WO2005121979A1 - Dispositif de contrôle d'accès et procédé de contrôle d'accès - Google Patents

Dispositif de contrôle d'accès et procédé de contrôle d'accès Download PDF

Info

Publication number
WO2005121979A1
WO2005121979A1 PCT/JP2005/009512 JP2005009512W WO2005121979A1 WO 2005121979 A1 WO2005121979 A1 WO 2005121979A1 JP 2005009512 W JP2005009512 W JP 2005009512W WO 2005121979 A1 WO2005121979 A1 WO 2005121979A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
permission
bus master
bus
shared
Prior art date
Application number
PCT/JP2005/009512
Other languages
English (en)
Japanese (ja)
Inventor
Masaaki Harada
Hideyuki Kanzaki
Tomohiko Kitamura
Original Assignee
Matsushita Electric Industrial Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co., Ltd. filed Critical Matsushita Electric Industrial Co., Ltd.
Publication of WO2005121979A1 publication Critical patent/WO2005121979A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • G06F13/36Handling requests for interconnection or transfer for access to common bus or bus system
    • G06F13/362Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control
    • G06F13/364Handling requests for interconnection or transfer for access to common bus or bus system with centralised access control using independent requests or grants, e.g. using separated request and grant lines

Definitions

  • the present invention relates to an access control device that controls access between a bus master and a shared bus slave.
  • Patent Document 1 discloses a multiprocessor system in which each processor has an access restriction mechanism as a mechanism for restricting access to a shared memory.
  • the access restriction mechanism in each processor restricts access by executing software programs that prevent the generation of addresses.
  • Patent Document 2 discloses a method in which a dedicated memory is provided for each processor so that only the specific processor can access the dedicated memory of the specific processor.
  • Patent Document 1 Patent No. 2661733
  • Patent Document 2 JP-A-6-96235
  • an address generation protection device is provided for each central processing unit as an access restriction mechanism. Then, access control to the shared memory of the corresponding processor is performed by software processing for each address generation protection device. Also, there is no restriction on rewriting of software for restricting access. Therefore, for example, the sequence of a program that executes access restrictions or the specifications of hardware are exploited, and if the program is tampered with, unauthorized access to the access-restricted area of another processor can be made. Like this. As a result, there is a risk that confidential data and programs are falsified or stolen, which poses a security problem.
  • an object of the present invention is to improve security in a multiprocessor system while reducing cost increase.
  • the first invention of the present application is an access control device that performs access control on access to at least one shared bus slave that is shared by a plurality of bus masters in order to solve the above problem. And the following components.
  • the bus master moves the bus master to an area of the shared bus slave to which the access request is made based on the access permission information of the access permission information storage unit.
  • An access permission / non-permission determining unit that determines whether or not access is possible.
  • the access permission / inhibition determination section determines access permission / inhibition based on the access permission / inhibition information.
  • the shared bus slave means a shared resource such as a general-purpose memory and various control registers shared by a plurality of nosmasters. If access is prohibited by the access permission / inhibition judgment unit, the no-smaster cannot access the area requested by the shared bus slave. Therefore, only the bus master permitted by the access permission / non-permission determining unit can access the predetermined area of the shared bus slave, so that a dedicated area for a specific bus master can be secured on the shared bus slave.
  • bus masters share the shared bus slaves, it is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
  • the second invention of the present application is the bus master identification unit according to the first invention of the present application, which identifies a bus master that has made the access request based on an access request from the bus master to a desired area of the shared bus slave.
  • the access control device further comprises: an access control unit that performs the determination based on the access control information of the bus master identified by the bus master identification unit.
  • the bus master identification unit identifies whether an access request is made by any of the bus masters, and outputs the access request to the access availability determination unit.
  • the bus master identification unit may select whether to accept an access request from a shifted bus master. For example, an access request from a high-priority bus master is accepted.
  • the access permission / prohibition information is a prohibition address designating an access prohibition area or a permission address designating an access permission area in the shared bus slave for each path master.
  • the access permission / inhibition judging unit is characterized in that the bus master judges whether or not the bus master can access the area of the shared bus slave to which the access request is made, based on a prohibition address or a permission address corresponding to the bus master.
  • An access control device is provided.
  • the access permission / non-permission information storage unit stores, for each bus master, a prohibited address of an area in the shared bus slave where access is prohibited or a permitted address of an area where access is permitted.
