.
  • connection between the bus master identification unit 200 and the access control unit 300 has a hard-wired configuration, since the identification result can be prevented from being falsified.
  • the access permission / prohibition information may be an access permission address that specifies an access permission area for permitting the shared bus slave 500 to access a predetermined area in each power bus master 10, which is information on an access prohibition area.
  • the access permitted area where access is permitted is an area that permits only write access to the shared bus slave 500, an area that permits only read access from the shared bus slave 500, or both an area that permits writing and reading. May be prohibited, or all access may be prohibited.
  • an access request to the access permitted area is made, The access to the shared bus slave from the bus master that has made the bus request is permitted.
  • an access request is made to an area other than the access permitted area, access to the shared bus slave 500 from the bus master making the access request is prohibited.
  • the access request by the bus master 10 may be made by the bus master 10 designating a specific address allocated to the access permission / non-permission information DB 33.
  • the access permission information DB33 is, for example, a register to which a specific address is assigned.
  • the IF section 400 receives the access request and the determination result from access permission / inhibition determination section 31.
  • the IF unit 400 generates a command for accessing the shared bus slave 500 based on the access request and the determination result. For example, when the shared bus slave 500 is a DRAM (Dynamic Random Access Memory), commands such as a RAS (Row Address Strobe signal) and a CAS (Column Address Strobe signal) for controlling the DRAM are generated. If the bus master 10 is permitted to access the area of the access request destination in the shared bus slave 500, the IF unit 400 accesses the area to which the access request was made based on the generated command. In addition, data reading and data writing are executed. When the data has been read, the IF unit 400 outputs the read data to the bus master 10 that has made the access request.
  • DRAM Dynamic Random Access Memory
  • the IF unit 400 may notify the bus master 10 that has made the access request that the access to the access request destination area is prohibited. good.
  • the IF unit 400 further includes a dummy response unit 41 for performing a dummy response and a dummy access unit 42 for performing a dummy access.
  • the dummy response is to make the bus master 10 erroneously recognize that the dummy request is a response that also has the actual access request destination when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination. Means a dummy response to be made.
  • the dummy response unit 41 returns a dummy response to the bus master 10 when the access permission determination unit 31 determines that the access request from the bus master 10 is an access request to the access prohibited area.
  • the dummy response unit 41 Create a dummy response such as completion of reception of an access request and completion of data writing. Then, the created dummy response is sent to the bus master 10 without performing the write operation as requested. Further, the dummy access unit 42 may access a dummy area in the shared bus slave 500 that is not related to the area to which the access request is made, and perform the write operation.
  • the dummy response unit 41 completes the reception of the access request and performs dummy operations such as predetermined read data.
  • the dummy access unit 42 may access a dummy area irrelevant to the access request destination area and perform the read operation. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave 500, and it is possible to prevent analysis for accessing the access prohibited area. It is preferable to output random data or fixed values to the bus master, because the analysis becomes more difficult.
  • Dummy access means that when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination, the access to the actual access request destination is shared with the IF unit 400. This means a dummy access performed to observe a signal between the bus slave 500 and a person who tries to steal information illegally. Even if it is determined that the nosmaster 10 cannot access the area of the shared bus slave 500, some dummy access is performed to the shared bus slave 500. Therefore, analysis by monitoring data noise between the bus master 10 and the shared bus slave 500 can be prevented. For example, by tracing the data bus, it is possible to prevent the access prohibited area and the access permitted area on the shared bus slave 500 from being distinguished from each other.
  • a dummy access in the case of a write operation to an access prohibited area, access is permitted, for example, writing while masking data in the area of the access request destination, issuing a read command instead of a write command. Perform dummy access such as writing to an area that is not affected by writing.
  • a read operation to an access prohibited area an access such as issuing a read command to an area to which access is permitted is performed.
  • FIG. 3 is an example of a flowchart showing an example of the access control process.
  • Step S 10 The bus master identification unit 200 receives an access request from the bus master 10 to a desired area of the shared bus slave 500.
  • Step S11 The bus master identification unit 200 identifies which bus master 10 is the access request based on the received access request.
  • Step S12 As a result of the identification in step S11, the bus master identification section 200 determines whether or not an access request is made from a plurality of bus masters 10! If there is an access request from a plurality of bus masters 10, in step 13, the bus master 10 that is given the right to access the shared bus slave is selected. On the other hand, in the case of an access request from one bus master 10, the access request and the identification result are output to the access permission / non-permission determining unit 31.
  • Step S13 The bus master identifying section 200 selects a bus master according to the priority of receiving the access request.
  • the access request and identification result of the selected bus master 10 are output to the access permission / non-permission judgment unit 31.
  • Step S 14 The access permission / inhibition judging section 31 collates the access request and identification result from the bus master identification section 200 with the access permission information in the access permission information DB 33. For example, when the access request is the address of the access destination of the shared bus slave 500, whether the address is the address of the access prohibited area is checked with reference to the access permission / prohibition information DB33.
  • Step S15 If the access permission determination section 31 determines that access is permitted as a result of the comparison, access permission processing is performed in step S16. On the other hand, if it is determined that access is prohibited, access prohibition processing is performed in step S17.
  • Step S16 The IF unit 400 generates a command for accessing the access request destination area in the shared bus slave 500 based on the fact that the access is permitted by the access permission / non-permission determining unit 31. .
  • the shared bus slave 500 is controlled based on the generated command to read data from an access request destination area in the shared bus slave 500 or write data to the access request destination area. I do.
  • Step S17 The IF unit 400 performs an access prohibition process based on the fact that the access is prohibited by the access permission determination unit 31.
  • the access prohibition processing includes (A) notification of access prohibition to the bus master 10, (B) dummy response processing by the dummy response unit 41, (C) dummy access by the dummy access unit 42, and the like.
  • the microprocessor system 1000 With the above configuration, in the microprocessor system 1000 according to the first embodiment, only the bus master 10 permitted by the access permission determination unit 31 can access a desired area of the shared bus slave 500. Therefore, a dedicated area for the specific bus master 10 can be secured on the shared bus slave 500. For this reason, it is possible to prevent data and programs from being read or tampered with by unauthorized access by a bus master other than a specific bus master, and to prevent unauthorized execution of the program and improve security. For example, even if a bus master other than the specific bus master attempts to access the dedicated area of the specific bus master due to a program falsification or malfunction, the access can be prohibited.
  • this is effective when a debugger is connected and an attempt is made to access a dedicated bus master area on the shared bus slave 500 as a bus master.
  • the bus master identification unit 200 identifies from which bus master the access request is issued.
  • the access permission / non-permission determining unit 31 can prohibit the access request by recognizing, based on the access permission / prohibition information, that the access request is an access request to a non-permitted area.
  • bus master 10 shares the shared bus slave 500, it is not necessary to provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting the bus master 10 to a separate bus slave such as a dedicated DRAM or SRAM.
  • FIG. 4 is a configuration diagram of a multiprocessor system according to the second embodiment of the present invention.
  • the bus master identification unit 200 of the multiprocessor system 1000 according to the second embodiment receives an operation ID indicating the operation state of each bus master together with each bus master access request. Then, based on the access request, the bus master identification unit 200 identifies from which of the masters 10 the access request is. Further, the bus master identification unit 200 The identification result of the master, the access request and the operation ID are output to the access permission / non-permission judgment unit 31. When an access request is made from a plurality of bus masters 10, the bus master identification unit 200 selects a bus master that receives the access request.
  • the access permission / prohibition information DB 33 stores access permission / prohibition information according to the operation state of each bus master 10.
  • the access permission / non-permission determining unit 31 determines access permission / prohibition based on the identified operation state of the bus master 10 and the access permission / prohibition information.
  • Other configurations of the second embodiment are the same as those of the first embodiment.
  • the operating state includes, for example, information on a thread being executed.
  • FIG. 5 is an example of access permission / prohibition information according to the operation state stored in the access permission / prohibition information DB 33.
  • the access prohibition area is specified by the access prohibition start address and the access prohibition end address for each operation state of each bus master 10.
  • the operation ID is 0, the first bus master 10a can access the area of the address 0x8000—0000 to 8000—FFFF in the shared bus slave 500.
  • the operation ID is 1, access to the area at addresses 0x8000-0000 to 8000-FFFF is prohibited.
  • Step S 10 The bus master identification unit 200 receives an access request from the bus master 10.
  • Step S11 The bus master identification unit 200 identifies which bus master 10 is the access request. Further, the no-master identification unit 200 may identify the operation state of the bus master 10. The operation state is identified based on, for example, an operation ID input from the bus master 10 in response to an access request.
  • Steps S12 and S13 The bus master identification unit 200 selects the nosmaster 10, and outputs the access request, the identification result, and the operation state of the selected bus master 10 to the access availability determination unit 31.
  • Step S 14 The access permission / non-permission determining section 31 compares the access request from the bus master identifying section 200, the identification result, the operation state, and the access permission / prohibition information in the access permission / prohibition information DB 33. Collate.
  • Steps S15, S16, S17 If access is permitted, access permission processing is performed in step S16. On the other hand, if it is determined that the access is prohibited, the access prohibition process is performed in step S17!
  • FIG. 6 is a configuration diagram of a multiprocessor system according to the third embodiment.
  • the first bus master 10a has a dedicated instruction for accessing the access permission information.
  • Examples of the dedicated instruction include a read instruction for reading the access permission information and a write instruction for writing / rewriting the access permission information. Then, when accessing the access permission information, the first bus master 10a decodes the dedicated instruction and outputs an access request based on the dedicated instruction to the bus master identification unit 200. Bus master identification section 200 outputs an access request to access permission / inhibition determination section 31.
  • the access permission / non-permission judgment unit 31 determines whether the first bus master 10a It is determined based on the access permission information in the access permission information DB 33 whether or not to permit an access request for accessing the access permission information.
  • the access permission information in the access permission information DB 33 includes restriction information on whether access to the access permission information is permitted or not for each bus master.
  • FIG. 7 is an example of the restriction information in the access permission information DB33. In FIG. 7, whether or not access to the access permission information is permitted is set for each bus master as restriction information.
  • the restriction information may be information indicating whether or not access is possible for each type of access availability information of each bus master. That is, the information may prohibit only read access to the access permission information, prohibit only write access, or prohibit both read access and write access.
  • Other configurations of the third embodiment are the same as those of the first embodiment.
  • the access to the access permission information based on the dedicated instruction is performed by, for example, accessing a predetermined address of a register.
  • the multiprocessor system is configured as shown in FIG. 6, it is possible to change the access permission area of the bus master as follows by accessing the access permission information and rewriting the access permission information. For example, suppose a bus master downloads a new program via a network. When a certain bus master needs to extend the dedicated area in the shared bus slave 500 to execute the new program, a certain bus master decodes a write instruction for rewriting the access enable / disable information, and requests an access based on the write instruction. Is output. This access request is executed, for example, by accessing a specific address of the register 35 in the access permission / non-permission determining unit 31.
  • the bus master identification unit 200 receives an access request based on a write instruction, and identifies the bus master making the access request.
  • the access permission / inhibition determination unit 31 determines whether to permit the access request output by the nosmaster based on the access permission information in the access permission information DB 33.
  • the access availability information in the access availability information DB33 includes, for each bus master, restriction information as to whether or not the access request based on the write instruction is permitted. If the access request by the identified nosmaster is permitted, the access permission information in the access permission information DB 33 is rewritten based on the access request to the access permission information. With this rewrite, the bus master is now in the extended shared bus slave 500 It is possible to execute a new program using the area. On the other hand, when access is prohibited based on the access permission information, execution of rewriting of the access permission information is prohibited.
  • the bus master identification unit 200 receives an access request based on a read command from the bus master, and identifies the bus master that has output the access request.
  • the access permission / non-permission determining unit 31 reads the access permission / prohibition information in the access permission / prohibition information DB 33 based on the read command only when reading by the identified bus master is permitted. Then, the read access permission / inhibition information is output to the IF unit 400 and output to the bus master that has issued the read instruction.
  • the access request to the access permission information is performed using the same node as the access request to the shared bus slave. Good.
  • FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment of the present invention.
  • the multiprocessor system 1000 according to the fourth embodiment has a program authentication unit 21 in a bus master identification unit 200. When the program is authenticated by the program authentication unit 21, the access request is permitted.
  • Other configurations of the fourth embodiment are the same as those of the first embodiment.
  • the program authentication unit 21 authenticates whether the program executed by the bus master 10 is legitimate or illegal, and outputs the authentication result to the access permission / non-permission determining unit 31.
  • program authentication is performed using encryption / decryption techniques such as a public key, a secret key, and an electronic signature. Then, the program authentication unit 21 outputs the authentication result to the access permission determination unit 31.
  • the access permission determination unit 31 prohibits the access request from the bus master 10.
  • the access permission / non-permission determining unit 31 checks the access request of the bus master 10 against the access permission / prohibition information in the access permission / prohibition information DB 33, and the access is prohibited if the access request is permitted but the program is not authenticated. You. That is, the access permission / non-permission determining unit 31 permits the access request of the bus master 10 only when the program is authenticated and the access request is permitted by the access permission / prohibition information.
  • the program authentication unit 21 is provided in the bus master identification unit 200.
  • the program authentication unit 21 may be configured as an independent function block that is not provided in the bus master identification unit 200.
  • the access permission information in the access permission information DB33 may include information on whether or not the program needs to be authenticated in order to determine that the program is accessible.
  • FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment of the present invention.
  • program authentication is performed in the same manner as in the fourth embodiment, and access permission / inhibition determination for the access permission information shown in the third embodiment is performed.
  • the first bus master 10a of the multiprocessor system according to the fifth embodiment has a dedicated instruction for accessing the access permission information as in the third embodiment.
  • the access permission information in the access permission information DB 33 includes restriction information on whether or not the access to the access permission information is permitted for each bus master.
  • the bus master identification unit 200 has a program authentication unit 21 as in the fourth embodiment.
  • Other configurations of the fifth embodiment are the same as those of the first embodiment.
  • the first bus master 10a When accessing the access permission information, the first bus master 10a outputs an access request based on a dedicated instruction to the bus master identification unit 200.
  • the bus master identifying unit 200 issues an access request and identifies a bus master.
  • the program authentication unit 21 in the bus master identification unit 200 determines whether the program executed by the bus master 10 is legitimate or not. Authentication is performed, and the authentication result is output to the access permission determination unit 31.
  • the access permission / non-permission determining unit 31 receives the authentication result, the identification result, and the access request.
  • the access permission / non-permission determining unit 31 determines whether to permit the access request based on the access permission / prohibition information in the access permission / prohibition information DB 33, and permits or prohibits the access request from the bus master 10 based on the authentication result. I do. As described above, even when an access request is made by decoding a dedicated instruction such as a read instruction or a write instruction, security can be further enhanced by using program authentication together. Note that here, an example in which a dedicated instruction for accessing the access permission information is provided is shown.
  • the access permission information DB may be a register to which an address is assigned, that is, the access permission information is obtained by accessing the address. You can access to,.
  • FIG. 10 is a configuration diagram of a multiprocessor system according to the sixth embodiment of the present invention.
  • a multiprocessor system 1000 having an access control unit according to the sixth embodiment has a first bus master identification unit 200a and a second bus master identification unit 200b.
  • the bus master 150 including the second bus master 10b and the third bus master 10c is connected to the first bus master identification unit 200a, and the first bus master 10a is connected to the second bus master identification unit 200b.
  • Other configurations are the same as those of the first embodiment.
  • An access request from the second bus master 10b and the third bus master 10c is output to the first bus master identification unit 200a, and an access request from the first bus master 10a is output to the second bus master identification unit 20 Ob.
  • the first bus master identification unit 200a identifies whether the request is an access request from the second bus master 10b or an access request from the third bus master 10c. In the case of an access request from both the second bus master 10b and the third bus master 10c, it is determined which of the bus masters receives the access request, for example, according to the priority of receiving the access request. Further, first bus master identification section 200a outputs the identification result to second bus master identification section 200b.
  • the second bus master identification unit 200b accepts an access request from the first bus master 10a and determines whether to accept the access request of the first bus master 10a by the ability to accept the access request of the bus master identified by the first bus master identification unit 200a. .
  • the plurality of nosmaster identification units can be provided as appropriate in consideration of the number of bus masters, the number of wirings, and the wiring length.
  • FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment of the present invention.
  • the multiprocessor system 1000 includes a system LSI 600 and a shared bus slave 500.
  • the system LSI 600 is formed such that the multiprocessor 100, the bus master identification unit 200, the access control unit 300, and the IF (InterFace) unit 400 are included on one chip.
  • the shared bus slave 500 is a shared area external to the system LSI 600, and is configured by an external shared memory such as a DRAM and an SRAM (Static Random Access Memory).
  • the internal configuration of each unit of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the IF (interFace) unit 400, and the shared bus slave 500 is the same as in the first embodiment.
  • the degree of freedom can be increased, such as changing the capacity of the shared area after designing the system LSI.
  • a bus encryption unit 450 for encrypting / decrypting access data such as addresses, write data, and read data exchanged between the system LSI 600 and the shared bus slave 500 connected to the outside is provided. It is preferable to have. By providing the bus encryption unit 450, it is possible to prevent the access to the dedicated area of each bus master 10 in the shared bus slave 500 from being analyzed.
  • the system LSI 610 may be configured to include the shared bus slave 500 in the chip.
  • the shared bus slave 500 By including the shared bus slave 500 in one chip, the confidentiality of access from the no master 10 to the shared bus slave can be improved.
  • FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment of the present invention.
  • the multiprocessor system 1000 includes a system LSI 620, a first shared bus slave 500a, and a second shared bus slave 500b.
  • the system LSI 620 includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, a first IF unit 400a and a second IF unit 400b. It is formed so as to be included on one chip.
  • the first shared bus slave 500a and the second shared bus slave 500b are connected to the first IF unit 400a and the second IF unit 400b, and are shared by a plurality of bus masters 10 in the system LSI 620.
  • a first access permission / non-permission judgment unit 31a corresponding to the first shared bus slave 500a and a second access permission / non-permission judgment unit 3lb corresponding to the second shared bus slave 500b are provided.
  • the first IF section 400a and the second IF section 400b are respectively provided between the first shared bus slave 500a and the first access permission / non-permission judgment section 31a, and between the second shared bus slave 500b and the second access permission / non-permission judgment section 31b.
  • the first access availability determination unit 31a and the second access availability determination unit 31b have the same configuration as the access availability determination unit 31 of the first embodiment.
  • the first IF section 400a and the second IF section 400b have the same configuration as the IF section 400 of the first embodiment.
  • Other multiprocessor 100 and bus master identification unit 200 access availability information DB33 has the same configuration as that of the first embodiment.
  • the system LSI 630 may be configured to include the second shared bus slave 500b in the chip, and the first shared bus slave 500a may be connected to the system LSI 630. Therefore, the secrecy of access from the bus master 10 to the second shared bus slave 500b can be improved. As described above, it is possible to obtain a multiprocessor system capable of restricting access while having various modes such as incorporating or externally attaching the first shared bus slave 500a and the second shared bus slave 500b inside the system LSI. . When a shared bus slave is externally attached, the degree of freedom can be increased, for example, by changing the capacity of the shared area.
  • FIG. 15 is a configuration diagram of a multiprocessor system according to the ninth embodiment of the present invention.
  • the multiprocessor system 1000 is a data processing system that processes a large amount of data such as a facsimile machine, and includes a system LSI 640, a peripheral circuit unit 900 such as a scanner and a printer, and a memory unit 950 such as a DRAM and an SRAM.
  • the system LSI 640 is connected to the peripheral circuit unit 900 and the memory unit 950, and is included on a single chip of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the DMA control unit 700, and the memory scheduler 800. It is formed as follows.
  • the ninth embodiment In the multiprocessor system 1000, in order to improve the data processing efficiency, data is directly transferred between the peripheral circuit unit 900 and the memory 950 without passing through the multi-processor 100.
  • the configurations and operations of the DMA control unit 700 and the memory scheduler 800 will be described.
  • the DMA control section 700 includes a host IF section 400, a shared bus slave 500, and a peripheral circuit IF section 750.
  • the shared bus slave 500 is shared by a plurality of bus masters 10 constituting the multiprocessor 100.
  • the shared bus slave 500 has a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes. It is.
  • the peripheral circuit IF section 750 of the DMA control section 700 is connected to the memory scheduler 800 and the peripheral circuit section 900. Further, the memory scheduler 800 is connected to a memory 950 outside the system LSI 640, and generates commands for accessing the memory.
  • peripheral circuit unit 900 such as a scanner or a printer
  • data input from the peripheral circuit unit 900 is transferred to the memory via the peripheral circuit IF unit 750 and the memory scheduler 800 based on the DMA control information in the shared bus slave 500. Transferred to 950.
  • the bus master identification unit 200 identifies the bus master 10 that has issued the access request.
  • the access permission / inhibition determination unit 31 determines access permission / inhibition based on the access permission / inhibition information in the access permission / inhibition information DB 33.
  • access to the shared bus slave 500 is performed via the host IF unit 400. In this way, by restricting access to the shared bus slave 500, which is a DMA control register, it is possible to prevent unauthorized access to DMA control information.
  • a dedicated area for the bus master can be secured in the shared bus slave 500 that is the DMA control register. Therefore, for example, unauthorized reading due to rewriting of DMA control information for reading and decrypting encrypted data from the peripheral circuit unit 900 can be prevented.
  • the power in the example in which the shared bus slave 500 is the DMA control register is not limited thereto.
  • accumulator, stack register, program counter, split And various control registers such as an embedded register and a flag register.
  • 100 including a plurality of bus masters is referred to as a multiprocessor.
  • a multimaster may be used.
  • FIGS. 16 to 18 are configuration diagrams of a multiprocessor system according to the tenth embodiment of the present invention.
  • the multiprocessor system 2000 is a data processing system that processes a large amount of data, and includes a system LSI 740, a peripheral circuit unit 900, and an external shared bus slave 500.
  • the system LSI 740 is connected to the peripheral circuit unit 900 and the shared bus slave 500, and is formed so that the multiprocessor 100, the DMA controller 700, and the memory scheduler 800 are included on one chip. .
  • the DMA controller 700 directly controls data transfer between the peripheral circuit unit 900 and the shared bus slave 500 without passing through the multiprocessor 100 in order to improve data processing efficiency. Further, the memory scheduler 800 is connected to the shared bus slave 500 outside the system LSI 740, and generates commands for accessing the shared bus slave 500.
  • the multiprocessor 100 is composed of a plurality of bus masters 10 (bus masters 10a, 10b ′...), And the shared bus slave 500 is shared by the plurality of bus masters 10.
  • each bus master is assigned a dedicated first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and a shared area 51 shared by each bus master 10. including.
  • each bus master 10 can access the shared bus slave 500 via the memory scheduler 800 or the DMA controller 700.
  • the DMA controller 700 has a bus master identification unit 200a and an access control unit 300a
  • both the DMA controller 700 and the memory scheduler 800 have a bus master identification unit and an access control unit
  • the memory scheduler 800 has a bus master identification unit 200b and an access control unit 300b.
  • the DMA controller 700 includes a no-master identification unit 200a, an access control unit 300a, a host IF (InterFace) unit 400a, a control register 550, and a peripheral circuit IF unit 750.
  • the bus master identification unit 200a identifies which bus master 10 is the access request. Then, the access request and the identification result are output to the access control unit 300a.
  • the access control unit 300a includes an access permission / inhibition determination unit 3la and an access permission / inhibition information DB 33a.
  • Access permission / non-permission information The DB 33a stores, for each bus master 10, access permission / non-permission information indicating whether or not access to the shared bus slave 500 is possible. For example, information that allows the first bus master 10a to access the first bus master dedicated area 50a, information that enables the second bus master 10b to access the second bus master dedicated area 50b, and information that allows the third bus master 10c to access the bus master dedicated area 50c. Access permission information including information for enabling access is stored.
  • the access permission / inhibition determination unit 31a performs access permission / inhibition determination by comparing the access request and the identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33a.
  • the access propriety judging section 31 outputs the judgment result to the host IF section 400a.
  • the control register 550 is a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes.
  • DMA control information information necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes.
  • the peripheral circuit IF section 750 is connected to the memory scheduler 800 and the peripheral circuit section 900.
  • the bus master identification unit 200a identifies the bus master 10 that has made the access request.
  • the access permission / non-permission determination unit 31a determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33a.
  • the control register 550 is accessed through the host IF unit 400a.
  • the path IF unit 750 transfers an access request from each bus master to the memory scheduler 800 based on the DMA control information in the control register.
  • the memory scheduler 800 accesses the shared bus slave 500 based on the access request.
  • the memory scheduler 800 also acquires the access result from the dedicated area or the shared area for each bus master.
  • the memory scheduler 800 transmits the access result to the peripheral circuit IF unit 750.
  • the peripheral circuit IF unit 750 transmits the access result to each bus master 10.
  • each bus master 10 accesses the shared bus slave 500 via the DMA controller 700
  • only the bus master permitted by the access permission / non-permission judging unit 3 la determines whether the shared bus slave 500 Can access the area. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal access by a bus master other than the specific bus master is prohibited, thereby improving security.
  • information on access permission to the peripheral circuit unit 900 such as an external I / O and an external port may be stored in the access permission information DB 33a for each bus master 10.
  • each bus master 10 accesses the peripheral circuit section 900 via the DMA controller 700, only the bus master 10 to which access is permitted by the bus master identification section 200a and the access permission / non-permission determination section 31a is in the vicinity of a predetermined area to which access is permitted.
  • the circuit section 900 becomes accessible. Therefore, security can be further improved.
  • bus master 10 shares the shared bus slave 500, it is not necessary to separately provide a dedicated bus slave for each specific bus master 10. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting a separate bus slave and the bus master 10.
  • the memory scheduler 800 further includes a bus master identification unit 200b and an access control unit 30.
  • the memory scheduler 800 includes a no-master identification unit 200b, an access control unit 300b, and an IF (Inter
  • the bus master identification unit 200b When an access request from the master 10 to the shared bus slave 500 is received, it is identified which bus master 10 is the access request. Then, it outputs the access request and the identification result to the access control unit 300b.
  • the access control unit 300b has an access permission / inhibition determination unit 3lb and an access permission / inhibition information DB 33b.
  • Access permission information DB33b stores access permission information indicating whether access to the shared bus slave 500 is possible or not for each bus master 10.
  • the access permission / inhibition determination unit 31b performs access permission / inhibition determination by comparing the access request and identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33b.
  • Access availability determination section 31b outputs the determination result to IF section 470.
  • the bus master identification unit 200b identifies the bus master 10 that has made the access request.
  • the access permission / non-permission determining unit 31b determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33b.
  • the access to the permitted area of the shared bus slave 500 is performed via the IF unit 470.
  • the IF unit 470 transmits the access result obtained from the shared bus slave 500 to each bus master 10.
  • FIG. 18 only the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b.
  • the configuration of the memory scheduler 800 is the same as that of FIG.
  • the DMA controller 700 has a host IF unit 400a that receives an access request from each bus master 10, a control register 550, and a peripheral circuit IF unit 750, and does not include the bus master identification unit 200a and the access control unit 30Oa.
  • the access request from each bus master 10 to the shared bus slave 500 is made via the DMA controller 700 and the memory scheduler 800, and the request is made directly via the memory scheduler 800. That is, an access request to the shared bus slave 500 is always made via the memory scheduler 800.
  • the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b, only the bus masters permitted by them can access the predetermined area of the shared bus slave 500. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and unauthorized access by a bus master other than the specific bus master is prohibited, thereby improving security.
  • a dedicated area for each bus master may be provided in the control register 550 as in the ninth embodiment.
  • FIG. 19 shows a configuration in which the control register 550 in FIG. 17 is a control register shared by each bus master.
  • Access permission information DB33a stores, for each bus master, access permission information indicating whether or not the dedicated area can be accessed. For example, access permission / non-permission information including information for enabling the first bus master 10a to access the first bus master dedicated area 550a and information for enabling the second bus master 10b to access the second bus master dedicated area 550b are stored.
  • the bus master identification unit 200a and the access availability determination unit 31a control access to the control register 550 based on the access availability information DB 33a.
  • the present invention can be used for improving the security of a multiprocessor system.