  • the prohibited address or permitted address is compared with the address of the area of the shared bus slave to which the bus master has issued the access request. If the address of the access request destination is a prohibited address, the access by the bus master can be prohibited. On the other hand, if the address of the access request destination is a permitted address, access by the nosmaster can be permitted.
  • the prohibited address is a write access prohibited area for a shared bus slave for each bus master, or a read access prohibited area or a shared bus slave for the shared bus slave power.
  • the permission address specifies a read access permission area to the shared bus slave, a read access permission area from the shared bus slave, or a total access permission area to the shared bus slave.
  • An access control device characterized in that it is an address to be accessed.
  • the access permission / inhibition information is stored for each operation state of each bus master, and the access permission / inhibition determination unit operates in the operation state of the bus master that has issued the access request.
  • the access permission / inhibition determination unit operates in the operation state of the bus master that has issued the access request.
  • the access permission / non-permission information for each operation state of the bus master based on whether the bus master that has made the access request can access the area of the shared bus slave to which the access request is made or not.
  • the present invention provides an access control device characterized by determining
  • the shared bus slave is various control registers
  • the access availability information is information for inhibiting access to the various control registers.
  • the access permission / inhibition determination unit is configured to perform the access request based on the access permission / inhibition information for the various control registers.
  • the present invention provides an access control device for determining whether or not an access request destination is capable of accessing various control register areas.
  • An access request is made from the bus master to a desired area of the shared control registers.
  • the access permission / inhibition determination unit determines access permission / inhibition based on the access permission / inhibition information. Therefore, only the bus master permitted by the access permission / inhibition judging section can access the areas of the shared various control registers. For example, it is possible to prevent a bus master other than a specific bus master from illegally accessing various control registers and rewriting various control information.
  • the various control registers are DMA control registers for storing DMA (Direct Memory Access) control information, and the access availability information is stored in the DMA control registers.
  • DMA Direct Memory Access
  • the access permission / inhibition determination unit determines whether or not the area of the DMA control register of the access request destination is accessible.
  • a DMA that can be activated only by a specific bus master for example, a DMA that decrypts encrypted data and transfers it to the local memory inside the LSI, and a bus master other than the specific bus master specifies the transfer destination to the LSI external memory and activates the DMA
  • a specific bus master for example, a DMA that decrypts encrypted data and transfers it to the local memory inside the LSI
  • a bus master other than the specific bus master specifies the transfer destination to the LSI external memory and activates the DMA
  • the eighth invention of the present application is the invention according to the first invention of the present application, wherein the data output to the shared bus slave is encrypted on the data bus between the bus master and the shared bus slave, Shared bus slave capability
  • An access control device further comprising a bus encryption unit for decrypting data output to the bus master.
  • bus encryption unit By providing the bus encryption unit on the data bus between the bus master and the shared bus slave, analysis by monitoring the data bus can be prevented. Therefore, security can be further improved.
  • the ninth invention of the present application is the first invention of the present application, further comprising a program authentication unit that authenticates a program executed by the bus master that has made the access request, wherein the access permission / inhibition determination unit includes: Based on the authentication result and the access availability information in the access availability information storage unit, the bus master that has made the access request determines whether or not it is possible to access the shared bus slave area of the access request destination. You An access control device is provided.
  • the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed.
  • An access request for decoding the instruction and accessing the access permission / inhibition information is issued.
  • the access permission / inhibition determination unit receives the access request based on the dedicated instruction and receives the access request based on the program authentication unit.
  • An access control device is provided, which determines whether to execute the access request.
  • the bus master has a dedicated instruction for accessing the access permission information stored in the access permission information storage unit, and the bus master executes the dedicated instruction when the dedicated instruction is executed.
  • An access control device for decoding an instruction and issuing an access request for accessing the access availability information is provided.
  • the access permission / non-permission information storage unit is a register to which a specific address is assigned, and the bus master accesses the specific address so that the access is performed.
  • An access control device characterized in that access to access permission information stored in a permission information storage unit is enabled.
  • the access permission / non-permission information includes restriction information on whether or not the user has permission to access the access permission / prohibition information. And an access control device for determining whether or not the access permission / inhibition information is accessible based on the restriction information.
  • the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made.
  • the access control device further includes a dummy response unit that performs a dummy response to the bus master that has made the access request.
  • the dummy response means a dummy response that causes the bus master to erroneously recognize that the response is a response obtained from the actual access request destination.