Abstract

It is possible to improve security in a multi-processor system while reducing the cost. There is provided an access control device judging whether access is enabled to at least one shared bus slave shared by a plurality of bus maters from the bus masters. The access control device includes: an access enabled/disabled information storage unit for storing access enabled/disabled information inhibiting access to a predetermined area of the shared bus slave from the bus masters; and an access enabled/disabled judgment unit used when a bus master makes a request to access a desired area of the shared bus slave, for judging whether the bus master can access the area of the shared bus slave of the access request destination according to the access enabled/disabled information in the access enabled/disabled information storage unit.

Description

明 細 書  Specification
アクセス制御装置及びアクセス制御方法  Access control device and access control method
技術分野  Technical field
[0001] 本発明は、バスマスタ及び共有バススレーブ間のアクセス制御を行うアクセス制御 装置に関するものである。 背景技術  The present invention relates to an access control device that controls access between a bus master and a shared bus slave. Background art
[0002] 現在、 LSI (Large Scale Integrated circuit)の高機能化、高集積化が進む中、複数 のプロセッサから構成されるマルチプロセッサシステムが一般化している。また、デジ タル AV家電分野などでは、低コストィヒのため主記憶装置などの情報資源を共有する ユニファイドメモリ構成が欠かせない。そのため、あるプロセッサの秘匿プログラムが 共有メモリ内に記憶されている場合に、他のプロセッサがその秘匿プログラムを改竄 したり盗み出したりする等のセキュリティ低下が問題となっている。  [0002] At present, with the progress of high functionality and high integration of LSI (Large Scale Integrated circuit), a multiprocessor system including a plurality of processors is becoming popular. In the field of digital AV home appliances, a unified memory configuration that shares information resources such as main storage is indispensable due to low cost. For this reason, when a secret program of a certain processor is stored in the shared memory, security deterioration such as tampering or stealing of the secret program by another processor has become a problem.
[0003] 特許文献 1には、共有メモリへのアクセス制限を実現する機構として、各プロセッサ がアクセス制限機構を有するマルチプロセッサシステムが開示されている。そして、各 プロセッサ内のアクセス制限機構力 アドレスの生成等を阻止するソフトウェアプログ ラムを実行することによりアクセス制限を行っている。また、各プロセッサ毎に専用メモ リを設け、特定のプロセッサの専用メモリには、特定のプロセッサのみがアクセスでき るようにする方法が特許文献 2に開示されて 、る。 [0003] Patent Document 1 discloses a multiprocessor system in which each processor has an access restriction mechanism as a mechanism for restricting access to a shared memory. The access restriction mechanism in each processor restricts access by executing software programs that prevent the generation of addresses. Patent Document 2 discloses a method in which a dedicated memory is provided for each processor so that only the specific processor can access the dedicated memory of the specific processor.
特許文献 1 :特許第 2661733号公報  Patent Document 1: Patent No. 2661733
特許文献 2:特開平 6 - 96235号公報  Patent Document 2: JP-A-6-96235
発明の開示  Disclosure of the invention
[0004] しかし、特許文献 1のマルチプロセッサシステムでは、アクセス制限機構として中央 処理装置毎にアドレス生成保護装置が設けられている。そして、各アドレス生成保護 装置力 対応するプロセッサの共有メモリへのアクセス制限をソフト的処理により行う。 また、アクセス制限を行うソフトの書換制限は行われていない。よって、例えばァクセ ス制限を実行するプログラムのシーケンスやノヽードウエアの仕様書などが搾取され、 プログラムが改竄されると、他のプロセッサのアクセス制限領域に不正にアクセスでき るよう〖こなる。その結果、秘密データやプログラムが改竄されたり盗み出される危険性 が生じ、セキュリティ上問題となる。また、特許文献 2の各プロセッサ専用の専用メモリ を設ける方法では、専用メモリとして専用 RAM (Random Access Memory)や専用 RO M (Read Only Memory)を別途設ける必要がありマルチプロセッサシステムのコスト増 を招く。特に、専用メモリを LSIに内蔵する方法では、使用する専用メモリの容量を LSI 設計段階で FIXさせなければならないため柔軟性に欠ける。また、専用メモリをマル チプロセッサを搭載したシステム LSIに外付けする方法では、外付けの専用メモリと LS Iとの接続を行うために LSIの外部端子等が増加し、 LSIのコスト増を招く。 However, in the multiprocessor system of Patent Document 1, an address generation protection device is provided for each central processing unit as an access restriction mechanism. Then, access control to the shared memory of the corresponding processor is performed by software processing for each address generation protection device. Also, there is no restriction on rewriting of software for restricting access. Therefore, for example, the sequence of a program that executes access restrictions or the specifications of hardware are exploited, and if the program is tampered with, unauthorized access to the access-restricted area of another processor can be made. Like this. As a result, there is a risk that confidential data and programs are falsified or stolen, which poses a security problem. Also, in the method of providing a dedicated memory dedicated to each processor in Patent Document 2, it is necessary to separately provide a dedicated RAM (Random Access Memory) or a dedicated ROM (Read Only Memory) as a dedicated memory, which increases the cost of a multiprocessor system. . In particular, the method of incorporating a dedicated memory in an LSI lacks flexibility because the capacity of the dedicated memory to be used must be fixed at the LSI design stage. In addition, in the method of externally connecting dedicated memory to a system LSI equipped with a multiprocessor, the number of external terminals of the LSI increases due to the connection between the external dedicated memory and the LSI, resulting in an increase in LSI cost. .
[0005] そこで、本発明は、コスト増を低減しつつマルチプロセッサシステムにおけるセキュ リティを向上させることを目的とする。  Therefore, an object of the present invention is to improve security in a multiprocessor system while reducing cost increase.
[0006] 本願第 1発明は、上記の課題を解決するために、複数のバスマスタ力 前記複数の バスマスタにより共有される少なくとも 1の共有バススレーブへのアクセスについてァ クセス制御を行うアクセス制御装置であって、以下の構成要素を有する。  [0006] The first invention of the present application is an access control device that performs access control on access to at least one shared bus slave that is shared by a plurality of bus masters in order to solve the above problem. And the following components.
'前記バスマスタ力 前記共有バススレーブの所定領域へのアクセスを禁止するァク セス可否情報を格納するアクセス可否情報格納部。  'An access permission / non-permission information storage unit which stores access permission / prohibition information for prohibiting the shared bus slave from accessing a predetermined area.
•前記バスマスタ力 前記共有バススレーブの所望の領域にアクセス要求が行われた 場合、前記アクセス可否情報格納部のアクセス可否情報に基づいて、前記バスマス タが前記アクセス要求先の共有バススレーブの領域にアクセス可能力否かを判定す るアクセス可否判定部。  • When an access request is made to a desired area of the shared bus slave, the bus master moves the bus master to an area of the shared bus slave to which the access request is made based on the access permission information of the access permission information storage unit. An access permission / non-permission determining unit that determines whether or not access is possible.
[0007] ノ スマスタから共有バススレーブの所望の領域にアクセス要求が行われた場合、ァ クセス可否判定部がアクセス可否情報に基づ 、てアクセス可否の判定を行う。ここで 、共有バススレーブとは、複数のノ スマスタに共有される汎用メモリや各種制御レジス タ等の共有資源を意味する。アクセス可否判定部によりアクセスが禁止されると、ノ ス マスタは共有バススレーブのアクセス要求先の領域にアクセスできない。よって、ァク セス可否判定部により許可されたバスマスタのみが共有バススレーブの所定領域に アクセスができるため、共有バススレーブ上に特定のバスマスタの専用領域を確保す ることができる。そのため、特定のバスマスタ以外のバスマスタによる不正なアクセス を禁止し、セキュリティを向上させることができる。例えば、プログラムの改竄や誤動作 により、特定のバスマスタ以外のバスマスタが特定のバスマスタの専用領域へァクセ スしょうとした場合でも、アクセス可否判定部によりアクセスを禁止することができる。 [0007] When an access request is made from the nosmaster to a desired area of the shared bus slave, the access permission / inhibition determination section determines access permission / inhibition based on the access permission / inhibition information. Here, the shared bus slave means a shared resource such as a general-purpose memory and various control registers shared by a plurality of nosmasters. If access is prohibited by the access permission / inhibition judgment unit, the no-smaster cannot access the area requested by the shared bus slave. Therefore, only the bus master permitted by the access permission / non-permission determining unit can access the predetermined area of the shared bus slave, so that a dedicated area for a specific bus master can be secured on the shared bus slave. Therefore, unauthorized access by a bus master other than the specific bus master can be prohibited, and security can be improved. For example, program tampering or malfunction Accordingly, even when a bus master other than the specific bus master attempts to access the dedicated area of the specific bus master, the access can be prohibited by the access permission / inhibition determination unit.
[0008] また、バスマスタは共有バススレーブを共有して!/、るため、特定のバスマスタ毎に専 用のバススレーブを別途設ける必要がない。よって、別途のバススレーブとバスマスタ とを接続するためのバス配線や端子を設けるコストを削減することができる。 Further, since the bus masters share the shared bus slaves, it is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
[0009] 本願第 2発明は、本願第 1発明において、前記バスマスタから前記共有バススレー ブの所望の領域へのアクセス要求に基づ 、て、前記アクセス要求を行ったバスマス タを識別するバスマスタ識別部をさらに含み、前記アクセス可否判定部は、前記バス マスタ識別部により識別されたバスマスタのアクセス可否情報に基づいて判定を行う ことを特徴とするアクセス制御装置を提供する。 [0009] The second invention of the present application is the bus master identification unit according to the first invention of the present application, which identifies a bus master that has made the access request based on an access request from the bus master to a desired area of the shared bus slave. The access control device further comprises: an access control unit that performs the determination based on the access control information of the bus master identified by the bus master identification unit.
[0010] バスマスタ識別部は、いずれのバスマスタ力もアクセス要求が行われているかを識 別し、アクセス可否判定部に出力する。バスマスタ識別部は、複数のバスマスタから アクセス要求が行われた場合、 、ずれのバスマスタからのアクセス要求を受け付ける かを選択するようにしても良い。例えば、優先度の高いバスマスタからのアクセス要求 を受け付ける。 [0010] The bus master identification unit identifies whether an access request is made by any of the bus masters, and outputs the access request to the access availability determination unit. When an access request is made from a plurality of bus masters, the bus master identification unit may select whether to accept an access request from a shifted bus master. For example, an access request from a high-priority bus master is accepted.
[0011] 本願第 3発明は、本願第 1発明において、前記アクセス可否情報は、パスマスタ毎 の共有バススレーブにおけるアクセス禁止領域を指定する禁止アドレスまたはァクセ ス許可領域を指定する許可アドレスであり、前記アクセス可否判定部は、前記バスマ スタに対応する禁止アドレスまたは許可アドレスに基づ 、て、前記バスマスタが前記 アクセス要求先の共有バススレーブの領域にアクセス可能力否かを判定することを特 徴とするアクセス制御装置を提供する。  [0011] In a third invention of the present application, in the first invention of the present application, the access permission / prohibition information is a prohibition address designating an access prohibition area or a permission address designating an access permission area in the shared bus slave for each path master. The access permission / inhibition judging unit is characterized in that the bus master judges whether or not the bus master can access the area of the shared bus slave to which the access request is made, based on a prohibition address or a permission address corresponding to the bus master. An access control device is provided.
[0012] アクセス可否情報格納部には、バスマスタ毎に共有バススレーブ内のアクセスが禁 止される領域の禁止アドレスまたはアクセスが許可される領域の許可アドレスが格納 されている。この禁止アドレスまたは許可アドレスと、バスマスタがアクセス要求を行つ た共有バススレーブの領域のアドレスとを比較する。そして、アクセス要求先のアドレ スが禁止アドレスである場合は、バスマスタによるアクセスを禁止することができる。一 方、アクセス要求先のアドレスが許可アドレスである場合は、ノ スマスタによるアクセス を許可することができる。 [0013] 本願第 4発明は、本願第 3発明において、前記禁止アドレスは、バスマスタ毎の共 有バススレーブへの書き込みアクセス禁止領域、または共有バススレーブ力 の読出 しアクセス禁止領域または共有バススレーブへの全アクセス禁止領域を指定するアド レスであり、前記許可アドレスは、共有バススレーブへの読み出しアクセス許可領域、 または共有バススレーブからの読み出しアクセス許可領域または共有バススレーブ への全アクセス許可領域を指定するアドレスであることを特徴とするアクセス制御装 置を提供する。 [0012] The access permission / non-permission information storage unit stores, for each bus master, a prohibited address of an area in the shared bus slave where access is prohibited or a permitted address of an area where access is permitted. The prohibited address or permitted address is compared with the address of the area of the shared bus slave to which the bus master has issued the access request. If the address of the access request destination is a prohibited address, the access by the bus master can be prohibited. On the other hand, if the address of the access request destination is a permitted address, access by the nosmaster can be permitted. [0013] In a fourth invention of the present application, in the third invention of the present application, the prohibited address is a write access prohibited area for a shared bus slave for each bus master, or a read access prohibited area or a shared bus slave for the shared bus slave power. The permission address specifies a read access permission area to the shared bus slave, a read access permission area from the shared bus slave, or a total access permission area to the shared bus slave. An access control device characterized in that it is an address to be accessed.
[0014] バスマスタ毎に共有バススレーブからのデータの読み出しのみ許可する、書き込み のみ許可する等の自由度を高めることができる。  [0014] It is possible to increase the degree of freedom such as permitting only reading of data from the shared bus slave or permitting only writing for each bus master.
[0015] 本願第 5発明は、本願第 1発明において、前記アクセス可否情報は、各バスマスタ の動作状態毎に格納されており、前記アクセス可否判定部は、前記アクセス要求を 行ったバスマスタの動作状態を受信し、その動作状態と前記バスマスタの動作状態 毎のアクセス可否情報とに基づ 、て、前記アクセス要求を行ったバスマスタが前記ァ クセス要求先の共有バススレーブの領域にアクセス可能力否かを判定することを特 徴とするクセス制御装置を提供する。  [0015] In a fifth aspect of the present invention, based on the first aspect of the invention, the access permission / inhibition information is stored for each operation state of each bus master, and the access permission / inhibition determination unit operates in the operation state of the bus master that has issued the access request. On the basis of the operation state and the access permission / non-permission information for each operation state of the bus master, based on whether the bus master that has made the access request can access the area of the shared bus slave to which the access request is made or not. The present invention provides an access control device characterized by determining
[0016] 各バスマスタの動作状態に応じてバスマスタがアクセス要求先の領域へアクセス可 能か否かを判定する。よって、共有バススレーブ上に、特定のバスマスタが特定の動 作状態にあるときのみアクセスすることができる専用領域を確保することができる。ま た、バスマスタの動作状態に応じてアクセス可否を行うことで、よりセキュリティを高め ることがでさる。  [0016] It is determined whether or not the bus master can access the access request destination area according to the operation state of each bus master. Therefore, it is possible to secure a dedicated area on the shared bus slave that can be accessed only when a specific bus master is in a specific operation state. In addition, security is further improved by determining whether access is possible according to the operation state of the bus master.
[0017] 本願第 6発明は、本願第 1発明において、前記共有バススレーブは、各種制御レジ スタであり、前記アクセス可否情報は、前記各種制御レジスタへのアクセスを禁止す る情報であり、前記アクセス可否判定部は、前記バスマスタから前記各種制御レジス タの所望の領域にアクセス要求が行われた場合、前記各種制御レジスタへのァクセ ス可否情報に基づ 、て、前記アクセス要求を行ったバスマスタが前記アクセス要求先 の各種制御レジスタの領域にアクセス可能力否かを判定することを特徴とするァクセ ス制御装置を提供する。  [0017] In a sixth aspect of the present invention, in the first aspect of the invention, the shared bus slave is various control registers, and the access availability information is information for inhibiting access to the various control registers. When the bus master issues an access request to a desired area of the various control registers, the access permission / inhibition determination unit is configured to perform the access request based on the access permission / inhibition information for the various control registers. The present invention provides an access control device for determining whether or not an access request destination is capable of accessing various control register areas.
[0018] バスマスタから共有の各種制御レジスタの所望の領域にアクセス要求が行われた 場合、アクセス可否判定部がアクセス可否情報に基づ 、てアクセス可否の判定を行 う。よって、アクセス可否判定部により許可されたバスマスタのみが共有の各種制御レ ジスタの領域にアクセスができる。例えば、特定のバスマスタ以外のバスマスタが不 正に各種制御レジスタにアクセスし、各種制御情報が書き換えられることを防止する ことができる。 [0018] An access request is made from the bus master to a desired area of the shared control registers. In this case, the access permission / inhibition determination unit determines access permission / inhibition based on the access permission / inhibition information. Therefore, only the bus master permitted by the access permission / inhibition judging section can access the areas of the shared various control registers. For example, it is possible to prevent a bus master other than a specific bus master from illegally accessing various control registers and rewriting various control information.
[0019] 本願第 7発明は、本願第 6発明において、前記各種制御レジスタは、 DMA (Direct Memory Access)制御情報を格納する DMA制御レジスタであり、前記アクセス可否情 報は、前記 DMA制御レジスタへのアクセスを禁止する情報であり、前記アクセス可否 判定部は、前記バスマスタ力 前記 DMA制御レジスタの所望の領域にアクセス要求 が行われた場合、前記 DMA制御レジスタへのアクセス可否情報に基づいて、前記ァ クセス要求を行ったバスマスタが前記アクセス要求先の DMA制御レジスタの領域に アクセス可能カゝ否かを判定することを特徴とするアクセス制御装置を提供する。  [0019] In a seventh invention of the present application, in the sixth invention of the present application, the various control registers are DMA control registers for storing DMA (Direct Memory Access) control information, and the access availability information is stored in the DMA control registers. When the access request is made to a desired area of the DMA control register, the access permission / inhibition determination unit, based on the access permission / inhibition information to the DMA control register, There is provided an access control device characterized in that a bus master that has made an access request determines whether or not the area of the DMA control register of the access request destination is accessible.
[0020] 特定のバスマスタのみが起動可能な DMA、例えば暗号データを復号し LSI内部の ローカルメモリに転送する DMAを、特定のバスマスタ以外のバスマスタが転送先を LS I外部メモリに指定して DMA起動し、復号ィ匕された平文データを LSI外部で盗み出す といった、不正な DMA起動を防止することができる。  [0020] A DMA that can be activated only by a specific bus master, for example, a DMA that decrypts encrypted data and transfers it to the local memory inside the LSI, and a bus master other than the specific bus master specifies the transfer destination to the LSI external memory and activates the DMA However, it is possible to prevent illegal DMA activation, such as stealing decrypted plaintext data outside the LSI.
[0021] 本願第 8発明は、本願第 1発明において、前記バスマスタ及び前記共有バススレー ブ間のデータバス上に、前記バスマスタ力 前記共有バススレーブに出力されるデ ータを暗号ィ匕し、前記共有バススレーブ力 前記バスマスタに出力されるデータを復 号ィ匕するバス暗号部をさらに含むことを特徴とするアクセス制御装置を提供する。  The eighth invention of the present application is the invention according to the first invention of the present application, wherein the data output to the shared bus slave is encrypted on the data bus between the bus master and the shared bus slave, Shared bus slave capability An access control device further comprising a bus encryption unit for decrypting data output to the bus master.
[0022] バスマスタ及び共有バススレーブ間のデータバス上にバス暗号部を設けることで、 データバスを監視することによる解析を妨げることができる。よって、セキュリティをより 高めることができる。  By providing the bus encryption unit on the data bus between the bus master and the shared bus slave, analysis by monitoring the data bus can be prevented. Therefore, security can be further improved.
[0023] 本願第 9発明は、本願第 1発明において、前記アクセス要求を行ったバスマスタが 実行するプログラムを認証するプログラム認証部をさらに含み、前記アクセス可否判 定部は、前記プログラム認証部での認証結果及び前記アクセス可否情報格納部の アクセス可否情報に基づ 、て、前記アクセス要求を行ったバスマスタが前記アクセス 要求先の共有バススレーブの領域にアクセス可能力否かを判定することを特徴とす るアクセス制御装置を提供する。 The ninth invention of the present application is the first invention of the present application, further comprising a program authentication unit that authenticates a program executed by the bus master that has made the access request, wherein the access permission / inhibition determination unit includes: Based on the authentication result and the access availability information in the access availability information storage unit, the bus master that has made the access request determines whether or not it is possible to access the shared bus slave area of the access request destination. You An access control device is provided.
[0024] 本願第 10発明は、本願第 9発明において、前記バスマスタは、前記アクセス可否 情報格納部に格納されたアクセス可否情報にアクセスするための専用命令を有し、 前記専用命令実行時に前記専用命令をデコードして前記アクセス可否情報にァクセ スするためのアクセス要求を発行し、前記アクセス可否判定部は、前記専用命令に 基づくアクセス要求を受信し、前記プログラム認証部力 受信した認証結果に基づ!/、 て前記アクセス要求を実行するか否かを判定することを特徴とするアクセス制御装置 を提供する。  [0024] In a ninth invention of the present application, in the ninth invention of the present application, the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed. An access request for decoding the instruction and accessing the access permission / inhibition information is issued. The access permission / inhibition determination unit receives the access request based on the dedicated instruction and receives the access request based on the program authentication unit. An access control device is provided, which determines whether to execute the access request.
[0025] プログラム認証を行うと共に、アクセス可否情報へのアクセス可否判定をおこなうこ とで、アクセス可否情報の不正な書換を防止することが可能となり、かつアクセス可否 情報の読み出しや書き換えなどのアクセスの自由度を高めることができる。  By performing program authentication and determining whether access to the access permission information is possible, it is possible to prevent unauthorized rewriting of the access permission information, and to prevent access such as reading and rewriting of the access permission information. The degree of freedom can be increased.
[0026] 本願第 11発明は、本願第 1発明において、前記バスマスタは、前記アクセス可否 情報格納部に格納されたアクセス可否情報にアクセスするための専用命令を有し、 前記専用命令実行時に前記専用命令をデコードして前記アクセス可否情報にァクセ スするためのアクセス要求を発行することを特徴とするアクセス制御装置を提供する。  [0026] In an eleventh invention of the present application, in the first invention of the present application, the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed. An access control device for decoding an instruction and issuing an access request for accessing the access availability information is provided.
[0027] アクセス可否情報にアクセスするための専用命令を有することで、アクセス可否情 報を読み出したり、書き換えたりするなどの自由度を高めることができる。  [0027] By having a dedicated instruction for accessing the access permission / inhibition information, the degree of freedom such as reading out or rewriting the access permission / inhibition information can be increased.
[0028] 本願第 12発明は、本願 1発明において、前記アクセス可否情報格納部は特定のァ ドレスが割り当てられたレジスタであり、前記バスマスタが前記特定のアドレスにァク セスすることで、前記アクセス可否情報格納部に格納されたアクセス可否情報へのァ クセスが可能となることを特徴とするアクセス制御装置を提供する。  [0028] In a twelfth invention of the present application, in the first invention of the present application, the access permission / non-permission information storage unit is a register to which a specific address is assigned, and the bus master accesses the specific address so that the access is performed. An access control device characterized in that access to access permission information stored in a permission information storage unit is enabled.
[0029] 本願第 13発明は、本願第 11または第 12発明において、前記アクセス可否情報は 、アクセス可否情報へのアクセスを許可する力否かについての制限情報を含み、前 記アクセス可否判定部は、前記制限情報に基づいて、前記アクセス可否情報にァク セス可能力否かを判定することを特徴とするアクセス制御装置を提供する。  [0029] In a thirteenth invention of the present application, in the eleventh or twelfth invention of the present application, the access permission / non-permission information includes restriction information on whether or not the user has permission to access the access permission / prohibition information. And an access control device for determining whether or not the access permission / inhibition information is accessible based on the restriction information.
[0030] アクセス可否情報へのアクセスの可否を決定することにより、アクセス可否情報への アクセスの自由度を高めつつアクセスが許可されていないバスマスタからの不正なァ クセス制限し、セキュリティを高めることができる。例えば、アクセス可否情報へのァク セスによりアクセス可否情報が書き換えられる場合であっても、書き換えの際のセキュ リティを確保しつつ、書き換えによるアクセス許可領域の変更等、自由度を高めること ができる。 [0030] By determining whether or not to access the access permission information, it is possible to increase the degree of freedom of access to the access permission information while restricting unauthorized access from a bus master that is not permitted to access, thereby improving security. . For example, access to access Even when the access permission / non-permission information is rewritten by the access, the degree of freedom such as changing the access permitted area by rewriting can be increased while securing the security at the time of rewriting.
[0031] 本願第 14発明は、本願第 1発明において、前記アクセス可否判定部において、前 記アクセス要求を行ったバスマスタが前記アクセス要求先の共有バススレーブの領域 にアクセスができな ヽと判定された場合、前記アクセス要求を行ったバスマスタにダミ 一応答を行うダミー応答部をさらに含むことを特徴とするアクセス制御装置を提供す る。  [0031] In a fourteenth aspect of the present invention, in the first aspect of the invention, the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made. In this case, the access control device further includes a dummy response unit that performs a dummy response to the bus master that has made the access request.
[0032] ここで、ダミー応答とは、実際のアクセス要求先力 得た応答であるとバスマスタに 誤認させるダミーの応答を意味する。例えば、バスマスタ力も共有バススレーブのァク セス禁止領域にライト動作を行う場合、要求どおりのライト動作を実行せずにアクセス 要求の受け付け完了やデータ書き込み完了等のダミー応答を行う。また、アクセス禁 止領域にリード動作を行う場合、要求どおりのリード動作を実行せずにアクセス要求 の受け付け完了等のダミー応答を行う。よって、共有バススレーブ上のアクセス禁止 領域とアクセス許可領域とを見分けるのを困難にし、アクセス禁止領域へアクセスす るための解析を妨げることができる。  Here, the dummy response means a dummy response that causes the bus master to erroneously recognize that the response is a response obtained from the actual access request destination. For example, when a bus master performs a write operation in an access prohibited area of a shared bus slave, a dummy response such as completion of reception of an access request and completion of data writing is performed without performing a write operation as requested. When performing a read operation to the access prohibited area, a dummy response such as completion of acceptance of an access request is performed without performing the read operation as requested. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave, and analysis for accessing the access prohibited area can be prevented.
[0033] 本願第 15発明は、本願第 1発明において、前記アクセス可否判定部において、前 記アクセス要求を行ったバスマスタが前記アクセス要求先の共有バススレーブの領域 にアクセスができな ヽと判定された場合、前記アクセス要求先の共有バススレーブに ダミーアクセスを行うダミーアクセス部をさらに含むことを特徴とするアクセス制御装置 を提供する。  [0033] In a fifteenth invention of the present application, in the first invention of the present application, the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made. In such a case, the access control apparatus further includes a dummy access unit that performs a dummy access to the shared bus slave of the access request destination.
[0034] ここで、ダミーアクセスとは、実際のアクセス要求先に対してアクセスが行われたとバ ス観測者に誤認させるダミーのアクセスを意味する。ノ スマスタが共有バススレーブ の領域にアクセスできないと判定された場合でも何らかのダミーアクセスを共有バスス レーブに対して行う。このダミーアクセスによりバスマスタ及び共有バススレーブ間の データバスを監視することによる解析を妨げることができる。例えば、共有バススレー ブ上のアクセス禁止領域とアクセス許可領域とを見分けるためのデータバスの解析を 妨害することができる。ダミーアクセスとしては、ライト動作の場合、例えばアクセス先 の領域のデータをマスクしつつ書き込みを行ったり、ライトコマンドの代わりにリードコ マンドを発行する等のアクセスを行う。また、リード動作の場合、例えばアクセスが許 可されている領域に対してリードコマンドを発行する等のアクセスを行う。 [0034] Here, the dummy access means a dummy access that causes a bus observer to mistakenly determine that an access has been made to an actual access request destination. Even if it is determined that the nosmaster cannot access the shared bus slave area, some dummy access is performed to the shared bus slave. This dummy access can prevent analysis by monitoring the data bus between the bus master and the shared bus slave. For example, the analysis of the data bus for distinguishing between the access prohibited area and the access permitted area on the shared bus slave can be prevented. As a dummy access, in the case of a write operation, for example, an access destination Access is performed by writing while masking the data in the area, or issuing a read command instead of a write command. In the case of a read operation, for example, an access such as issuing a read command to an area to which access is permitted is performed.
[0035] 本願第 16発明は、複数のバスマスタと、前記複数のバスマスタ力も前記複数のバス マスタにより共有される少なくとも 1の共有バススレーブへのアクセスについてアクセス 制御を行うアクセス制御装置とを含み、前記アクセス制御装置は、前記バスマスタか ら前記共有バススレーブへのアクセスを禁止するアクセス可否情報を格納するァクセ ス可否情報格納部と、前記バスマスタから前記共有バススレーブの所望の領域への アクセス要求が行われた場合、前記アクセス可否情報格納部のアクセス可否情報に 基づ 、て、前記バスマスタが前記アクセス要求先の共有バススレーブの領域にァク セス可能力否かを判定するアクセス可否判定部とを有することを特徴とするシステム LSIを提供する。  [0035] A sixteenth invention of the present application includes a plurality of bus masters, and an access control device that performs access control on access to at least one shared bus slave whose power is also shared by the plurality of bus masters, The access control device includes: an access permission / non-permission information storage unit that stores access permission / prohibition information for prohibiting access from the bus master to the shared bus slave; and an access request from the bus master to a desired area of the shared bus slave. The access permission / inhibition determination unit determines whether the bus master can access the area of the shared bus slave of the access request destination based on the access permission information in the access permission information storage unit. A system LSI characterized by having
[0036] 以上の構成により本願第 1発明と同様の作用効果を有するシステム LSIを得ることが できる。  With the above configuration, it is possible to obtain a system LSI having the same functions and effects as the first invention of the present application.
[0037] 本願第 17発明は、本願第 16発明において、前記複数のバスマスタがアクセス可能 な別バススレーブをさらに含むことを特徴とするシステム LSIを提供する。 スマスタ は 1つに限定されず複数設けることができる。  A seventeenth invention of the present application provides the system LSI of the sixteenth invention of the present application, further comprising another bus slave accessible to the plurality of bus masters. The number of masters is not limited to one, and a plurality of masters can be provided.
[0038] 本願第 18発明は、複数のバスマスタ力も前記複数のバスマスタにより共有される少 なくとも 1の共有バススレーブへのアクセスについてアクセス制御を行う DMA制御装 置であって、 DMA (Direct Memory Access)制御を行う DMAコントローラと、前記共 有バススレーブへのアクセスを制御するメモリスケジューラとを含み、前記メモリスケジ ユーラは、前記第 1発明に記載のアクセス制御装置を有することを特徴とする DMA 制御装置を提供する。  [0038] The eighteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters. A) a DMA controller for performing control; and a memory scheduler for controlling access to the shared bus slave, wherein the memory scheduler includes the access control device according to the first aspect of the present invention. Provide equipment.
[0039] 上述の通りメモリスケジューラが本願第 1発明のアクセス制御装置を有する。これに より、バスマスタ力 Sメモリスケジューラを介して共有バススレーブにアクセスする場合、 アクセス可否判定部により許可されたバスマスタのみが共有バススレーブの所定領 域にアクセスできる。よって、本願第 1発明と同様に共有バススレーブ上に特定のバ スマスタの専用領域を確保し、特定のバスマスタ以外のバスマスタによる不正なァク セスを禁止し、セキュリティを向上させることができる。 As described above, the memory scheduler has the access control device of the first invention of the present application. Thus, when accessing a shared bus slave via the bus master S memory scheduler, only the bus master permitted by the access permission / non-permission determining unit can access a predetermined area of the shared bus slave. Therefore, similarly to the first invention of the present application, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal operations by bus masters other than the specific bus master are performed. Access can be prohibited and security can be improved.
[0040] また、バスマスタは共有バススレーブを共有して!/、るため、特定のバスマスタ毎に専 用のバススレーブを別途設ける必要がない。よって、別途のバススレーブとバスマスタ とを接続するためのバス配線や端子を設けるコストを削減することができる。 Further, since the bus masters share the shared bus slaves! /, It is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
[0041] 本願第 19発明は、複数のバスマスタ力も前記複数のバスマスタにより共有される少 なくとも 1の共有バススレーブへのアクセスについてアクセス制御を行う DMA制御装 置であって、 DMA (Direct Memory Access)制御を行う DMAコントローラと、前記共 有バススレーブへのアクセスを制御するメモリスケジューラとを含み、前記 DMAコント ローラは、前記第 1発明に記載のアクセス制御装置を有することを特徴とする DMA 制御装置を提供する。 The nineteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters. A) a DMA controller for controlling the access, and a memory scheduler for controlling access to the shared bus slave, wherein the DMA controller has the access control device according to the first aspect of the invention. Provide equipment.
[0042] 直接メモリ転送を行う DMAコントローラが本願第 1発明のアクセス制御装置を有す る。これにより、バスマスタが DMAコントローラを介して共有バススレーブにアクセス する場合、アクセス可否判定部により許可されたノ スマスタのみ力 共有バススレー ブの所定領域にアクセスできる。よって、本願第 1発明と同様の効果を得ることができ る。  A DMA controller that performs direct memory transfer has the access control device of the first invention of the present application. Thus, when the bus master accesses the shared bus slave via the DMA controller, only the nosmaster permitted by the access permission / non-permission judgment unit can access a predetermined area of the shared bus slave. Therefore, the same effect as the first invention of the present application can be obtained.
[0043] 本願第 20発明は、複数のバスマスタ力も前記複数のバスマスタにより共有される少 なくとも 1の共有バススレーブへのアクセスについてアクセス制御を行う DMA制御装 置であって、 DMA (Direct Memory Access)制御を行う DMAコントローラと、前記共 有バススレーブへのアクセスを制御するメモリスケジューラとを含み、前記メモリスケジ ユーラは前記請求項 1に記載のアクセス制御装置を有し、前記 DMAコントローラは 前記第 1発明に記載のアクセス制御装置を有することを特徴とする DMA制御装置を 提供する。  [0043] The twentieth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters. A memory controller for controlling access to the shared bus slave, the memory scheduler including the access control device according to claim 1, and the DMA controller including the DMA controller for controlling access to the shared bus slave. (1) To provide a DMA control device having the access control device according to the invention.
[0044] バスマスタは、メモリスケジューラまたは DMAコントローラを介して共有バススレー ブにアクセス可能である。よって、メモリスケジューラ及び DMAコントローラそれぞれ がアクセス制御装置を有することで、共有バススレーブへのアクセス制限を行うことが できる。  [0044] The bus master can access the shared bus slave via a memory scheduler or a DMA controller. Therefore, since each of the memory scheduler and the DMA controller has the access control device, the access to the shared bus slave can be restricted.
[0045] 本願第 20発明は、複数のバスマスタ力も前記複数のバスマスタにより共有される少 なくとも 1の共有バススレーブへのアクセスについてアクセス制御を行うアクセス制御 方法であって、前記バスマスタから前記共有バススレーブへのアクセスを禁止するァ クセス可否情報を格納する格納ステップと、前記バスマスタから前記共有バススレー ブの所望の領域へのアクセス要求が行われた場合、前記アクセス可否情報格納部 のアクセス可否情報に基づ 、て、前記バスマスタが前記アクセス要求先の共有バス スレーブの領域にアクセス可能力否かを判定する判定ステップとを含むことを特徴と するアクセス制御方法を提供する。 [0045] The twentieth invention of the present application is directed to an access control for performing access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters. A method for storing access permission / prohibition information for inhibiting access to the shared bus slave from the bus master, and when an access request to a desired area of the shared bus slave is made from the bus master, Determining whether the bus master can access the area of the shared bus slave to which the access request is made, based on the access permission information of the access permission information storage unit. Provide a method.
[0046] 本願発明のアクセス制御装置を用いれば、特定のバスマスタ以外のバスマスタによ る共有バススレーブへの不正なアクセスを禁止し、セキュリティを向上させることがで きる。  By using the access control device of the present invention, unauthorized access to the shared bus slave by a bus master other than a specific bus master can be prohibited, and security can be improved.
図面の簡単な説明  Brief Description of Drawings
[0047] [図 1]第 1実施形態例に係るマルチプロセッサシステムの構成図。 FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment.
[図 2]アクセス可否情報 DB33に記憶されているアクセス可否情報の一例。  FIG. 2 is an example of access permission information stored in DB33.
[図 3]アクセス制御処理の一例を示すフローチャートの一例。  FIG. 3 is an example of a flowchart showing an example of access control processing.
[図 4]第 2実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 4 is a configuration diagram of a multiprocessor system according to a second embodiment.
[図 5]アクセス可否情報 DB33に記憶されている動作状態に応じたアクセス可否情報 の一例。  FIG. 5 is an example of access permission / prohibition information corresponding to an operation state stored in DB33.
[図 6]第 3実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 6 is a configuration diagram of a multiprocessor system according to a third embodiment.
[図 7]アクセス可否情報 DB33内の書換命令許可情報の一例。  [FIG. 7] Access permission information An example of rewrite command permission information in DB33.
[図 8]第 4実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment.
[図 9]第 5実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment.
[図 10]第 6実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 10 is a configuration diagram of a multiprocessor system according to a sixth embodiment.
[図 11]第 7実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment.
[図 12]第 7実施形態例に係るマルチプロセッサシステムのその他の構成図。  FIG. 12 is another configuration diagram of the multiprocessor system according to the seventh embodiment.
[図 13]第 8実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment.
[図 14]第 8実施形態例に係るマルチプロセッサシステムのその他の構成図。  FIG. 14 is another configuration diagram of the multiprocessor system according to the eighth embodiment.
[図 15]第 9実施形態例に係るマルチプロセッサシステムの構成図。  FIG. 15 is a configuration diagram of a multiprocessor system according to a ninth embodiment.
[図 16]第 10実施形態例に係るマルチプロセッサシステムの構成図(1)。  FIG. 16 is a configuration diagram (1) of a multiprocessor system according to a tenth embodiment.
[図 17]第 10実施形態例に係るマルチプロセッサシステムの構成図(2)。 [図 18]第 10実施形態例に係るマルチプロセッサシステムの構成図(3)。 FIG. 17 is a configuration diagram (2) of a multiprocessor system according to a tenth embodiment. FIG. 18 is a configuration diagram (3) of a multiprocessor system according to a tenth embodiment.
[図 19]第 10実施形態例に係るマルチプロセッサシステムの構成図(4)。  FIG. 19 is a configuration diagram (4) of a multiprocessor system according to a tenth embodiment.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0048] <発明の概要 > <Summary of Invention>
本願発明のアクセス制御部を有するマルチプロセッサシステムは、各プロセッサカ モリ等の資源を共有している。このマルチプロセッサシステムの共有メモリは、その領 域が分割されプロセッサ毎に割り当てられて 、る特定プロセッサ専用領域と、マルチ プロセッサで共有されている共有領域とで構成されている。また、マルチプロセッサシ ステムを構成する複数のプロセッサは、共有メモリへのアクセスを制限するアクセス制 御部に接続されている。このアクセス制御部は、プロセッサから共有メモリの所望の領 域にアクセス要求が行われた場合、そのプロセッサに割り当てられた領域以外のァク セスを禁止する。よって、特定のプロセッサ以外のプロセッサによる不正なアクセスを 禁止し、セキュリティを向上させることができる。  The multiprocessor system having the access control unit of the present invention shares resources such as processor memories. The shared memory of the multiprocessor system is configured by a dedicated processor dedicated area, which area is divided and assigned to each processor, and a shared area shared by the multiprocessors. A plurality of processors constituting the multiprocessor system are connected to an access control unit for restricting access to the shared memory. When an access request is made from a processor to a desired area of the shared memory, the access control unit prohibits accesses other than the area allocated to the processor. Therefore, unauthorized access by processors other than the specific processor can be prohibited, and security can be improved.
[0049] <第 1実施形態例 > <Example of First Embodiment>
図 1は本願発明の第 1実施形態例に係るマルチプロセッサシステムの構成図である  FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment of the present invention.
[0050] (1)構成 [0050] (1) Configuration