  • a bus master performs a write operation in an access prohibited area of a shared bus slave
  • a dummy response such as completion of reception of an access request and completion of data writing is performed without performing a write operation as requested.
  • a dummy response such as completion of acceptance of an access request is performed without performing the read operation as requested. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave, and analysis for accessing the access prohibited area can be prevented.
  • the access permission / inhibition determination unit determines that the bus master that has made the access request cannot access the area of the shared bus slave to which the access request is made.
  • the access control apparatus further includes a dummy access unit that performs a dummy access to the shared bus slave of the access request destination.
  • the dummy access means a dummy access that causes a bus observer to mistakenly determine that an access has been made to an actual access request destination. Even if it is determined that the nosmaster cannot access the shared bus slave area, some dummy access is performed to the shared bus slave. This dummy access can prevent analysis by monitoring the data bus between the bus master and the shared bus slave. For example, the analysis of the data bus for distinguishing between the access prohibited area and the access permitted area on the shared bus slave can be prevented.
  • a dummy access in the case of a write operation, for example, an access destination Access is performed by writing while masking the data in the area, or issuing a read command instead of a write command. In the case of a read operation, for example, an access such as issuing a read command to an area to which access is permitted is performed.
  • a sixteenth invention of the present application includes a plurality of bus masters, and an access control device that performs access control on access to at least one shared bus slave whose power is also shared by the plurality of bus masters,
  • the access control device includes: an access permission / non-permission information storage unit that stores access permission / prohibition information for prohibiting access from the bus master to the shared bus slave; and an access request from the bus master to a desired area of the shared bus slave.
  • the access permission / inhibition determination unit determines whether the bus master can access the area of the shared bus slave of the access request destination based on the access permission information in the access permission information storage unit.
  • a system LSI characterized by having
  • a seventeenth invention of the present application provides the system LSI of the sixteenth invention of the present application, further comprising another bus slave accessible to the plurality of bus masters.
  • the number of masters is not limited to one, and a plurality of masters can be provided.
  • the eighteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters.
  • the memory scheduler has the access control device of the first invention of the present application.
  • the bus master S memory scheduler when accessing a shared bus slave via the bus master S memory scheduler, only the bus master permitted by the access permission / non-permission determining unit can access a predetermined area of the shared bus slave. Therefore, similarly to the first invention of the present application, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal operations by bus masters other than the specific bus master are performed. Access can be prohibited and security can be improved.
  • bus masters share the shared bus slaves! /, It is not necessary to separately provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing a bus wiring and a terminal for connecting a separate bus slave and a bus master.
  • the nineteenth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters.
  • a DMA controller that performs direct memory transfer has the access control device of the first invention of the present application.
  • the bus master accesses the shared bus slave via the DMA controller, only the nosmaster permitted by the access permission / non-permission judgment unit can access a predetermined area of the shared bus slave. Therefore, the same effect as the first invention of the present application can be obtained.
  • the twentieth invention of the present application is a DMA control device that performs access control on access to at least one shared bus slave in which a plurality of bus masters are shared by the plurality of bus masters.
  • the bus master can access the shared bus slave via a memory scheduler or a DMA controller. Therefore, since each of the memory scheduler and the DMA controller has the access control device, the access to the shared bus slave can be restricted.
  • the twentieth invention of the present application is directed to an access control for performing access control on access to at least one shared bus slave in which a plurality of bus masters are also shared by the plurality of bus masters.
  • a method for storing access permission / prohibition information for inhibiting access to the shared bus slave from the bus master, and when an access request to a desired area of the shared bus slave is made from the bus master, Determining whether the bus master can access the area of the shared bus slave to which the access request is made, based on the access permission information of the access permission information storage unit. Provide a method.
  • the access control device of the present invention By using the access control device of the present invention, unauthorized access to the shared bus slave by a bus master other than a specific bus master can be prohibited, and security can be improved.
  • FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment.
  • FIG. 2 is an example of access permission information stored in DB33.
  • FIG. 3 is an example of a flowchart showing an example of access control processing.
  • FIG. 4 is a configuration diagram of a multiprocessor system according to a second embodiment.
  • FIG. 5 is an example of access permission / prohibition information corresponding to an operation state stored in DB33.
  • FIG. 6 is a configuration diagram of a multiprocessor system according to a third embodiment.
  • Access permission information An example of rewrite command permission information in DB33.
  • FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment.
  • FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment.
  • FIG. 10 is a configuration diagram of a multiprocessor system according to a sixth embodiment.
  • FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment.
  • FIG. 12 is another configuration diagram of the multiprocessor system according to the seventh embodiment.
  • FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment.
  • FIG. 14 is another configuration diagram of the multiprocessor system according to the eighth embodiment.
  • FIG. 15 is a configuration diagram of a multiprocessor system according to a ninth embodiment.
  • FIG. 16 is a configuration diagram (1) of a multiprocessor system according to a tenth embodiment.
  • FIG. 17 is a configuration diagram (2) of a multiprocessor system according to a tenth embodiment.
  • FIG. 18 is a configuration diagram (3) of a multiprocessor system according to a tenth embodiment.
  • FIG. 19 is a configuration diagram (4) of a multiprocessor system according to a tenth embodiment.
  • the multiprocessor system having the access control unit of the present invention shares resources such as processor memories.
  • the shared memory of the multiprocessor system is configured by a dedicated processor dedicated area, which area is divided and assigned to each processor, and a shared area shared by the multiprocessors.
  • a plurality of processors constituting the multiprocessor system are connected to an access control unit for restricting access to the shared memory.
  • the access control unit prohibits accesses other than the area allocated to the processor. Therefore, unauthorized access by processors other than the specific processor can be prohibited, and security can be improved.
  • FIG. 1 is a configuration diagram of a multiprocessor system according to a first embodiment of the present invention.
  • a multiprocessor system 1000 having an access control unit includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, an IF (lnterFace) unit 400, and a shared bus slave 500.
  • the multiprocessor 100 has a first bus master 10a, a second bus master 10b, and a third bus master 10c, which are processors.
  • the first bus master 10a, the second bus master 10b, the third bus master 10c,... Share the shared bus slave 500 as a shared resource such as a memory.
  • the nosmaster identification unit 200 is connected to the first bus master 10a, the second bus master 10b, the third bus master 10c,..., And receives an access request from each nosmaster 10.
  • the identification result and the access request in the bus master identification unit 200 are input to the access control unit 300, and are input to the shared bus slave 500 via the IF unit 400. Then, the access result from the shared bus slave 500 is output to each bus master 10 via the IF unit 400.
  • the shared bus slave 500, the bus master identification unit 200, the access control unit 300, and the IF unit 400 will be described.
  • the shared bus slave 500 is a general-purpose memory or the like, and is shared by the first bus master 10a, the second bus master 10b, the third bus master 10c,.
  • the shared bus slave 500 is divided, and as shown in FIG. 1, a first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and so on are assigned to each bus master.
  • the shared area 51 to be shared is allocated.
  • the bus master identification unit 200 Upon receiving an access request from the bus master 10 to the shared bus slave 500, the bus master identification unit 200 identifies which bus master 10 is the access request. Then, it outputs the access request and the identification result to access control section 300.
  • an access request is made from a plurality of bus masters 10, for example, it is determined which access request from which bus master 10 has priority according to the priority.
  • the bus master is identified by detecting which input port accesses the bus. There is a way to do it.
  • the access request is made by a signal such as an address for accessing a desired area in the shared bus slave 500 and write data.
  • the access control section 300 includes an access permission / non-permission determining section 31 and an access permission / non-permission information DB33.
  • Access permission information DB33 stores access permission information for each nosmaster 10.
  • the access permission / prohibition information is information that prohibits the shared bus slave 500 from accessing a predetermined area for each bus master 10.
  • FIG. 2 shows an example of the access permission information stored in the access permission information DB 33.
  • the access prohibited area in the shared bus slave 500 is designated for each bus master 10 by the access prohibited area start address and the access prohibited area end address. If the access prohibited area start address and the access prohibited area end address are the same address, the access prohibited area exists. Shall not. Based on the access permission / non-permission information shown in FIG.
  • the access prohibited area is an area that prohibits only write access to the shared bus slave 500, an area that prohibits only read access from the shared bus slave 500, or prohibits both write and read access. Or an area where all access is prohibited. By doing so, it is possible to increase the degree of freedom such as permitting only reading of data from the shared bus slave or permitting only writing for each nosmaster.
  • the access permission / non-permission determining section 31 determines access permission / rejection by comparing the access request / identification result input from the bus master identification section 200 with the access permission / prohibition information in the access permission / prohibition information