第 1実施形態例に係るアクセス制御部を有するマルチプロセッサシステム 1000は、 マルチプロセッサ 100、バスマスタ識別部 200、アクセス制御部 300、 IF (lnterFace) 部 400及び共有バススレーブ 500を含む。マルチプロセッサ 100は、プロセッサであ る第 1バスマスタ 10a、第 2バスマスタ 10b、第 3バスマスタ 10c、 · · ·、を有している。こ の第 1バスマスタ 10a、第 2バスマスタ 10b、第 3バスマスタ 10c、 · · ·は、メモリ等から なる共有資源として共有バススレーブ 500を共有して 、る。ノ スマスタ識別部 200は 、第 1バスマスタ 10a、第 2バスマスタ 10b、第 3バスマスタ 10c、 · · ·と接続されており 、各ノ スマスタ 10からアクセス要求を受け付ける。バスマスタ識別部 200での識別結 果及びアクセス要求がアクセス制御部 300へ入力され、 IF部 400を介して共有バスス レーブ 500へ入力される。そして、共有バススレーブ 500からのアクセス結果が IF部 4 00を介して各バスマスタ 10へ出力される。 [0051] 以下に、共有バススレーブ 500、バスマスタ識別部 200、アクセス制御部 300及び I F部 400について説明する。 A multiprocessor system 1000 having an access control unit according to the first embodiment includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, an IF (lnterFace) unit 400, and a shared bus slave 500. The multiprocessor 100 has a first bus master 10a, a second bus master 10b, and a third bus master 10c, which are processors. The first bus master 10a, the second bus master 10b, the third bus master 10c,... Share the shared bus slave 500 as a shared resource such as a memory. The nosmaster identification unit 200 is connected to the first bus master 10a, the second bus master 10b, the third bus master 10c,..., And receives an access request from each nosmaster 10. The identification result and the access request in the bus master identification unit 200 are input to the access control unit 300, and are input to the shared bus slave 500 via the IF unit 400. Then, the access result from the shared bus slave 500 is output to each bus master 10 via the IF unit 400. Hereinafter, the shared bus slave 500, the bus master identification unit 200, the access control unit 300, and the IF unit 400 will be described.
[0052] (1 1)共有バススレーブ  [0052] (1 1) Shared bus slave
共有バススレーブ 500は、汎用メモリ等であり、第 1バスマスタ 10a、第 2バスマスタ 1 0b、第 3バスマスタ 10c、 · · ·により共有される。共有バススレーブ 500は分割され、図 1に示すようにバスマスタ毎に第 1バスマスタ専用領域 50a、第 2バスマスタ専用領域 50b、第 3バスマスタ専用領域 50c、 · · ·が割り当てられ、さらに各バスマスタ 10に共 有される共有領域 51が割り当てられている。  The shared bus slave 500 is a general-purpose memory or the like, and is shared by the first bus master 10a, the second bus master 10b, the third bus master 10c,. The shared bus slave 500 is divided, and as shown in FIG. 1, a first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and so on are assigned to each bus master. The shared area 51 to be shared is allocated.
[0053] (1 - 2)バスマスタ識別部  [0053] (1-2) Bus master identification unit
バスマスタ識別部 200は、バスマスタ 10から共有バススレーブ 500へのアクセス要 求を受け付けると、どのバスマスタ 10からのアクセス要求であるかを識別する。そして 、アクセス要求及び識別結果をアクセス制御部 300に出力する。複数のバスマスタ 1 0からアクセス要求が行われている場合には、例えば優先度に応じてどのバスマスタ 10からのアクセス要求を優先するかを決定する。バスマスタの識別方法としては、本 実施形態例では、複数のノ スアクセス入力ポートがそれぞれ特定のバスマスタと 1対 1に対応するため、どの入力ポートからのバスアクセスかを検知することでバスマスタ を識別する方法が考えられる。また、アクセス要求は、例えば共有バススレーブ 500 内の所望の領域へアクセスするためのアドレス、書き込みデータ等の信号により行わ れる。  Upon receiving an access request from the bus master 10 to the shared bus slave 500, the bus master identification unit 200 identifies which bus master 10 is the access request. Then, it outputs the access request and the identification result to access control section 300. When an access request is made from a plurality of bus masters 10, for example, it is determined which access request from which bus master 10 has priority according to the priority. As a method of identifying a bus master, in the present embodiment, since a plurality of no-access input ports correspond one-to-one with a specific bus master, the bus master is identified by detecting which input port accesses the bus. There is a way to do it. The access request is made by a signal such as an address for accessing a desired area in the shared bus slave 500 and write data.
[0054] (1 - 3)アクセス制御部  [0054] (1-3) Access control unit
アクセス制御部 300は、アクセス可否判定部 31及びアクセス可否情報 DB33を有し ている。アクセス可否情報 DB33には、ノ スマスタ 10毎にアクセス可否情報が記憶さ れている。アクセス可否情報とは、バスマスタ 10毎における共有バススレーブ 500の 所定領域へのアクセスを禁止する情報である。図 2は、アクセス可否情報 DB33に記 憶されているアクセス可否情報の一例である。図 2では、共有バススレーブ 500内の アクセス禁止領域を、バスマスタ 10毎にアクセス禁止領域開始アドレス及びアクセス 禁止領域終了アドレスにより指定している。ここで、アクセス禁止領域開始アドレスと アクセス禁止領域終了アドレスが同一アドレスである場合、アクセス禁止領域が存在 しないものとする。図 2のアクセス可否情報に基づけば、第 1バスマスタ 10aのみが共 有バススレーブ 500内アドレス 0x8000— 0000〜8000— FFFFの 64KB空間にアクセス 可能である。ここで、アクセス禁止領域は、共有バススレーブ 500への書き込みァク セスのみを禁止する領域、または、共有バススレーブ 500からの読出しアクセスのみ を禁止する領域、または、書き込み及び読み出しアクセスの両方を禁止する領域、ま たは全てのアクセスを禁止する領域であっても良い。このようにすることで、ノ スマスタ 毎に共有バススレーブからのデータの読み出しのみ許可する、書き込みのみ許可す る等の自由度を高めることができる。 The access control section 300 includes an access permission / non-permission determining section 31 and an access permission / non-permission information DB33. Access permission information DB33 stores access permission information for each nosmaster 10. The access permission / prohibition information is information that prohibits the shared bus slave 500 from accessing a predetermined area for each bus master 10. FIG. 2 shows an example of the access permission information stored in the access permission information DB 33. In FIG. 2, the access prohibited area in the shared bus slave 500 is designated for each bus master 10 by the access prohibited area start address and the access prohibited area end address. If the access prohibited area start address and the access prohibited area end address are the same address, the access prohibited area exists. Shall not. Based on the access permission / non-permission information shown in FIG. 2, only the first bus master 10a can access the 64 KB space of the address 0x8000—0000 to 8000—FFFF in the shared bus slave 500. Here, the access prohibited area is an area that prohibits only write access to the shared bus slave 500, an area that prohibits only read access from the shared bus slave 500, or prohibits both write and read access. Or an area where all access is prohibited. By doing so, it is possible to increase the degree of freedom such as permitting only reading of data from the shared bus slave or permitting only writing for each nosmaster.
[0055] アクセス可否判定部 31は、バスマスタ識別部 200から入力されたアクセス要求及び 識別結果とアクセス可否情報 DB33内のアクセス可否情報とを照合することによりァ クセス可否判定を行う。例えば、バスマスタ識別部 200により第 2バスマスタ 10bが識 別され、第 2バスマスタ 10bから共有バススレーブ 500内のアドレス 0x8000— 0000へ のアクセス要求がアクセス可否判定部 31に入力されたとする。アクセス可否判定部 3 1は、アクセス可否情報 DB33内を参照し、第 2バスマスタ 10bによるアドレス 0x8000 — 0000〜8000— FFFFへのアクセスが禁止されて!、ることに基づ!/、て、第 2バスマスタ 10bのアドレス 0x8000— 0000へのアクセスを禁止する。一方、第 2バスマスタ 10bから アドレス 0x8000— 0000〜8000—FFFF以外へのアクセス要求が行われた場合には、 アクセス可否判定部 31は、第 2バスマスタ 10bの共有バススレーブ 500へのアクセス 要求を許可する。アクセス可否判定部 31は、この判定結果を IF部 400に出力する。  The access permission / non-permission determining section 31 determines access permission / rejection by comparing the access request / identification result input from the bus master identification section 200 with the access permission / prohibition information in the access permission / prohibition information DB 33. For example, it is assumed that the second bus master 10b is identified by the bus master identification unit 200, and an access request to the address 0x8000-0000 in the shared bus slave 500 is input from the second bus master 10b to the access availability determination unit 31. The access permission / inhibition determination unit 31 refers to the access permission / inhibition information DB 33 and prohibits the second bus master 10b from accessing the address 0x8000 — 0000 to 8000 — FFFF! 2 Access to address 0x8000—0000 of bus master 10b is prohibited. On the other hand, when the second bus master 10b issues an access request to an address other than 0x8000—0000 to 8000—FFFF, the access permission / non-permission determination unit 31 permits the second bus master 10b to access the shared bus slave 500. I do. The access permission / non-permission judgment unit 31 outputs the result of the judgment to the IF unit 400.
[0056] ここで、バスマスタ識別部 200とアクセス制御部 300との接続がハードヮーィヤード 構成であると、識別結果の改竄等を防止できるので好まし 、。  Here, it is preferable that the connection between the bus master identification unit 200 and the access control unit 300 has a hard-wired configuration, since the identification result can be prevented from being falsified.
[0057] 上記では、アクセス可否情報はアクセス禁止領域に関する情報である力 バスマス タ 10毎における共有バススレーブ 500の所定領域へのアクセスを許可するアクセス 許可領域を指定するアクセス許可アドレスであっても良い。ここで、アクセスが許可さ れるアクセス許可領域は、共有バススレーブ 500への書き込みアクセスのみを許可 する領域、または、共有バススレーブ 500からの読出しアクセスのみを許可する領域 、または、書き込み及び読み出しの両方を許可する領域、または全てのアクセスを禁 止であっても良い。アクセス許可領域へのアクセス要求が行われた場合には、ァクセ ス要求を行ったバスマスタから共有バススレーブへのアクセスが許可される。一方、ァ クセス許可領域以外へのアクセス要求が行われた場合には、アクセス要求を行った バスマスタから共有バススレーブ 500へのアクセスは禁止される。 [0057] In the above description, the access permission / prohibition information may be an access permission address that specifies an access permission area for permitting the shared bus slave 500 to access a predetermined area in each power bus master 10, which is information on an access prohibition area. . Here, the access permitted area where access is permitted is an area that permits only write access to the shared bus slave 500, an area that permits only read access from the shared bus slave 500, or both an area that permits writing and reading. May be prohibited, or all access may be prohibited. When an access request to the access permitted area is made, The access to the shared bus slave from the bus master that has made the bus request is permitted. On the other hand, when an access request is made to an area other than the access permitted area, access to the shared bus slave 500 from the bus master making the access request is prohibited.
[0058] バスマスタ 10によるアクセス要求は、バスマスタ 10がアクセス可否情報 DB33に割 り当てられた特定のアドレスを指定することにより行われても良い。このとき、アクセス 可否情報 DB33は、例えば特定のアドレスが割り当てられたレジスタである。  The access request by the bus master 10 may be made by the bus master 10 designating a specific address allocated to the access permission / non-permission information DB 33. At this time, the access permission information DB33 is, for example, a register to which a specific address is assigned.
[0059] (1 4) IF部  (1 4) IF section
IF部 400は、アクセス要求及びアクセス可否判定部 31からの判定結果を受け付け る。 IF部 400は、このアクセス要求及び判定結果に基づいて共有バススレーブ 500に アクセスするためのコマンド生成を行う。例えば、共有バススレーブ 500が DRAM (Dy namic Random Access Memory)である場合には、 DRAMを制御するための RAS (Row Address Strobe signal)、 CAS (Column Address Strobe signal)等のコマンドを生成す る。 IF部 400は、バスマスタ 10による共有バススレーブ 500内のアクセス要求先の領 域へのアクセスが許可されて 、る場合は、生成したコマンドに基づ 、てアクセス要求 が行われた領域にアクセスし、データの読み出しやデータの書き込みなどを実行す る。データが読み出された場合には、 IF部 400はアクセス要求を行ったバスマスタ 10 に対して読み出したデータを出力する。  IF section 400 receives the access request and the determination result from access permission / inhibition determination section 31. The IF unit 400 generates a command for accessing the shared bus slave 500 based on the access request and the determination result. For example, when the shared bus slave 500 is a DRAM (Dynamic Random Access Memory), commands such as a RAS (Row Address Strobe signal) and a CAS (Column Address Strobe signal) for controlling the DRAM are generated. If the bus master 10 is permitted to access the area of the access request destination in the shared bus slave 500, the IF unit 400 accesses the area to which the access request was made based on the generated command. In addition, data reading and data writing are executed. When the data has been read, the IF unit 400 outputs the read data to the bus master 10 that has made the access request.
[0060] 一方、 IF部 400は、アクセス可否判定部 31においてアクセスが禁止された場合は、 アクセス要求先の領域へのアクセスを禁止する通知を、アクセス要求を行ったバスマ スタ 10に行っても良い。  [0060] On the other hand, if the access is prohibited by the access permission / non-permission determining unit 31, the IF unit 400 may notify the bus master 10 that has made the access request that the access to the access request destination area is prohibited. good.
[0061] IF部 400は、ダミー応答を行うダミー応答部 41とダミーアクセスを行うダミーアクセス 部 42をさらに有していると好ましい。ここで、ダミー応答とは、アクセス要求先の共有 バススレーブ 500の領域にバスマスタ 10がアクセスできないと判定された場合におい て、実際のアクセス要求先力も得た応答であるとバスマスタ 10に誤認させるために行 うダミーの応答を意味する。ダミー応答部 41は、アクセス可否判定部 31によりバスマ スタ 10からのアクセス要求がアクセス禁止領域へのアクセス要求であると判定される と、バスマスタ 10に対してダミーの応答を返す。例えば、バスマスタ 10から共有バス スレーブ 500のアクセス禁止領域にライト動作が要求された場合、ダミー応答部 41が アクセス要求の受け付け完了やデータ書き込み完了等のダミーの応答を作成する。 そして要求どおりのライト動作を行わずに、作成したダミー応答をバスマスタ 10に行う 。また、ダミーアクセス部 42は、共有バススレーブ 500内のアクセス要求先の領域と は関係ないダミー領域にアクセスしライト動作を行っても良い。一方、ノ スマスタ 10か らアクセス禁止領域にリード動作の要求が行われた場合、要求どおりのリード動作を 行わずに、ダミー応答部 41がアクセス要求の受け付け完了や所定のリードデータ等 のダミーの応答を作成してダミー応答を行う。また、ダミーアクセス部 42は、アクセス 要求先の領域とは関係ないダミー領域にアクセスしリード動作を行っても良い。よって 、共有バススレーブ 500上のアクセス禁止領域とアクセス許可領域とを見分けるのを 困難にし、アクセス禁止領域へアクセスするための解析を妨げることができる。ランダ ムなデータあるいは固定値をバスマスタに出力すると、さらに解析を困難にすることが でき好ましい。 [0061] It is preferable that the IF unit 400 further includes a dummy response unit 41 for performing a dummy response and a dummy access unit 42 for performing a dummy access. Here, the dummy response is to make the bus master 10 erroneously recognize that the dummy request is a response that also has the actual access request destination when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination. Means a dummy response to be made. The dummy response unit 41 returns a dummy response to the bus master 10 when the access permission determination unit 31 determines that the access request from the bus master 10 is an access request to the access prohibited area. For example, when a write operation is requested from the bus master 10 to the access prohibited area of the shared bus slave 500, the dummy response unit 41 Create a dummy response such as completion of reception of an access request and completion of data writing. Then, the created dummy response is sent to the bus master 10 without performing the write operation as requested. Further, the dummy access unit 42 may access a dummy area in the shared bus slave 500 that is not related to the area to which the access request is made, and perform the write operation. On the other hand, when a read operation request is issued from the nosmaster 10 to the access prohibited area, the read operation is not performed as requested, and the dummy response unit 41 completes the reception of the access request and performs dummy operations such as predetermined read data. Create a response and make a dummy response. Further, the dummy access unit 42 may access a dummy area irrelevant to the access request destination area and perform the read operation. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave 500, and it is possible to prevent analysis for accessing the access prohibited area. It is preferable to output random data or fixed values to the bus master, because the analysis becomes more difficult.
[0062] またダミーアクセスとは、アクセス要求先の共有バススレーブ 500の領域にバスマス タ 10がアクセスできないと判定された場合、実際のアクセス要求先に対して行われた と、 IF部 400と共有バススレーブ 500との間の信号を観測して情報を不正に盗み出そ うとする人に誤認させるために行うダミーのアクセスを意味する。ノ スマスタ 10が共有 バススレーブ 500の領域にアクセスできないと判定された場合でも何らかのダミーァ クセスを共有バススレーブ 500に対して行う。よって、バスマスタ 10及び共有バススレ ーブ 500間のデータノ スを監視することによる解析を妨げることができる。例えば、デ ータバスをトレースすることによって共有バススレーブ 500上のアクセス禁止領域とァ クセス許可領域とを見分けることを妨害することができる。ダミーアクセスとしては、ァ クセス禁止領域へのライト動作の場合、例えばアクセス要求先の領域のデータをマス クしつつ書き込みを行う、ライトコマンドの代わりにリードコマンドを発行する、アクセス が許可されており書き込みを行っても影響のない領域に対して書き込みを行う等のダ ミーアクセスを行う。また、アクセス禁止領域へのリード動作の場合、例えばアクセス が許可されている領域に対してリードコマンドを発行する等のアクセスを行う。  [0062] Dummy access means that when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination, the access to the actual access request destination is shared with the IF unit 400. This means a dummy access performed to observe a signal between the bus slave 500 and a person who tries to steal information illegally. Even if it is determined that the nosmaster 10 cannot access the area of the shared bus slave 500, some dummy access is performed to the shared bus slave 500. Therefore, analysis by monitoring data noise between the bus master 10 and the shared bus slave 500 can be prevented. For example, by tracing the data bus, it is possible to prevent the access prohibited area and the access permitted area on the shared bus slave 500 from being distinguished from each other. As a dummy access, in the case of a write operation to an access prohibited area, access is permitted, for example, writing while masking data in the area of the access request destination, issuing a read command instead of a write command. Perform dummy access such as writing to an area that is not affected by writing. In the case of a read operation to an access prohibited area, an access such as issuing a read command to an area to which access is permitted is performed.
[0063] (2)バスマスタからバススレーブへのアクセス制御処理  (2) Access control processing from bus master to bus slave
次に、マルチプロセッサ 100内のバスマスタ 10から共有バススレーブ 500ヘアクセ ス要求が行われた場合のアクセス制御処理について説明する。図 3は、アクセス制御 処理の一例を示すフローチャートの一例である。 Next, the bus master 10 in the multiprocessor 100 accesses the shared bus slave 500. An access control process when a request is made will be described. FIG. 3 is an example of a flowchart showing an example of the access control process.
[0064] ステップ S 10 :バスマスタ識別部 200は、バスマスタ 10から共有バススレーブ 500の 所望の領域へのアクセス要求を受け付ける。  Step S 10: The bus master identification unit 200 receives an access request from the bus master 10 to a desired area of the shared bus slave 500.
[0065] ステップ S11 :バスマスタ識別部 200は、受け付けたアクセス要求に基づいてどの バスマスタ 10からのアクセス要求であるかを識別する。  Step S11: The bus master identification unit 200 identifies which bus master 10 is the access request based on the received access request.
[0066] ステップ S12 :バスマスタ識別部 200は、ステップ S 11での識別の結果、アクセス要 求が複数のバスマスタ 10からなされて!/、るかを判定する。複数のバスマスタ 10からァ クセス要求がある場合は、ステップ 13において共有バススレーブへのアクセス権利を 与えるバスマスタ 10を選択する。一方、一つのバスマスタ 10からのアクセス要求の場 合は、そのアクセス要求及び識別結果をアクセス可否判定部 31に出力する。  Step S12: As a result of the identification in step S11, the bus master identification section 200 determines whether or not an access request is made from a plurality of bus masters 10! If there is an access request from a plurality of bus masters 10, in step 13, the bus master 10 that is given the right to access the shared bus slave is selected. On the other hand, in the case of an access request from one bus master 10, the access request and the identification result are output to the access permission / non-permission determining unit 31.
[0067] ステップ S13:バスマスタ識別部 200はアクセス要求を受け付ける優先度に応じて バスマスタを選択する。選択されたバスマスタ 10のアクセス要求及び識別結果をァク セス可否判定部 31に出力する。  Step S13: The bus master identifying section 200 selects a bus master according to the priority of receiving the access request. The access request and identification result of the selected bus master 10 are output to the access permission / non-permission judgment unit 31.
[0068] ステップ S 14 :アクセス可否判定部 31は、バスマスタ識別部 200からのアクセス要 求及び識別結果と、アクセス可否情報 DB33内のアクセス可否情報とを照合する。例 えば、アクセス要求が共有バススレーブ 500のアクセス先のアドレスである場合は、そ のアドレスがアクセス禁止領域のアドレスであるかをアクセス可否情報 DB33を参照し て照合する。  Step S 14: The access permission / inhibition judging section 31 collates the access request and identification result from the bus master identification section 200 with the access permission information in the access permission information DB 33. For example, when the access request is the address of the access destination of the shared bus slave 500, whether the address is the address of the access prohibited area is checked with reference to the access permission / prohibition information DB33.
[0069] ステップ S15 :アクセス可否判定部 31での照合の結果、アクセスが許可されている と判定された場合は、ステップ S 16においてアクセス許可処理を行う。一方、アクセス が禁止されていると判定された場合は、ステップ S17においてアクセス禁止処理を行  [0069] Step S15: If the access permission determination section 31 determines that access is permitted as a result of the comparison, access permission processing is performed in step S16. On the other hand, if it is determined that access is prohibited, access prohibition processing is performed in step S17.
[0070] ステップ S16 : IF部 400は、アクセス可否判定部 31においてアクセスが許可された ことに基づ 、て、共有バススレーブ 500内のアクセス要求先の領域へアクセスするた めのコマンドを生成する。そして、生成されたコマンドに基づいて共有バススレーブ 5 00を制御し、共有バススレーブ 500内のアクセス要求先の領域からのデータの読み 出し、またはアクセス要求先の領域へのデータの書き込み等の処理を行う。 [0071] ステップ S17 : IF部 400は、アクセス可否判定部 31においてアクセスが禁止されたこ とに基づいてアクセス禁止処理を行う。アクセス禁止処理としては、(A)バスマスタ 10 へのアクセス禁止の通知、(B)ダミー応答部 41によるダミー応答処理、(C)ダミーア クセス部 42によるダミーアクセス等が挙げられる。 Step S16: The IF unit 400 generates a command for accessing the access request destination area in the shared bus slave 500 based on the fact that the access is permitted by the access permission / non-permission determining unit 31. . The shared bus slave 500 is controlled based on the generated command to read data from an access request destination area in the shared bus slave 500 or write data to the access request destination area. I do. Step S17: The IF unit 400 performs an access prohibition process based on the fact that the access is prohibited by the access permission determination unit 31. The access prohibition processing includes (A) notification of access prohibition to the bus master 10, (B) dummy response processing by the dummy response unit 41, (C) dummy access by the dummy access unit 42, and the like.
[0072] (3)効果  (3) Effect
以上の構成により、第 1実施形態例に係るマイクロプロセッサシステム 1000では、 アクセス可否判定部 31により許可されたバスマスタ 10のみが共有バススレーブ 500 の所望の領域にアクセスできる。よって、共有バススレーブ 500上に特定のバスマス タ 10の専用領域を確保することができる。そのため、特定のバスマスタ以外のバスマ スタによる不正なアクセスによるデータやプログラムの読み出し '改竄、プログラムの 不正実行を禁止し、セキュリティを向上させることができる。例えば、プログラムの改竄 や誤動作により、特定のバスマスタ以外のバスマスタが特定のバスマスタの専用領域 へアクセスしようとした場合でも、アクセスを禁止することができる。具体的には、デバ ッガを接続してバスマスタとして共有バススレーブ 500上の他バスマスタ専用領域へ アクセスしようとした場合に有効である。このとき、まずバスマスタ識別部 200がどのバ スマスタからのアクセス要求であるのかを識別する。次に、アクセス可否判定部 31が 、アクセス可否情報に基づいて、そのアクセス要求が許可されていない領域へのァク セス要求であることを認識することでそのアクセス要求を禁止することができる。  With the above configuration, in the microprocessor system 1000 according to the first embodiment, only the bus master 10 permitted by the access permission determination unit 31 can access a desired area of the shared bus slave 500. Therefore, a dedicated area for the specific bus master 10 can be secured on the shared bus slave 500. For this reason, it is possible to prevent data and programs from being read or tampered with by unauthorized access by a bus master other than a specific bus master, and to prevent unauthorized execution of the program and improve security. For example, even if a bus master other than the specific bus master attempts to access the dedicated area of the specific bus master due to a program falsification or malfunction, the access can be prohibited. More specifically, this is effective when a debugger is connected and an attempt is made to access a dedicated bus master area on the shared bus slave 500 as a bus master. At this time, first, the bus master identification unit 200 identifies from which bus master the access request is issued. Next, the access permission / non-permission determining unit 31 can prohibit the access request by recognizing, based on the access permission / prohibition information, that the access request is an access request to a non-permitted area.
[0073] さらに、バスマスタ 10は共有バススレーブ 500を共有しているため、特定のバスマス タ毎に専用の別途のバススレーブを設ける必要がない。よって、例えば専用の DRAM や SRAM等の別途のバススレーブとバスマスタ 10とを接続するためのバス配線や端 子を設けるコストを削減することができる。  Further, since the bus master 10 shares the shared bus slave 500, it is not necessary to provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting the bus master 10 to a separate bus slave such as a dedicated DRAM or SRAM.
[0074] <第 2実施形態例 >  <Example of Second Embodiment>
図 4は、本願発明の第 2実施形態例に係るマルチプロセッサシステムの構成図であ る。第 2実施形態例に係るマルチプロセッサシステム 1000のバスマスタ識別部 200 は、各バスマスタ力 アクセス要求とともに各バスマスタの動作状態を示す動作 IDを 受け付ける。そして、バスマスタ識別部 200は、アクセス要求に基づいてどのノ スマス タ 10からのアクセス要求であるかを識別する。さらに、バスマスタ識別部 200は、バス マスタの識別結果、アクセス要求及び動作 IDをアクセス可否判定部 31に出力する。 複数のバスマスタ 10からアクセス要求が行われている場合には、バスマスタ識別部 2 00はアクセス要求を受け付けるバスマスタを選択する。また、アクセス可否情報 DB3 3には、バスマスタ 10毎の動作状態に応じたアクセス可否情報が記憶されている。ァ クセス可否判定部 31は、識別したバスマスタ 10の動作状態とアクセス可否情報とに 基づいてアクセス可否判定を行う。第 2実施形態例のその他の構成は、第 1実施形 態例と同様である。動作状態としては、例えば実行中のスレッド情報等が挙げられる FIG. 4 is a configuration diagram of a multiprocessor system according to the second embodiment of the present invention. The bus master identification unit 200 of the multiprocessor system 1000 according to the second embodiment receives an operation ID indicating the operation state of each bus master together with each bus master access request. Then, based on the access request, the bus master identification unit 200 identifies from which of the masters 10 the access request is. Further, the bus master identification unit 200 The identification result of the master, the access request and the operation ID are output to the access permission / non-permission judgment unit 31. When an access request is made from a plurality of bus masters 10, the bus master identification unit 200 selects a bus master that receives the access request. The access permission / prohibition information DB 33 stores access permission / prohibition information according to the operation state of each bus master 10. The access permission / non-permission determining unit 31 determines access permission / prohibition based on the identified operation state of the bus master 10 and the access permission / prohibition information. Other configurations of the second embodiment are the same as those of the first embodiment. The operating state includes, for example, information on a thread being executed.
[0075] 図 5は、アクセス可否情報 DB33に記憶されている動作状態に応じたアクセス可否 情報の一例である。動作状態として動作 ID = 0と 1がある場合、各バスマスタ 10の動 作状態毎に、アクセス禁止開始アドレス及びアクセス禁止終了アドレスによりアクセス 禁止領域を指定している。第 1バスマスタ 10aは、動作 ID=0のときに共有バススレー ブ 500内のアドレス 0x8000— 0000〜8000— FFFFの領域にアクセスできる。一方、動 作 ID=1の場合はアドレス 0x8000— 0000〜8000— FFFFの領域へのアクセスは禁止さ れる。 FIG. 5 is an example of access permission / prohibition information according to the operation state stored in the access permission / prohibition information DB 33. When there are operation IDs 0 and 1 as the operation states, the access prohibition area is specified by the access prohibition start address and the access prohibition end address for each operation state of each bus master 10. When the operation ID is 0, the first bus master 10a can access the area of the address 0x8000—0000 to 8000—FFFF in the shared bus slave 500. On the other hand, if the operation ID is 1, access to the area at addresses 0x8000-0000 to 8000-FFFF is prohibited.
[0076] 次に、バスマスタ 10から共有バススレーブ 500へアクセス要求が行われた場合のァ クセス制御処理について、再び図 2を用いて説明する。  Next, access control processing when an access request is made from the bus master 10 to the shared bus slave 500 will be described with reference to FIG. 2 again.
[0077] ステップ S 10 :バスマスタ識別部 200は、バスマスタ 10からアクセス要求を受け付け る。 Step S 10: The bus master identification unit 200 receives an access request from the bus master 10.
[0078] ステップ S11 :バスマスタ識別部 200は、どのバスマスタ 10からのアクセス要求であ るかを識別する。さらに、ノ スマスタ識別部 200は、バスマスタ 10の動作状態を識別 してもよい。動作状態の識別は、例えばアクセス要求に伴ってバスマスタ 10から入力 される動作 IDに基づいて行う。  Step S11: The bus master identification unit 200 identifies which bus master 10 is the access request. Further, the no-master identification unit 200 may identify the operation state of the bus master 10. The operation state is identified based on, for example, an operation ID input from the bus master 10 in response to an access request.
[0079] ステップ S 12、 13:バスマスタ識別部 200は、ノ スマスタ 10を選択し、選択したバス マスタ 10のアクセス要求、識別結果及び動作状態をアクセス可否判定部 31に出力 する。  Steps S12 and S13: The bus master identification unit 200 selects the nosmaster 10, and outputs the access request, the identification result, and the operation state of the selected bus master 10 to the access availability determination unit 31.
[0080] ステップ S 14 :アクセス可否判定部 31は、バスマスタ識別部 200からのアクセス要 求及び識別結果及び動作状態とアクセス可否情報 DB33内のアクセス可否情報とを 照合する。 Step S 14: The access permission / non-permission determining section 31 compares the access request from the bus master identifying section 200, the identification result, the operation state, and the access permission / prohibition information in the access permission / prohibition information DB 33. Collate.
[0081] ステップ S15、 16、 17 :アクセスが許可されている場合は、ステップ S16においてァ クセス許可処理を行う。一方、アクセスが禁止されていると判定された場合は、ステツ プ S 17にお!/、てアクセス禁止処理を行う。  Steps S15, S16, S17: If access is permitted, access permission processing is performed in step S16. On the other hand, if it is determined that the access is prohibited, the access prohibition process is performed in step S17!
[0082] 上記の構成により、共有バススレーブ 500上に、特定のバスマスタ 10が特定の動作 状態にあるときのみアクセスすることができる専用領域を確保することができる。このよ うに、バスマスタ毎にアクセス可否判定を行うことに加えて、各バスマスタ 10の動作状 態に応じてアクセス可否判定を行うことで、よりセキュリティを高めることができる。例え ば、メディア処理プロセッサ力 構成されるあるノ スマスタ力 動作状態として、極秘 アルゴリズムのメディア処理用プログラムを共有メモリから構成される共有バススレー ブ 500から読み出して実行するとする。この動作状態に対して専用の動作 IDがノ ス マスタから出力され、その専用の動作 IDの場合にはアクセス可否判定部 31にお 、て アクセス要求が許可される。一方、同一のメディア処理プロセッサにおいて、例えば 極秘アルゴリズム以外の別の処理プログラムが開発される場合には、専用の動作 ID 以外の動作 IDが出力される。しかし、その動作 IDの場合には、アクセス可否判定部 3 1においてアクセス要求が許可されない。よって、極秘のメディア処理用プログラムに はアクセスできない。このようなアクセス可否判定により、同一のメディア処理プロセッ サにおいて、別の処理プログラムが実行されている場合には、極秘のメディア処理用 プログラムを読み出すことを防ぐことが可能となる。  With the above configuration, it is possible to secure a dedicated area on shared bus slave 500 that can be accessed only when a specific bus master 10 is in a specific operation state. As described above, in addition to performing access permission / inhibition determination for each bus master, access permission / inhibition determination is performed in accordance with the operation state of each bus master 10, whereby security can be further enhanced. For example, it is assumed that a media processing processor power and a certain nosmaster power are read and executed from a shared bus slave 500 composed of a shared memory as a media processing program of a confidential algorithm. An exclusive operation ID is output from the nosmaster in response to this operation state, and in the case of the exclusive operation ID, the access permission / non-permission judgment unit 31 permits the access request. On the other hand, when another processing program other than the confidential algorithm is developed in the same media processing processor, an operation ID other than a dedicated operation ID is output. However, in the case of the operation ID, the access request is not permitted in the access permission / non-permission determining unit 31. Therefore, it cannot access confidential media processing programs. By such access permission determination, it is possible to prevent reading of a confidential media processing program when another processing program is being executed in the same media processing processor.
[0083] <第 3実施形態例 >  <Example of Third Embodiment>
図 6は、第 3実施形態例に係るマルチプロセッサシステムの構成図である。第 3実施 形態例に係るマルチプロセッサシステム 1000では、第 1バスマスタ 10aが、アクセス 可否情報にアクセスするために専用命令を有している。専用命令としては、例えばァ クセス可否情報を読み出すためのリード命令、アクセス可否情報の書き込みゃ書換 のためのライト命令などが挙げられる。そして、アクセス可否情報にアクセスする場合 には、第 1バスマスタ 10aは、その専用命令をデコードし、バスマスタ識別部 200に専 用命令に基づくアクセス要求を出力する。バスマスタ識別部 200は、アクセス要求を アクセス可否判定部 31に出力する。アクセス可否判定部 31は、第 1バスマスタ 10aか らアクセス可否情報へのアクセスのためのアクセス要求を許可するか否かを、ァクセ ス可否情報 DB33内のアクセス可否情報に基づいて判定する。ここで、アクセス可否 情報 DB33内のアクセス可否情報は、アクセス可否情報へのアクセスを許可するか 否かについての制限情報をバスマスタ毎に含んでいる。図 7は、アクセス可否情報 D B33内の制限情報の一例である。図 7では、制限情報としてバスマスタ毎にアクセス 可否情報へのアクセスが許可されるか否かが設定されている。また、制限情報は、各 バスマスタの各種のアクセス可否情報毎にアクセス可能か否かを示す情報であって も良い。つまり、アクセス可否情報へのリードアクセスのみを禁止する、ライトアクセス のみを禁止する、リードアクセス及びライトアクセスの両方を禁止する情報であっても 良い。第 3実施形態例のその他の構成は、第 1実施形態例と同様である FIG. 6 is a configuration diagram of a multiprocessor system according to the third embodiment. In the multiprocessor system 1000 according to the third embodiment, the first bus master 10a has a dedicated instruction for accessing the access permission information. Examples of the dedicated instruction include a read instruction for reading the access permission information and a write instruction for writing / rewriting the access permission information. Then, when accessing the access permission information, the first bus master 10a decodes the dedicated instruction and outputs an access request based on the dedicated instruction to the bus master identification unit 200. Bus master identification section 200 outputs an access request to access permission / inhibition determination section 31. The access permission / non-permission judgment unit 31 determines whether the first bus master 10a It is determined based on the access permission information in the access permission information DB 33 whether or not to permit an access request for accessing the access permission information. Here, the access permission information in the access permission information DB 33 includes restriction information on whether access to the access permission information is permitted or not for each bus master. FIG. 7 is an example of the restriction information in the access permission information DB33. In FIG. 7, whether or not access to the access permission information is permitted is set for each bus master as restriction information. Further, the restriction information may be information indicating whether or not access is possible for each type of access availability information of each bus master. That is, the information may prohibit only read access to the access permission information, prohibit only write access, or prohibit both read access and write access. Other configurations of the third embodiment are the same as those of the first embodiment.
ここで、専用命令に基づいたアクセス可否情報へのアクセスは、例えばレジスタの 所定のアドレスにアクセスすることにより行われる。  Here, the access to the access permission information based on the dedicated instruction is performed by, for example, accessing a predetermined address of a register.
マルチプロセッサシステムが図 6に示すように構成されていると、アクセス可否情報 にアクセスし、アクセス可否情報を書き換えることにより次のようにバスマスタのァクセ ス許可領域を変更することもできる。例えばあるバスマスタがネットワークを介して新た なプログラムをダウンロードしたとする。あるバスマスタがその新たなプログラムを実行 するために共有バススレーブ 500における専用領域を拡張する必要が生じた場合、 あるバスマスタはアクセス可否情報を書き換えるためのライト命令をデコードし、ライト 命令に基づくアクセス要求を出力する。このアクセス要求は、例えば、アクセス可否判 定部 31内のレジスタ 35の特定のアドレスにアクセスすることにより実行される。バスマ スタ識別部 200は、ライト命令に基づくアクセス要求を受け付け、アクセス要求を行つ ているバスマスタを識別する。アクセス可否判定部 31は、ノ スマスタが出力したァク セス要求を許可するか否かを、アクセス可否情報 DB33内のアクセス可否情報に基 づいて判定する。ここで、アクセス可否情報 DB33内のアクセス可否情報は、ライト命 令に基づくアクセス要求を許可する力否かについての制限情報をバスマスタ毎に含 んでいる。識別されたノ スマスタによるアクセス要求が許可されている場合は、ァクセ ス可否情報へのアクセス要求に基づいてアクセス可否情報 DB33内のアクセス可否 情報を書き換える。この書換によりバスマスタは、拡張された共有バススレーブ 500内 の領域を用いて新たなプログラムの実行が可能となる。一方、アクセス可否情報に基 づ 、てアクセスが禁止された場合は、アクセス可否情報の書換の実行は禁止される。 When the multiprocessor system is configured as shown in FIG. 6, it is possible to change the access permission area of the bus master as follows by accessing the access permission information and rewriting the access permission information. For example, suppose a bus master downloads a new program via a network. When a certain bus master needs to extend the dedicated area in the shared bus slave 500 to execute the new program, a certain bus master decodes a write instruction for rewriting the access enable / disable information, and requests an access based on the write instruction. Is output. This access request is executed, for example, by accessing a specific address of the register 35 in the access permission / non-permission determining unit 31. The bus master identification unit 200 receives an access request based on a write instruction, and identifies the bus master making the access request. The access permission / inhibition determination unit 31 determines whether to permit the access request output by the nosmaster based on the access permission information in the access permission information DB 33. Here, the access availability information in the access availability information DB33 includes, for each bus master, restriction information as to whether or not the access request based on the write instruction is permitted. If the access request by the identified nosmaster is permitted, the access permission information in the access permission information DB 33 is rewritten based on the access request to the access permission information. With this rewrite, the bus master is now in the extended shared bus slave 500 It is possible to execute a new program using the area. On the other hand, when access is prohibited based on the access permission information, execution of rewriting of the access permission information is prohibited.
[0085] さらに、アクセス可否情報を読み出すリード命令に基づくアクセス要求への制限を 行うこともできる。例えば、まずバスマスタ識別部 200が、バスマスタからのリード命令 に基づくアクセス要求を受け付け、アクセス要求を出力したバスマスタを識別する。ァ クセス可否判定部 31は、識別されたバスマスタによる読み出しが許可されている場 合にのみ、リード命令に基づいてアクセス可否情報 DB33内のアクセス可否情報を 読み出す。そして、読み出したアクセス可否情報を IF部 400に出力し、リード命令を 行ったバスマスタに出力する。  [0085] Further, it is possible to limit access requests based on a read command for reading access permission information. For example, first, the bus master identification unit 200 receives an access request based on a read command from the bus master, and identifies the bus master that has output the access request. The access permission / non-permission determining unit 31 reads the access permission / prohibition information in the access permission / prohibition information DB 33 based on the read command only when reading by the identified bus master is permitted. Then, the read access permission / inhibition information is output to the IF unit 400 and output to the bus master that has issued the read instruction.
[0086] このように、アクセス可否情報へのアクセスの可否を決定することにより、アクセス可 否情報のアクセスの自由度を高めつつアクセスが許可されていないバスマスタからの 不正なアクセス制限し、セキュリティを高めることができる。また、不正な読み出しを制 限しつつアクセス可否情報を読み出すことで、セキュリティを高めつつデバッグ効率 を向上させることができる。  As described above, by determining whether or not to access the access permission information, it is possible to increase the degree of freedom in accessing the access permission information while restricting unauthorized access from a bus master that is not permitted to access, thereby improving security. Can be enhanced. In addition, by reading the access permission / rejection information while restricting illegal reading, debugging efficiency can be improved while security is improved.
[0087] 上記では、アクセス可否情報へのアクセス要求を共有バスレーブへのアクセス要求 と同一ノ スを使用する例で説明した力 別途、アクセス可否情報へのアクセスのため のアクセス専用バスを設けて行っても良 、。  In the above description, the access request to the access permission information is performed using the same node as the access request to the shared bus slave. Good.
[0088] <第 4実施形態例 >  <Fourth Embodiment Example>
図 8は、本願発明の第 4実施形態例に係るマルチプロセッサシステムの構成図であ る。第 4実施形態例に係るマルチプロセッサシステム 1000は、バスマスタ識別部 200 内にプログラム認証部 21を有している。このプログラム認証部 21によりプログラムが 正当なものであると認証された場合にアクセス要求を許可される。第 4実施形態例の その他の構成は第 1実施形態例と同様である。  FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment of the present invention. The multiprocessor system 1000 according to the fourth embodiment has a program authentication unit 21 in a bus master identification unit 200. When the program is authenticated by the program authentication unit 21, the access request is permitted. Other configurations of the fourth embodiment are the same as those of the first embodiment.
[0089] プログラム認証部 21は、バスマスタ 10が実行するプログラムが正当なものであるか 、不正なものであるかの認証を行い、その認証結果をアクセス可否判定部 31に出力 する。プログラムの認証方法としては、例えば公開鍵、秘密鍵及び電子署名等の暗 号ィ匕技術を用いてプログラム認証を行う。そして、プログラム認証部 21は、認証結果 をアクセス可否判定部 31に出力する。 [0090] アクセス可否判定部 31は、プログラム認証部 21においてバスマスタ 10が実行する プログラムが正当でないと判定した場合は、バスマスタ 10からのアクセス要求を禁止 する。例え、アクセス可否判定部 31が、バスマスタ 10のアクセス要求とアクセス可否 情報 DB33内のアクセス可否情報とを照合し、アクセス要求が許可される場合であつ てもプログラムが認証されない場合はアクセスが禁止される。つまり、アクセス可否判 定部 31は、プログラムが認証され、かつアクセス要求がアクセス可否情報により許可 されるものである場合に限りバスマスタ 10のアクセス要求を許可する。 The program authentication unit 21 authenticates whether the program executed by the bus master 10 is legitimate or illegal, and outputs the authentication result to the access permission / non-permission determining unit 31. As a program authentication method, for example, program authentication is performed using encryption / decryption techniques such as a public key, a secret key, and an electronic signature. Then, the program authentication unit 21 outputs the authentication result to the access permission determination unit 31. When the program authentication unit 21 determines that the program executed by the bus master 10 is not valid, the access permission determination unit 31 prohibits the access request from the bus master 10. For example, the access permission / non-permission determining unit 31 checks the access request of the bus master 10 against the access permission / prohibition information in the access permission / prohibition information DB 33, and the access is prohibited if the access request is permitted but the program is not authenticated. You. That is, the access permission / non-permission determining unit 31 permits the access request of the bus master 10 only when the program is authenticated and the access request is permitted by the access permission / prohibition information.
[0091] 以上のように、第 4実施形態例に係るマルチプロセッサシステムでは、バスマスタが 認証されないプログラムを実行している場合には、共有バススレーブ内におけるァク セス要求先へのアクセスを禁止することができる。よって、よりセキュリティを高めること ができる。なお、この例ではプログラム認証部 21がバスマスタ識別部 200内にあるが 、ノ スマスタ識別部 200内ではなぐ独立の機能ブロックとして構成されても良い。ま た、アクセス可否情報 DB33内のアクセス可否情報に、アクセス可能と判定するため にプログラムが認証されて 、ることを必要とするか否かの情報を含んで 、ても良 、。  As described above, in the multiprocessor system according to the fourth embodiment, when the bus master is executing an unauthenticated program, access to the access request destination in the shared bus slave is prohibited. be able to. Therefore, security can be further improved. In this example, the program authentication unit 21 is provided in the bus master identification unit 200. However, the program authentication unit 21 may be configured as an independent function block that is not provided in the bus master identification unit 200. Further, the access permission information in the access permission information DB33 may include information on whether or not the program needs to be authenticated in order to determine that the program is accessible.
[0092] <第 5実施形態例 >  [0092] <Fifth Embodiment Example>
図 9は、本願発明の第 5実施形態例に係るマルチプロセッサシステムの構成図であ る。第 5実施形態例では、第 4実施形態例と同様にプログラム認証を行うと共に、第 3 実施形態例に示すアクセス可否情報へのアクセス可否判定を行う。第 5実施形態例 に係るマルチプロセッサシステムの第 1バスマスタ 10aは、第 3実施形態例と同様にァ クセス可否情報にアクセスするために専用命令を有している。また、アクセス可否情 報 DB33内のアクセス可否情報は、バスマスタ毎にアクセス可否情報へのアクセスを 許可する力否かについての制限情報を有している。また、バスマスタ識別部 200は、 第 4実施形態例と同様にプログラム認証部 21を有している。第 5実施形態例のその 他の構成は、第 1実施形態例と同様である。  FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment of the present invention. In the fifth embodiment, program authentication is performed in the same manner as in the fourth embodiment, and access permission / inhibition determination for the access permission information shown in the third embodiment is performed. The first bus master 10a of the multiprocessor system according to the fifth embodiment has a dedicated instruction for accessing the access permission information as in the third embodiment. The access permission information in the access permission information DB 33 includes restriction information on whether or not the access to the access permission information is permitted for each bus master. Further, the bus master identification unit 200 has a program authentication unit 21 as in the fourth embodiment. Other configurations of the fifth embodiment are the same as those of the first embodiment.
[0093] 第 1バスマスタ 10aは、アクセス可否情報にアクセスする場合には、バスマスタ識別 部 200に専用命令に基づくアクセス要求を出力する。バスマスタ識別部 200は、ァク セス要求を行って 、るバスマスタを識別する。バスマスタ識別部 200内のプログラム 認証部 21は、バスマスタ 10が実行するプログラムが正当なものである力、不正なもの であるかの認証を行い、その認証結果をアクセス可否判定部 31に出力する。ァクセ ス可否判定部 31は、認証結果、識別結果及びアクセス要求を受け付ける。アクセス 可否判定部 31は、アクセス要求を許可するか否かをアクセス可否情報 DB33内のァ クセス可否情報に基づいて判定すると供に、認証結果に基づいてバスマスタ 10から のアクセス要求を許可するまたは禁止する。このように、リード命令やライト命令など の専用命令をデコードしてアクセス要求が行われた場合にぉ 、ても、プログラム認証 を併用することでさらにセキュリティを高めることができる。なお、ここではアクセス可否 情報にアクセスするための専用命令を有する例を示した力 アクセス可否情報 DBは アドレスが割り当てられたレジスタであっても良ぐつまりそのアドレスへアクセスするこ とでアクセス可否情報にアクセスしても良 、。 [0093] When accessing the access permission information, the first bus master 10a outputs an access request based on a dedicated instruction to the bus master identification unit 200. The bus master identifying unit 200 issues an access request and identifies a bus master. The program authentication unit 21 in the bus master identification unit 200 determines whether the program executed by the bus master 10 is legitimate or not. Authentication is performed, and the authentication result is output to the access permission determination unit 31. The access permission / non-permission determining unit 31 receives the authentication result, the identification result, and the access request. The access permission / non-permission determining unit 31 determines whether to permit the access request based on the access permission / prohibition information in the access permission / prohibition information DB 33, and permits or prohibits the access request from the bus master 10 based on the authentication result. I do. As described above, even when an access request is made by decoding a dedicated instruction such as a read instruction or a write instruction, security can be further enhanced by using program authentication together. Note that here, an example in which a dedicated instruction for accessing the access permission information is provided is shown. The access permission information DB may be a register to which an address is assigned, that is, the access permission information is obtained by accessing the address. You can access to,.
[0094] <第 6実施形態例 >  [0094] <Sixth embodiment example>
図 10は本願発明の第 6実施形態例に係るマルチプロセッサシステムの構成図であ る。第 6実施形態例に係るアクセス制御部を有するマルチプロセッサシステム 1000 は、第 1バスマスタ識別部 200a及び第 2バスマスタ識別部 200bを有している。第 2バ スマスタ 10b及び第 3バスマスタ 10cから構成されるバスマスタ 150は第 1バスマスタ 識別部 200aに接続され、第 1バスマスタ 10aは第 2バスマスタ識別部 200bに接続さ れる。その他の構成は、第 1実施形態例と同様の構成である。  FIG. 10 is a configuration diagram of a multiprocessor system according to the sixth embodiment of the present invention. A multiprocessor system 1000 having an access control unit according to the sixth embodiment has a first bus master identification unit 200a and a second bus master identification unit 200b. The bus master 150 including the second bus master 10b and the third bus master 10c is connected to the first bus master identification unit 200a, and the first bus master 10a is connected to the second bus master identification unit 200b. Other configurations are the same as those of the first embodiment.
[0095] 第 2バスマスタ 10b及び第 3バスマスタ 10cのアクセス要求が第 1バスマスタ識別部 200aに出力され、第 1バスマスタ 10aからのアクセス要求が第 2バスマスタ識別部 20 Obに出力される。第 1バスマスタ識別部 200aは、アクセス要求を受け付けた場合、第 2バスマスタ 10bからのアクセス要求であるか第 3バスマスタ 10cからのアクセス要求 であるかを識別する。また、第 2バスマスタ 10b及び第 3バスマスタ 10c両方からのァ クセス要求である場合は、どちらのバスマスタからのアクセス要求を受け付けるかを、 例えばアクセス要求を受け付ける優先度に応じて決定する。さらに、第 1バスマスタ識 別部 200aは、識別結果を第 2バスマスタ識別部 200bに出力する。第 2バスマスタ識 別部 200bは、第 1バスマスタ 10aからアクセス要求を受け付け、第 1バスマスタ識別 部 200aにより識別されたバスマスタのアクセス要求を受け付ける力 第 1バスマスタ 1 0aのアクセス要求を受け付けるかを決定する。 [0096] このように複数のバスマスタ識別部を設けることにより、ノ スマスタとバスマスタ識別 部との間の配線数や配線長を削減することができる。なお、複数のノ スマスタ識別部 は、バスマスタの数や配線数、配線長を考慮して適宜設けることができる。 [0095] An access request from the second bus master 10b and the third bus master 10c is output to the first bus master identification unit 200a, and an access request from the first bus master 10a is output to the second bus master identification unit 20 Ob. When receiving the access request, the first bus master identification unit 200a identifies whether the request is an access request from the second bus master 10b or an access request from the third bus master 10c. In the case of an access request from both the second bus master 10b and the third bus master 10c, it is determined which of the bus masters receives the access request, for example, according to the priority of receiving the access request. Further, first bus master identification section 200a outputs the identification result to second bus master identification section 200b. The second bus master identification unit 200b accepts an access request from the first bus master 10a and determines whether to accept the access request of the first bus master 10a by the ability to accept the access request of the bus master identified by the first bus master identification unit 200a. . By providing a plurality of bus master identification units in this way, it is possible to reduce the number of wirings and the wiring length between the nosmaster and the bus master identification unit. The plurality of nosmaster identification units can be provided as appropriate in consideration of the number of bus masters, the number of wirings, and the wiring length.
[0097] <第 7実施形態例 >  [0097] <Seventh embodiment example>
図 11は本願発明の第 7実施形態例に係るマルチプロセッサシステムの構成図であ る。マルチプロセッサシステム 1000は、システム LSI600及び共有バススレーブ 500 を含む。システム LSI600は、マルチプロセッサ 100、バスマスタ識別部 200、ァクセ ス制御部 300及び IF (InterFace)部 400が 1個のチップ上に含まれるように形成され ている。また、共有バススレーブ 500は、システム LSI600に対して外付けされている 共有領域であり、 DRAM, SRAM (Static Random Access Memory)等の外付けの共 有メモリ等で構成されている。マルチプロセッサ 100、バスマスタ識別部 200、ァクセ ス制御部 300及び IF (interFace)部 400及び共有バススレーブ 500の各部の内部構 成は、第 1実施形態例と同様である。このように、共有バススレーブ 500をシステム LS 1600に外付けすると、システム LSIを設計した後に共有領域の容量を変更できるな ど自由度を高めることができる。  FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment of the present invention. The multiprocessor system 1000 includes a system LSI 600 and a shared bus slave 500. The system LSI 600 is formed such that the multiprocessor 100, the bus master identification unit 200, the access control unit 300, and the IF (InterFace) unit 400 are included on one chip. The shared bus slave 500 is a shared area external to the system LSI 600, and is configured by an external shared memory such as a DRAM and an SRAM (Static Random Access Memory). The internal configuration of each unit of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the IF (interFace) unit 400, and the shared bus slave 500 is the same as in the first embodiment. As described above, when the shared bus slave 500 is externally attached to the system LS 1600, the degree of freedom can be increased, such as changing the capacity of the shared area after designing the system LSI.
[0098] さらに、システム LSI600とその外部に接続される共有バススレーブ 500との間でや りとりされるアドレス、ライトデータ及びリードデータ等のアクセスデータを暗号化'復号 化するバス暗号部 450を有していると好ましい。バス暗号部 450を設けることで、共有 バススレーブ 500内における各バスマスタ 10の専用領域へのアクセスが解析される のを防ぐことができる。  [0098] Further, a bus encryption unit 450 for encrypting / decrypting access data such as addresses, write data, and read data exchanged between the system LSI 600 and the shared bus slave 500 connected to the outside is provided. It is preferable to have. By providing the bus encryption unit 450, it is possible to prevent the access to the dedicated area of each bus master 10 in the shared bus slave 500 from being analyzed.
[0099] また、図 12に示すようにチップ内に共有バススレーブ 500を含むようにシステム LSI 610を構成しても良い。共有バススレーブ 500を 1チップ内に含めることで、ノ スマス タ 10から共有バススレーブへのアクセスの秘匿性を高めることができる。  Further, as shown in FIG. 12, the system LSI 610 may be configured to include the shared bus slave 500 in the chip. By including the shared bus slave 500 in one chip, the confidentiality of access from the no master 10 to the shared bus slave can be improved.
[0100] <第 8実施形態例 >  [0100] <Eighth embodiment example>
図 13は本願発明の第 8実施形態例に係るマルチプロセッサシステムの構成図であ る。マルチプロセッサシステム 1000は、システム LSI620、第 1共有バススレーブ 500 a及び第 2共有バススレーブ 500bを含む。システム LSI620は、マルチプロセッサ 10 0、バスマスタ識別部 200、アクセス制御部 300、第 1IF部 400a及び第 2IF部 400b力 S 1個のチップ上に含まれるように形成されている。第 1共有バススレーブ 500a及び第 2共有バススレーブ 500bは、第 1IF部 400a及び第 2IF部 400bに接続されており、シ ステム LSI620内の複数のバスマスタ 10により共有されている。また、アクセス制御部 300内には、第 1共有バススレーブ 500aに対応する第 1アクセス可否判定部 31a及 び第 2共有バススレーブ 500bに対応する第 2アクセス可否判定部 3 lbが設けられて いる。第 1IF部 400a及び第 2IF部 400bは、それぞれ第 1共有バススレーブ 500a及 び第 1アクセス可否判定部 31a間と、第 2共有バススレーブ 500b及び第 2アクセス可 否判定部 31b間とに設けられている。ここで、第 1アクセス可否判定部 31a及び第 2ァ クセス可否判定部 31bは、第 1実施形態例のアクセス可否判定部 31と同様の構成で ある。また、第 1IF部 400a及び第 2IF部 400bは、第 1実施形態例の IF部 400と同様 の構成である。その他のマルチプロセッサ 100、バスマスタ識別部 200アクセス可否 情報 DB33は第 1実施形態例と同様の構成である。 FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment of the present invention. The multiprocessor system 1000 includes a system LSI 620, a first shared bus slave 500a, and a second shared bus slave 500b. The system LSI 620 includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, a first IF unit 400a and a second IF unit 400b. It is formed so as to be included on one chip. The first shared bus slave 500a and the second shared bus slave 500b are connected to the first IF unit 400a and the second IF unit 400b, and are shared by a plurality of bus masters 10 in the system LSI 620. In the access control unit 300, a first access permission / non-permission judgment unit 31a corresponding to the first shared bus slave 500a and a second access permission / non-permission judgment unit 3lb corresponding to the second shared bus slave 500b are provided. . The first IF section 400a and the second IF section 400b are respectively provided between the first shared bus slave 500a and the first access permission / non-permission judgment section 31a, and between the second shared bus slave 500b and the second access permission / non-permission judgment section 31b. ing. Here, the first access availability determination unit 31a and the second access availability determination unit 31b have the same configuration as the access availability determination unit 31 of the first embodiment. Further, the first IF section 400a and the second IF section 400b have the same configuration as the IF section 400 of the first embodiment. Other multiprocessor 100 and bus master identification unit 200 access availability information DB33 has the same configuration as that of the first embodiment.
[0101] また、図 14に示すようにチップ内に第 2共有バススレーブ 500bを含むようにシステ ム LSI630を構成し、システム LSI630に第 1共有バススレーブ 500aを接続しても良 い。よって、バスマスタ 10から第 2共有バススレーブ 500bとへのアクセスの秘匿性を 高めることができる。以上のように、第 1共有バススレーブ 500a及び第 2共有バススレ ーブ 500bをシステム LSI内部に内蔵あるいは外付けするなど様々な態様を有しつつ 、アクセス制限可能なマルチプロセッサシステムを得ることができる。共有バススレー ブを外付けした場合には、共有領域の容量を変更できるなど自由度を高めることが できる。 Further, as shown in FIG. 14, the system LSI 630 may be configured to include the second shared bus slave 500b in the chip, and the first shared bus slave 500a may be connected to the system LSI 630. Therefore, the secrecy of access from the bus master 10 to the second shared bus slave 500b can be improved. As described above, it is possible to obtain a multiprocessor system capable of restricting access while having various modes such as incorporating or externally attaching the first shared bus slave 500a and the second shared bus slave 500b inside the system LSI. . When a shared bus slave is externally attached, the degree of freedom can be increased, for example, by changing the capacity of the shared area.
[0102] <第 9実施形態例 >  [0102] <Ninth embodiment example>
図 15は本願発明の第 9実施形態例に係るマルチプロセッサシステムの構成図であ る。マルチプロセッサシステム 1000は、例えばファクシミリ装置など大容量のデータ を処理するデータ処理システムであり、システム LSI640、スキャナやプリンタなどの 周辺回路部 900及び DRAM、 SRAM等のメモリ部 950を含む。システム LSI640は、 周辺回路部 900及びメモリ部 950に接続されており、マルチプロセッサ 100、バスマ スタ識別部 200、アクセス制御部 300、 DMA制御部 700及びメモリスケジューラ 800 力 S1個のチップ上に含まれるように形成されている。この第 9実施形態例に係るマル チプロセッサシステム 1000では、データの処理効率を向上させるために、マルチプ 口セッサ 100を介さずに周辺回路部 900とメモリ 950との間で直接データ転送を行う 。以下に、 DMA制御部 700及びメモリスケジューラ 800の構成及び動作について説 明する。 FIG. 15 is a configuration diagram of a multiprocessor system according to the ninth embodiment of the present invention. The multiprocessor system 1000 is a data processing system that processes a large amount of data such as a facsimile machine, and includes a system LSI 640, a peripheral circuit unit 900 such as a scanner and a printer, and a memory unit 950 such as a DRAM and an SRAM. The system LSI 640 is connected to the peripheral circuit unit 900 and the memory unit 950, and is included on a single chip of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the DMA control unit 700, and the memory scheduler 800. It is formed as follows. According to the ninth embodiment, In the multiprocessor system 1000, in order to improve the data processing efficiency, data is directly transferred between the peripheral circuit unit 900 and the memory 950 without passing through the multi-processor 100. Hereinafter, the configurations and operations of the DMA control unit 700 and the memory scheduler 800 will be described.
[0103] DMA制御部 700は、ホスト IF部 400、共有バススレーブ 500及び周辺回路 IF部 75 0を含んで構成される。共有バススレーブ 500は、マルチプロセッサ 100を構成する 複数のバスマスタ 10により共有されている。また、共有バススレーブ 500は、転送モ ード、転送先または転送元のアドレス、転送バイト数などの直接データ転送を行うた めに必要な情報(以下、 DMA制御情報)を記憶する DMA制御レジスタである。 DMA 制御部 700の周辺回路 IF部 750は、メモリスケジューラ 800及び周辺回路部 900と 接続される。また、メモリスケジューラ 800は、システム LSI640外部のメモリ 950と接 続されており、メモリにアクセスするためのコマンド生成などを行う。直接メモリ転送が 行われる場合、スキャナやプリンタなどの周辺回路部 900から入力されたデータは、 共有バススレーブ 500内の DMA制御情報に基づいて、周辺回路 IF部 750及びメモリ スケジューラ 800を介してメモリ 950に転送される。  [0103] The DMA control section 700 includes a host IF section 400, a shared bus slave 500, and a peripheral circuit IF section 750. The shared bus slave 500 is shared by a plurality of bus masters 10 constituting the multiprocessor 100. The shared bus slave 500 has a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes. It is. The peripheral circuit IF section 750 of the DMA control section 700 is connected to the memory scheduler 800 and the peripheral circuit section 900. Further, the memory scheduler 800 is connected to a memory 950 outside the system LSI 640, and generates commands for accessing the memory. When direct memory transfer is performed, data input from the peripheral circuit unit 900 such as a scanner or a printer is transferred to the memory via the peripheral circuit IF unit 750 and the memory scheduler 800 based on the DMA control information in the shared bus slave 500. Transferred to 950.
[0104] ここで、バスマスタ 10から共有バススレーブ 500へのアクセス要求がなされた場合 は、第 1実施形態例と同様にアクセス可否情報に基づいてアクセス制限が行われる。 まずバスマスタ識別部 200においてアクセス要求を行ったバスマスタ 10の識別を行う 。そして、アクセス可否判定部 31は、アクセス可否情報 DB33内のアクセス可否情報 に基づいてアクセス可否の判定を行う。アクセス可否判定部 31によりアクセスが許可 された場合は、ホスト IF部 400を介して共有バススレーブ 500へアクセスが行われる。 このように、 DMA制御レジスタである共有バススレーブ 500へのアクセス制限を行うこ とで、 DMA制御情報への不正アクセスを防止することができる。つまり、 DMA制御レ ジスタである共有バススレーブ 500内にバスマスタの専用領域を確保することができ る。よって、例えば暗号データを周辺回路部 900から読み出して復号する DMA制御 情報が書き換えられることによる不正読み出し等を防止することができる。 なお、ここ では共有バススレーブ 500が DMA制御レジスタである例を示した力 それに限定す るものではない。その他、アキュムレータ、スタックレジスタ、プログラムカウンタ、割り 込みレジスタ、フラグレジスタなどの各種制御レジスタを含む。 Here, when an access request to the shared bus slave 500 is made from the bus master 10, the access is restricted based on the access permission information as in the first embodiment. First, the bus master identification unit 200 identifies the bus master 10 that has issued the access request. Then, the access permission / inhibition determination unit 31 determines access permission / inhibition based on the access permission / inhibition information in the access permission / inhibition information DB 33. When access is permitted by the access permission / non-permission determining unit 31, access to the shared bus slave 500 is performed via the host IF unit 400. In this way, by restricting access to the shared bus slave 500, which is a DMA control register, it is possible to prevent unauthorized access to DMA control information. That is, a dedicated area for the bus master can be secured in the shared bus slave 500 that is the DMA control register. Therefore, for example, unauthorized reading due to rewriting of DMA control information for reading and decrypting encrypted data from the peripheral circuit unit 900 can be prevented. Note that, here, the power in the example in which the shared bus slave 500 is the DMA control register is not limited thereto. In addition, accumulator, stack register, program counter, split And various control registers such as an embedded register and a flag register.
[0105] なお、これまでの実施形態例にお!、ては、複数バスマスタを含む 100をマルチプロ セッサと称した力 複数のプロセッサでなく単にマルチマスタであっても良い。  [0105] In the embodiments described above, in the present embodiment, 100 including a plurality of bus masters is referred to as a multiprocessor. Instead of a plurality of processors, a multimaster may be used.
[0106] <第 10実施形態例 >  <Tenth Embodiment Example>
図 16〜図 18は、本願発明の第 10実施形態例に係るマルチプロセッサシステムの 構成図である。マルチプロセッサシステム 2000は、大容量のデータを処理するデー タ処理システムであり、システム LSI740、周辺回路部 900及び外付けの共有バスス レーブ 500を含む。システム LSI740は、周辺回路部 900及び共有バススレーブ 50 0に接続されており、マルチプロセッサ 100、 DMAコントローラ 700、メモリスケジユー ラ 800が 1個のチップ上に含まれるように形成されて!、る。  FIGS. 16 to 18 are configuration diagrams of a multiprocessor system according to the tenth embodiment of the present invention. The multiprocessor system 2000 is a data processing system that processes a large amount of data, and includes a system LSI 740, a peripheral circuit unit 900, and an external shared bus slave 500. The system LSI 740 is connected to the peripheral circuit unit 900 and the shared bus slave 500, and is formed so that the multiprocessor 100, the DMA controller 700, and the memory scheduler 800 are included on one chip. .
[0107] DMAコントローラ 700は、データの処理効率を向上させるために、マルチプロセッ サ 100を介さずに周辺回路部 900と共有バススレーブ 500との間で直接データ転送 を制御する。また、メモリスケジューラ 800は、システム LSI740外部の共有バススレ ーブ 500と接続されており、共有バススレーブ 500にアクセスするためのコマンド生成 などを行う。  The DMA controller 700 directly controls data transfer between the peripheral circuit unit 900 and the shared bus slave 500 without passing through the multiprocessor 100 in order to improve data processing efficiency. Further, the memory scheduler 800 is connected to the shared bus slave 500 outside the system LSI 740, and generates commands for accessing the shared bus slave 500.
[0108] また、マルチプロセッサ 100は、複数のバスマスタ 10 (バスマスタ 10a、 10b ' · · )に より構成されており、共有バススレーブ 500は、この複数のバスマスタ 10により共有さ れている。例えば、各バスマスタは専用の第 1バスマスタ専用領域 50a、第 2バスマス タ専用領域 50b、第 3バスマスタ専用領域 50c、 · · ·を割り当てられており、さらに各バ スマスタ 10に共有される共有領域 51を含む。また、各バスマスタ 10は、メモリスケジ ユーラ 800または DMAコントローラ 700を介して共有バススレーブ 500にアクセス可 能である。  The multiprocessor 100 is composed of a plurality of bus masters 10 (bus masters 10a, 10b ′...), And the shared bus slave 500 is shared by the plurality of bus masters 10. For example, each bus master is assigned a dedicated first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and a shared area 51 shared by each bus master 10. including. Further, each bus master 10 can access the shared bus slave 500 via the memory scheduler 800 or the DMA controller 700.
[0109] ここで、図 16では DMAコントローラ 700がバスマスタ識別部 200a及びアクセス制 御部 300aを有しており、図 17では DMAコントローラ 700及びメモリスケジューラ 800 がともにバスマスタ識別部及びアクセス制御部を有しており、図 18ではメモリスケジュ ーラ 800がバスマスタ識別部 200b及びアクセス制御部 300bを有して!/、る。以下に、 各構成について説明する。  Here, in FIG. 16, the DMA controller 700 has a bus master identification unit 200a and an access control unit 300a, and in FIG. 17, both the DMA controller 700 and the memory scheduler 800 have a bus master identification unit and an access control unit. In FIG. 18, the memory scheduler 800 has a bus master identification unit 200b and an access control unit 300b. Hereinafter, each configuration will be described.
[0110] (1) DMAコントローラによるアクセス制御 まず、図 16の構成について以下に説明する。 DMAコントローラ 700は、ノ スマスタ 識別部 200a、アクセス制御部 300a、ホスト IF (InterFace)部 400a、制御レジスタ 550 及び周辺回路 IF部 750を含んで構成される。バスマスタ識別部 200aは、各バスマス タ 10から共有バススレーブ 500へのアクセス要求を受け付けると、どのバスマスタ 10 力ものアクセス要求であるかを識別する。そして、アクセス要求及び識別結果をァク セス制御部 300aに出力する。 [0110] (1) Access control by DMA controller First, the configuration of FIG. 16 will be described below. The DMA controller 700 includes a no-master identification unit 200a, an access control unit 300a, a host IF (InterFace) unit 400a, a control register 550, and a peripheral circuit IF unit 750. Upon receiving an access request from each bus master 10 to the shared bus slave 500, the bus master identification unit 200a identifies which bus master 10 is the access request. Then, the access request and the identification result are output to the access control unit 300a.
[0111] アクセス制御部 300aは、アクセス可否判定部 3 la及びアクセス可否情報 DB33aを 有している。アクセス可否情報 DB33aには、バスマスタ 10毎に共有バススレーブ 50 0へのアクセスが可能力否かを示すアクセス可否情報が記憶されている。例えば、第 1バスマスタ 10aから第 1バスマスタ専用領域 50aにアクセス可能とする情報、第 2バ スマスタ 10bから第 2バスマスタ専用領域 50bにアクセス可能とする情報、第 3バスマ スタ 10cからバスマスタ専用領 50cにアクセス可能とするための情報を含むアクセス 可否情報が記憶されている。  [0111] The access control unit 300a includes an access permission / inhibition determination unit 3la and an access permission / inhibition information DB 33a. Access permission / non-permission information The DB 33a stores, for each bus master 10, access permission / non-permission information indicating whether or not access to the shared bus slave 500 is possible. For example, information that allows the first bus master 10a to access the first bus master dedicated area 50a, information that enables the second bus master 10b to access the second bus master dedicated area 50b, and information that allows the third bus master 10c to access the bus master dedicated area 50c. Access permission information including information for enabling access is stored.
[0112] アクセス可否判定部 31aは、バスマスタ識別部 200aから入力されたアクセス要求及 び識別結果と、アクセス可否情報 DB33a内のアクセス可否情報とを照合することによ りアクセス可否判定を行う。アクセス可否判定部 31は、判定結果をホスト IF部 400aに 出力する。  [0112] The access permission / inhibition determination unit 31a performs access permission / inhibition determination by comparing the access request and the identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33a. The access propriety judging section 31 outputs the judgment result to the host IF section 400a.
[0113] 制御レジスタ 550は、転送モード、転送先または転送元のアドレス、転送バイト数な どの直接データ転送を行うために必要な情報(以下、 DMA制御情報)を記憶する DM A制御レジスタである。また、周辺回路 IF部 750は、メモリスケジューラ 800及び周辺 回路部 900と接続される。  [0113] The control register 550 is a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes. . The peripheral circuit IF section 750 is connected to the memory scheduler 800 and the peripheral circuit section 900.
[0114] 次に、図 16に示すマルチプロセッサシステム 2000の動作を説明する。ノ スマスタ 1 0から共有バススレーブ 500へのアクセス要求がなされた場合は、第 1実施形態例と 同様にアクセス可否情報に基づ 、てアクセス制限が行われる。まずバスマスタ識別 部 200aにおいてアクセス要求を行ったバスマスタ 10の識別を行う。そして、アクセス 可否判定部 31aは、アクセス可否情報 DB33a内のアクセス可否情報に基づいてァク セス可否の判定を行う。アクセス可否判定部 3 laによりアクセスが許可された場合は 、ホスト IF部 400aを介して制御レジスタ 550へアクセスが行われる。そして、周辺回 路 IF部 750は、制御レジスタ内の DMA制御情報に基づいて、メモリスケジューラ 800 に各バスマスタからのアクセス要求を転送する。メモリスケジューラ 800は、このァクセ ス要求に基づいて共有バススレーブ 500にアクセスする。このとき、メモリスケジューラ 800は、バスマスタ毎の専用領域または共有領域力もアクセス結果を取得する。そし て、メモリスケジューラ 800は、アクセス結果を周辺回路 IF部 750に送信する。周辺回 路 IF部 750は、アクセス結果を各バスマスタ 10に送信する。 Next, an operation of the multiprocessor system 2000 shown in FIG. 16 will be described. When an access request to the shared bus slave 500 is made from the nosmaster 10, the access is restricted based on the access permission information as in the first embodiment. First, the bus master identification unit 200a identifies the bus master 10 that has made the access request. Then, the access permission / non-permission determination unit 31a determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33a. When the access is permitted by the access permission / inhibition judging unit 3 la, the control register 550 is accessed through the host IF unit 400a. And peripheral times The path IF unit 750 transfers an access request from each bus master to the memory scheduler 800 based on the DMA control information in the control register. The memory scheduler 800 accesses the shared bus slave 500 based on the access request. At this time, the memory scheduler 800 also acquires the access result from the dedicated area or the shared area for each bus master. Then, the memory scheduler 800 transmits the access result to the peripheral circuit IF unit 750. The peripheral circuit IF unit 750 transmits the access result to each bus master 10.
[0115] 上記図 16の構成により、各バスマスタ 10が DMAコントローラ 700を介して共有バ ススレーブ 500にアクセスする場合、アクセス可否判定部 3 laにより許可されたバス マスタのみが、共有バススレーブ 500の所定領域にアクセスできる。よって、共有バス スレーブ上に特定のバスマスタの専用領域を確保し、特定のバスマスタ以外のバス マスタによる不正なアクセスを禁止し、セキュリティを向上させることができる。  According to the configuration of FIG. 16, when each bus master 10 accesses the shared bus slave 500 via the DMA controller 700, only the bus master permitted by the access permission / non-permission judging unit 3 la determines whether the shared bus slave 500 Can access the area. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal access by a bus master other than the specific bus master is prohibited, thereby improving security.
[0116] さらに、アクセス可否情報 DB33aに、外部 I/Oや外部ポート等の周辺回路部 900 へのアクセス許可に関する情報を、各バスマスタ 10ごとに格納しても良い。各バスマ スタ 10が、 DMAコントローラ 700を介して周辺回路部 900にアクセスする場合、バス マスタ識別部 200a及びアクセス可否判定部 31aによってアクセス許可されたバスマ スタ 10のみ力 アクセス許可された所定領域の周辺回路部 900にアクセス可能とな る。よって、よりセキュリティを向上させることができる。  [0116] Further, information on access permission to the peripheral circuit unit 900 such as an external I / O and an external port may be stored in the access permission information DB 33a for each bus master 10. When each bus master 10 accesses the peripheral circuit section 900 via the DMA controller 700, only the bus master 10 to which access is permitted by the bus master identification section 200a and the access permission / non-permission determination section 31a is in the vicinity of a predetermined area to which access is permitted. The circuit section 900 becomes accessible. Therefore, security can be further improved.
[0117] また、バスマスタ 10は共有バススレーブ 500を共有しているため、特定のバスマスタ 10毎に専用のバススレーブを別途設ける必要がない。よって、別途のバススレーブと バスマスタ 10とを接続するためのバス配線や端子を設けるコストを削減することがで きる。  Further, since the bus master 10 shares the shared bus slave 500, it is not necessary to separately provide a dedicated bus slave for each specific bus master 10. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting a separate bus slave and the bus master 10.
[0118] (2) DMAコントローラ及びメモリスケジューラによるアクセス制御  (2) Access control by DMA controller and memory scheduler
次に、図 17の構成について以下に説明する。図 17では、 DMAコントローラ 700に 加えてさらにメモリスケジューラ 800にバスマスタ識別部 200b及びアクセス制御部 30 Next, the configuration of FIG. 17 will be described below. In FIG. 17, in addition to the DMA controller 700, the memory scheduler 800 further includes a bus master identification unit 200b and an access control unit 30.
Obが設けられている。 DMAコントローラの構成は図 16と同様であるので説明を省略 し、以下にメモリスケジューラ 800の構成にっ 、て説明する。 Ob is provided. Since the configuration of the DMA controller is the same as that of FIG. 16, the description will be omitted, and the configuration of the memory scheduler 800 will be described below.
[0119] メモリスケジューラ 800は、ノ スマスタ識別部 200b、アクセス制御部 300b、 IF (Inter[0119] The memory scheduler 800 includes a no-master identification unit 200b, an access control unit 300b, and an IF (Inter
Face)部 400b及び IF部 470を含んで構成される。バスマスタ識別部 200bは、バスマ スタ 10から共有バススレーブ 500へのアクセス要求を受け付けると、どのバスマスタ 1 0からのアクセス要求であるかを識別する。そして、アクセス要求及び識別結果をァク セス制御部 300bに出力する。 Face) section 400b and IF section 470. The bus master identification unit 200b When an access request from the master 10 to the shared bus slave 500 is received, it is identified which bus master 10 is the access request. Then, it outputs the access request and the identification result to the access control unit 300b.
[0120] アクセス制御部 300bは、アクセス可否判定部 3 lb及びアクセス可否情報 DB33bを 有している。アクセス可否情報 DB33bには、バスマスタ 10毎に共有バススレーブ 50 0へのアクセスが可能力否かを示すアクセス可否情報が記憶されている。  [0120] The access control unit 300b has an access permission / inhibition determination unit 3lb and an access permission / inhibition information DB 33b. Access permission information DB33b stores access permission information indicating whether access to the shared bus slave 500 is possible or not for each bus master 10.
[0121] アクセス可否判定部 31bは、バスマスタ識別部 200aから入力されたアクセス要求及 び識別結果とアクセス可否情報 DB33b内のアクセス可否情報とを照合することにより アクセス可否判定を行う。アクセス可否判定部 31bは、判定結果を IF部 470に出力す る。  [0121] The access permission / inhibition determination unit 31b performs access permission / inhibition determination by comparing the access request and identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33b. Access availability determination section 31b outputs the determination result to IF section 470.
[0122] 次に、図 17に示すマルチプロセッサシステム 2000の動作を説明する。ノ スマスタ 1 0からメモリスケジューラを介して共有バススレーブ 500へのアクセス要求がなされた 場合は、第 1実施形態例と同様にアクセス可否情報に基づいてアクセス制限が行わ れる。まずバスマスタ識別部 200bは、アクセス要求を行ったバスマスタ 10の識別を 行う。そして、アクセス可否判定部 31bは、アクセス可否情報 DB33b内のアクセス可 否情報に基づいてアクセス可否の判定を行う。アクセス可否判定部 31bによりァクセ スが許可された場合は、 IF部 470を介して共有バススレーブ 500の許可された領域 へのアクセスが行われる。 IF部 470は、共有バススレーブ 500から取得したアクセス 結果を各バスマスタ 10に送信する。  Next, the operation of the multiprocessor system 2000 shown in FIG. 17 will be described. When an access request to the shared bus slave 500 is made from the nosmaster 10 via the memory scheduler, the access is restricted based on the access permission information as in the first embodiment. First, the bus master identification unit 200b identifies the bus master 10 that has made the access request. Then, the access permission / non-permission determining unit 31b determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33b. When the access is permitted by the access permission / non-permission determining unit 31b, the access to the permitted area of the shared bus slave 500 is performed via the IF unit 470. The IF unit 470 transmits the access result obtained from the shared bus slave 500 to each bus master 10.
[0123] 上記図 17の構成により、各バスマスタ 10から DMAコントローラ 700を介さずにメモ リスケジューラ 800にアクセス要求を行われた場合であっても、アクセス可否判定部 3 lbにより許可されたバスマスタのみ力 共有バススレーブ 500の所定領域にアクセス できる。また、各バスマスタ 10から DMAコントローラ 700を介してアクセス要求が行わ れた場合であっても、 DMAコントローラ 700内のアクセス可否判定部 31aにより許可 されたバスマスタのみ力 共有バススレーブ 500の所定領域にアクセスできる。よって 、共有バススレーブ上に特定のバスマスタの専用領域を確保し、特定のノ スマスタ以 外のバスマスタによる不正なアクセスを禁止し、セキュリティを向上させることができる [0124] (3)メモリスケジューラによるアクセス制御 According to the configuration of FIG. 17, even when an access request is issued from each bus master 10 to the memory scheduler 800 without passing through the DMA controller 700, only the bus master permitted by the access permission / inhibition determination unit 3 lb Able to access the specified area of the shared bus slave 500. Even when an access request is made from each bus master 10 via the DMA controller 700, only the bus masters permitted by the access permission / non-permission judging unit 31a in the DMA controller 700 access a predetermined area of the shared bus slave 500. it can. Therefore, a dedicated area for a specific bus master can be secured on the shared bus slave, and unauthorized access by a bus master other than the specific bus master can be prohibited, thereby improving security. [0124] (3) Access control by memory scheduler
次に、図 18の構成について以下に説明する。図 18では、メモリスケジューラ 800に のみバスマスタ識別部 200b、アクセス制御部 300bが設けられている。メモリスケジュ ーラ 800の構成は、図 17と同様であるので説明を省略する。 DMAコントローラ 700 は、各バスマスタ 10からアクセス要求を受け付けるホスト IF部 400a、制御レジスタ 55 0及び周辺回路 IF部 750を有しており、バスマスタ識別部 200a、アクセス制御部 30 Oaは設けられていない。  Next, the configuration of FIG. 18 will be described below. In FIG. 18, only the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b. The configuration of the memory scheduler 800 is the same as that of FIG. The DMA controller 700 has a host IF unit 400a that receives an access request from each bus master 10, a control register 550, and a peripheral circuit IF unit 750, and does not include the bus master identification unit 200a and the access control unit 30Oa.
[0125] 各バスマスタ 10から共有バススレーブ 500へのアクセス要求は、 DMAコントローラ 700及びメモリスケジューラ 800を介して行われる力、ある!/、は直接メモリスケジユー ラ 800を介して行われる。つまり、共有バススレーブ 500へのアクセス要求は、必ずメ モリスケジューラ 800を介して行われる。ここで、メモリスケジューラ 800には、バスマ スタ識別部 200b及びアクセス制御部 300b設けられているため、これらにより許可さ れたバスマスタのみ力 共有バススレーブ 500の所定領域にアクセスできる。よって、 共有バススレーブ上に特定のバスマスタの専用領域を確保し、特定のバスマスタ以 外のバスマスタによる不正なアクセスを禁止し、セキュリティを向上させることができる  The access request from each bus master 10 to the shared bus slave 500 is made via the DMA controller 700 and the memory scheduler 800, and the request is made directly via the memory scheduler 800. That is, an access request to the shared bus slave 500 is always made via the memory scheduler 800. Here, since the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b, only the bus masters permitted by them can access the predetermined area of the shared bus slave 500. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and unauthorized access by a bus master other than the specific bus master is prohibited, thereby improving security.
[0126] なお、上記図 16〜図 18では、第 9実施形態例と同様に制御レジスタ 550に各バス マスタの専用領域を設けても良い。一例として、図 17の制御レジスタ 550を各バスマ スタ共有の制御レジスタとした構成を図 19に示す。アクセス可否情報 DB33aには、 各バスマスタ毎に、専用領域にアクセス可能力否かを示すアクセス可否情報を格納 する。例えば、第 1バスマスタ 10aが第 1バスマスタ専用領域 550aにアクセス可能と なるための情報、第 2バスマスタ 10bが第 2バスマスタ専用領域 550bにアクセス可能 となるための情報を含むアクセス可否情報を格納する。そして、バスマスタ 10力も制 御レジスタ 550へのアクセス要求がなされた場合は、バスマスタ識別部 200a及びァ クセス可否判定部 31aは、アクセス可否情報 DB33aに基づいて制御レジスタ 550へ のアクセス制御を行う。このように制御レジスタ 550へのアクセス制限を行うことで、 D MA制御情報への不正アクセスを防止することができる。 In FIGS. 16 to 18, a dedicated area for each bus master may be provided in the control register 550 as in the ninth embodiment. As an example, FIG. 19 shows a configuration in which the control register 550 in FIG. 17 is a control register shared by each bus master. Access permission information DB33a stores, for each bus master, access permission information indicating whether or not the dedicated area can be accessed. For example, access permission / non-permission information including information for enabling the first bus master 10a to access the first bus master dedicated area 550a and information for enabling the second bus master 10b to access the second bus master dedicated area 550b are stored. Then, when the bus master 10 has also made an access request to the control register 550, the bus master identification unit 200a and the access availability determination unit 31a control access to the control register 550 based on the access availability information DB 33a. By restricting access to the control register 550 in this way, unauthorized access to the DMA control information can be prevented.
産業上の利用可能性 本発明を用いれば、特定のバスマスタ以外のバスマスタによる不正なアクセスを禁 止し、セキュリティを向上することができるため、マルチプロセッサシステムのセキユリ ティ向上に利用することができる。 Industrial applicability According to the present invention, unauthorized access by a bus master other than a specific bus master can be prohibited, and security can be improved. Therefore, the present invention can be used for improving the security of a multiprocessor system.

Claims

請求の範囲 The scope of the claims
[1] 複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共有バ ススレーブへのアクセスについてアクセス制御を行うアクセス制御装置であって、 前記ノ スマスタ力 前記共有バススレーブの所定領域へのアクセスを禁止するァク セス可否情報を格納するアクセス可否情報格納部と、  [1] A plurality of bus masters, an access control device that performs access control on access to at least one shared bus slave shared by the plurality of bus masters, wherein the no master is an access to a predetermined area of the shared bus slave. An access permission / non-permission information storage section for storing access permission / prohibition information for prohibiting
前記ノ スマスタ力 前記共有バススレーブの所望の領域にアクセス要求が行われ た場合、前記アクセス可否情報格納部のアクセス可否情報に基づいて、前記バスマ スタが前記アクセス要求先の共有バススレーブの領域にアクセス可能か否かを判定 するアクセス可否判定部と、  When an access request is made to a desired area of the shared bus slave, the bus master moves to the area of the shared bus slave of the access request destination based on the access permission information of the access permission information storage unit. An access permission / non-permission determining unit that determines whether access is possible;
を含むことを特徴とするアクセス制御装置。  An access control device comprising:
[2] 前記バスマスタ力 前記共有バススレーブの所望の領域へのアクセス要求に基づ V、て、前記アクセス要求を行ったノ スマスタを識別するノ スマスタ識別部をさらに含 み、  [2] The bus master capability further includes, based on the shared bus slave's access request to a desired area, V, a nosmaster identifying unit that identifies the nosmaster that has made the access request,
前記アクセス可否判定部は、前記ノ スマスタ識別部により識別されたバスマスタの アクセス可否情報に基づ 、て判定を行うことを特徴とする請求項 1に記載のアクセス 制御装置。  2. The access control device according to claim 1, wherein the access permission / inhibition determination unit makes the determination based on the access permission / inhibition information of the bus master identified by the nosmaster identification unit.
[3] 前記アクセス可否情報は、バスマスタ毎の共有バススレーブにおけるアクセス禁止 領域を指定する禁止アドレスまたはアクセス許可領域を指定する許可アドレスであり 前記アクセス可否判定部は、前記バスマスタに対応する禁止アドレスまたは許可ァ ドレスに基づ 、て、前記バスマスタが前記アクセス要求先の共有バススレーブの領域 にアクセス可能か否かを判定することを特徴とする請求項 1に記載のアクセス制御装 置。  [3] The access permission / prohibition information is a prohibition address for specifying an access prohibition area or a permission address for specifying an access permission area in a shared bus slave for each bus master. 2. The access control device according to claim 1, wherein the bus master determines whether or not the bus master can access the area of the shared bus slave to which the access request is made, based on the permission address.
[4] 前記禁止アドレスは、バスマスタ毎の共有バススレーブへの書き込みアクセス禁止 領域、または共有バススレーブからの読出しアクセス禁止領域または共有バススレー ブへの全アクセス禁止領域を指定するアドレスであり、  [4] The prohibited address is an address that specifies a write access prohibited area to the shared bus slave for each bus master, a read access prohibited area from the shared bus slave, or an all access prohibited area to the shared bus slave.
前記許可アドレスは、共有バススレーブへの読み出しアクセス許可領域、または共 有バススレーブからの読み出しアクセス許可領域または共有バススレーブへの全ァク セス許可領域を指定するアドレスであることを特徴とする請求項 3に記載のアクセス 制御装置。 The permission address is a read access permission area to the shared bus slave, or a read access permission area to the shared bus slave or all the addresses to the shared bus slave. 4. The access control device according to claim 3, wherein the address is an address for specifying an access permission area.
[5] 前記アクセス可否情報は、各バスマスタの動作状態毎に格納されており、  [5] The access availability information is stored for each operation state of each bus master,
前記アクセス可否判定部は、前記アクセス要求を行ったバスマスタの動作状態を受 信し、その動作状態と前記バスマスタの動作状態毎のアクセス可否情報とに基づい て、前記アクセス要求を行ったバスマスタが前記アクセス要求先の共有バススレーブ の領域にアクセス可能力否かを判定することを特徴とする請求項 1に記載のアクセス 制御装置。  The access permission / inhibition determination unit receives an operation state of the bus master that has made the access request and, based on the operation state and the access permission information for each operation state of the bus master, determines whether the bus master that has made the access request has 2. The access control device according to claim 1, wherein it is determined whether or not the area of the shared bus slave to which the access request is made is accessible.
[6] 前記共有バススレーブは、各種制御レジスタであり、  [6] The shared bus slaves are various control registers,
前記アクセス可否情報は、前記各種制御レジスタへのアクセスを禁止する情報であ り、  The access permission / prohibition information is information for prohibiting access to the various control registers.
前記アクセス可否判定部は、前記バスマスタ力 前記各種制御レジスタの所望の領 域にアクセス要求が行われた場合、前記各種制御レジスタへのアクセス可否情報に 基づ 、て、前記アクセス要求を行ったバスマスタが前記アクセス要求先の各種制御 レジスタの領域にアクセス可能力否かを判定することを特徴とする請求項 1に記載の アクセス制御装置。  When an access request is made to a desired area of the various control registers, the access permission / inhibition determination unit is configured to perform the access request to the bus master based on the access permission information to the various control registers. 2. The access control device according to claim 1, wherein the access control device determines whether or not the access request destination can access areas of the various control registers.
[7] 前記各種制御レジスタは、 DMA (Direct Memory Access)制御情報を格納する DM [7] The various control registers are DMs for storing DMA (Direct Memory Access) control information.
A制御レジスタであり、 A control register
前記アクセス可否情報は、前記 DMA制御レジスタへのアクセスを禁止する情報で あり、  The access permission information is information for prohibiting access to the DMA control register.
前記アクセス可否判定部は、前記バスマスタ力 前記 DMA制御レジスタの所望の 領域にアクセス要求が行われた場合、前記 DMA制御レジスタへのアクセス可否情報 に基づ!/、て、前記アクセス要求を行ったバスマスタが前記アクセス要求先の DMA制 御レジスタの領域にアクセス可能力否かを判定することを特徴とする請求項 6に記載 のアクセス制御装置。  When an access request is made to a desired area of the DMA control register, the access permission / inhibition determination unit makes the access request based on the access permission / inhibition information to the DMA control register. 7. The access control device according to claim 6, wherein the bus master determines whether or not the area of the DMA control register of the access request destination is accessible.
[8] 前記バスマスタ及び前記共有バススレーブ間のデータバス上に、前記バスマスタか ら前記共有バススレーブに出力されるデータを暗号ィ匕し、前記共有バススレーブから 前記バスマスタに出力されるデータを復号ィ匕するバス暗号部をさらに含むことを特徴 とする請求項 1に記載のアクセス制御装置。 [8] Data output from the bus master to the shared bus slave is encrypted on a data bus between the bus master and the shared bus slave, and data output from the shared bus slave to the bus master is decrypted. It is further characterized by further including a bus encryption unit for making a droid. 2. The access control device according to claim 1, wherein:
[9] 前記アクセス要求を行ったバスマスタが実行するプログラムを認証するプログラム認 証部をさらに含み、 [9] a program authentication unit that authenticates a program executed by the bus master that has made the access request,
前記アクセス可否判定部は、前記プログラム認証部での認証結果及び前記ァクセ ス可否情報格納部のアクセス可否情報に基づ 、て、前記アクセス要求を行ったバス マスタが前記アクセス要求先の共有バススレーブの領域にアクセス可能か否かを判 定することを特徴とする請求項 1に記載のアクセス制御装置。  The access permission / inhibition judging section is configured such that, based on the authentication result in the program authentication section and the access permission / inhibition information in the access permission / inhibition information storage section, the bus master that has made the access request is a shared bus slave of the access request destination. 2. The access control device according to claim 1, wherein it is determined whether or not an area can be accessed.
[10] 前記バスマスタは、前記アクセス可否情報格納部に格納されたアクセス可否情報に アクセスするための専用命令を有し、前記専用命令実行時に前記専用命令をデコー ドして前記アクセス可否情報にアクセスするためのアクセス要求を発行し、  [10] The bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and decodes the dedicated instruction to access the access permission information when the dedicated instruction is executed. Issue an access request to
前記アクセス可否判定部は、前記専用命令に基づくアクセス要求を受信し、前記プ ログラム認証部から受信した認証結果に基づいて前記アクセス要求を実行する力否 かを判定することを特徴とする請求項 9に記載のアクセス制御装置。  The access permission / inhibition determination unit receives an access request based on the dedicated command, and determines whether or not the ability to execute the access request is based on an authentication result received from the program authentication unit. 10. The access control device according to 9.
[11] 前記バスマスタは、前記アクセス可否情報格納部に格納されたアクセス可否情報に アクセスするための専用命令を有し、前記専用命令実行時に前記専用命令をデコー ドして前記アクセス可否情報にアクセスするためのアクセス要求を発行することを特 徴とする請求項 1に記載のアクセス制御装置。  [11] The bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and decodes the dedicated instruction to access the access permission information when the dedicated instruction is executed. 2. The access control device according to claim 1, wherein the access control device issues an access request for the access control.
[12] 前記アクセス可否情報格納部は特定のアドレスが割り当てられたレジスタであり、前 記バスマスタが前記特定のアドレスへのアクセス要求を発行することで、前記アクセス 可否情報格納部に格納されたアクセス可否情報へのアクセスを要求することを特徴 とする請求項 1に記載のアクセス制御装置。  [12] The access permission / non-permission information storage unit is a register to which a specific address is assigned. When the bus master issues an access request to the specific address, the access permission / rejection information storage unit stores the access permission / rejection information storage unit. 2. The access control device according to claim 1, wherein the access control device requests access to permission information.
[13] 前記アクセス可否情報は、アクセス可否情報へのアクセスを許可する力否かについ ての制限情報を含み、  [13] The access permission / non-permission information includes restriction information on whether or not the user has permission to access the access permission / prohibition information,
前記アクセス可否判定部は、前記制限情報に基づいて、前記アクセス可否情報に アクセス可能力否かを判定することを特徴とする請求項 11または 12に記載のァクセ ス制御装置。  13. The access control device according to claim 11, wherein the access permission / inhibition determination unit determines whether or not the access permission / inhibition information is accessible based on the restriction information.
[14] 前記アクセス可否判定部にお 、て、前記アクセス要求を行ったバスマスタが前記ァ クセス要求先の共有バススレーブの領域にアクセスができな 、と判定された場合、前 記アクセス要求を行ったバスマスタにダミー応答を行うダミー応答部をさらに含むこと を特徴とする請求項 1に記載のアクセス制御装置。 [14] When the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made, 2. The access control device according to claim 1, further comprising a dummy response unit that performs a dummy response to the bus master that has made the access request.
[15] 前記アクセス可否判定部において、前記アクセス要求を行ったバスマスタが前記ァ クセス要求先の共有バススレーブの領域にアクセスができな 、と判定された場合、前 記アクセス要求先の共有バススレーブにダミーアクセスを行うダミーアクセス部をさら に含むことを特徴とする請求項 1に記載のアクセス制御装置。 [15] In the access permission / inhibition determination unit, when it is determined that the bus master making the access request cannot access the area of the shared bus slave to which the access request is made, the shared bus slave to which the access request is made is given. 2. The access control device according to claim 1, further comprising a dummy access unit that performs dummy access.
[16] 複数のバスマスタと、 [16] With multiple bus masters,
前記複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共 有バススレーブへのアクセスについてアクセス制御を行うアクセス制御装置とを含み  An access control device for controlling access to at least one shared bus slave shared by the plurality of bus masters;
前記アクセス制御装置は、 The access control device,
前記バスマスタから前記共有バススレーブへのアクセスを禁止するアクセス可否情 報を格納するアクセス可否情報格納部と、  An access information storage unit that stores access information prohibiting access from the bus master to the shared bus slave;
前記ノ スマスタ力 前記共有バススレーブの所望の領域へのアクセス要求が行わ れた場合、前記アクセス可否情報格納部のアクセス可否情報に基づいて、前記バス マスタが前記アクセス要求先の共有バススレーブの領域にアクセス可能か否かを判 定するアクセス可否判定部と、  In the case where an access request to the desired area of the shared bus slave is made, the bus master sets the area of the shared bus slave to which the access request is made based on the access availability information of the access availability information storage unit. An access permission / non-permission determining unit that determines whether or not access is possible;
を有することを特徴とするシステム LSI。  A system LSI comprising:
[17] 前記複数のバスマスタがアクセス可能なノ ススレーブをさらに含むことを特徴とする 請求項 16に記載のシステム LSI。 17. The system LSI according to claim 16, further comprising a noslave accessible by the plurality of bus masters.
[18] 複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共有バ ススレーブへのアクセスについてアクセス制御を行う DMA制御装置であって、 DMA (Direct Memory Access)制御を行う DMAコントローラと、 [18] A plurality of bus masters, a DMA controller which performs access control on access to at least one shared bus slave shared by the plurality of bus masters, and a DMA controller which performs DMA (Direct Memory Access) control;
前記共有バススレーブへのアクセスを制御するメモリスケジューラとを含み、 前記メモリスケジューラは、前記請求項 1に記載のアクセス制御装置を有することを 特徴とする DMA制御装置。  A DMA control device, comprising: a memory scheduler for controlling access to the shared bus slave, wherein the memory scheduler has the access control device according to claim 1.
[19] 複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共有バ ススレーブへのアクセスについてアクセス制御を行う DMA制御装置であって、 DMA (Direct Memory Access)制御を行う DMAコントローラと、 [19] A DMA controller which performs access control on access to at least one shared bus slave shared by the plurality of bus masters, A DMA controller that performs DMA (Direct Memory Access) control,
前記共有バススレーブへのアクセスを制御するメモリスケジューラとを含み、 前記 DMAコントローラは、前記請求項 1に記載のアクセス制御装置を有することを 特徴とする DMA制御装置。  A DMA controller, comprising: a memory scheduler for controlling access to the shared bus slave, wherein the DMA controller has the access controller according to claim 1.
[20] 複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共有バ ススレーブへのアクセスについてアクセス制御を行う DMA制御装置であって、 [20] A DMA controller which performs access control on access to at least one shared bus slave shared by the plurality of bus masters,
DMA (Direct Memory Access)制御を行う DMAコントローラと、  A DMA controller that performs DMA (Direct Memory Access) control,
前記共有バススレーブへのアクセスを制御するメモリスケジューラとを含み、 前記メモリスケジューラは前記請求項 1に記載のアクセス制御装置を有し、前記 D A memory scheduler for controlling access to the shared bus slave, wherein the memory scheduler has the access control device according to claim 1;
MAコントローラは前記請求項 1に記載のアクセス制御装置を有することを特徴とするAn MA controller has the access control device according to claim 1.
DMA制御装置。 DMA controller.
[21] 複数のバスマスタ力 前記複数のバスマスタにより共有される少なくとも 1の共有バ ススレーブへのアクセスについてアクセス制御を行うアクセス制御方法であって、 前記バスマスタから前記共有バススレーブへのアクセスを禁止するアクセス可否情 報を格納する格納ステップと、  [21] An access control method for performing access control on access to at least one shared bus slave shared by the plurality of bus masters, wherein the access prohibits access from the bus master to the shared bus slave. A storage step for storing availability information;
前記ノ スマスタ力 前記共有バススレーブの所望の領域へのアクセス要求が行わ れた場合、前記アクセス可否情報格納部のアクセス可否情報に基づいて、前記バス マスタが前記アクセス要求先の共有バススレーブの領域にアクセス可能か否かを判 定する判定ステップと、  In the case where an access request to the desired area of the shared bus slave is made, the bus master sets the area of the shared bus slave to which the access request is made based on the access availability information of the access availability information storage unit. A determining step of determining whether or not access is possible;
を含むことを特徴とするアクセス制御方法。  An access control method comprising:
PCT/JP2005/009512 2004-06-14 2005-05-25 Access control device and access control method WO2005121979A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004175207A JP2007264679A (en) 2004-06-14 2004-06-14 Access controller and access control method
JP2004-175207 2004-06-14

Publications (1)

Publication Number Publication Date
WO2005121979A1 true WO2005121979A1 (en) 2005-12-22

Family

ID=35503254

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/009512 WO2005121979A1 (en) 2004-06-14 2005-05-25 Access control device and access control method

Country Status (2)

Country Link
JP (1) JP2007264679A (en)
WO (1) WO2005121979A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007132741A1 (en) * 2006-05-11 2007-11-22 Panasonic Corporation Dma control device
JP2009523280A (en) * 2006-01-13 2009-06-18 フリースケール セミコンダクター インコーポレイテッド Protection system and operation method thereof
US7793083B2 (en) 2004-11-26 2010-09-07 Panasonic Corporation Processor and system for selectively disabling secure data on a switch
CN114968881A (en) * 2021-02-25 2022-08-30 精工爱普生株式会社 Circuit device and electronic apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS59121561A (en) * 1982-12-28 1984-07-13 Fuji Facom Corp Common resource access protecting system in multiprocessor system
JPS59191198A (en) * 1983-04-14 1984-10-30 Hitachi Ltd Memory protecting device
JPH03212749A (en) * 1990-01-17 1991-09-18 Fuji Xerox Co Ltd Multiprocessor system
JP2000353128A (en) * 1999-04-29 2000-12-19 Internatl Business Mach Corp <Ibm> System and method for selectively limiting access to memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS59121561A (en) * 1982-12-28 1984-07-13 Fuji Facom Corp Common resource access protecting system in multiprocessor system
JPS59191198A (en) * 1983-04-14 1984-10-30 Hitachi Ltd Memory protecting device
JPH03212749A (en) * 1990-01-17 1991-09-18 Fuji Xerox Co Ltd Multiprocessor system
JP2000353128A (en) * 1999-04-29 2000-12-19 Internatl Business Mach Corp <Ibm> System and method for selectively limiting access to memory

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7793083B2 (en) 2004-11-26 2010-09-07 Panasonic Corporation Processor and system for selectively disabling secure data on a switch
JP2009523280A (en) * 2006-01-13 2009-06-18 フリースケール セミコンダクター インコーポレイテッド Protection system and operation method thereof
US8806654B2 (en) 2006-01-13 2014-08-12 Freescale Semiconductor, Inc. Controlling the access of master elements to slave elements over a communication bus
WO2007132741A1 (en) * 2006-05-11 2007-11-22 Panasonic Corporation Dma control device
CN114968881A (en) * 2021-02-25 2022-08-30 精工爱普生株式会社 Circuit device and electronic apparatus
CN114968881B (en) * 2021-02-25 2023-12-05 精工爱普生株式会社 Circuit arrangement and electronic device

Also Published As

Publication number Publication date
JP2007264679A (en) 2007-10-11

Similar Documents

Publication Publication Date Title
US7444668B2 (en) Method and apparatus for determining access permission
CN109766165B (en) Memory access control method and device, memory controller and computer system
JP4602403B2 (en) Endianness control method and apparatus in data processing system
US7010684B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US7139915B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
KR100629069B1 (en) Control function based on requesting master id and a data address within an integrated system
US7434264B2 (en) Data processing system with peripheral access protection and method therefor
US7277972B2 (en) Data processing system with peripheral access protection and method therefor
US8060925B2 (en) Processor, memory, computer system, and method of authentication
JP4945053B2 (en) Semiconductor device, bus interface device, and computer system
JP2000347942A (en) Information processor
JPH09259045A (en) Security system device for memory card and the memory card
KR20090095843A (en) Processor apparatus having secure performance
TW201411405A (en) Protecting secure software in a multi-security-CPU system
JP4591163B2 (en) Bus access control device
WO2005121979A1 (en) Access control device and access control method
JP2007310601A (en) Microcomputer and method for protecting its software
US20080028226A1 (en) System-on-a-chip and method for securely transferring data on a system-on-a-chip
JP2007109053A (en) Bus access controller
WO2007020758A1 (en) Lsi for ic card
JP5324676B2 (en) Processor, bus interface device, and computer system
JP5380392B2 (en) Semiconductor device, bus interface device, and computer system
CN115905108A (en) IOPMP architecture implementation method for RISC-V chip
CN116361841A (en) Access authentication method, system, terminal device, server and storage medium
CN114041133A (en) Integrated chip and data processing method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP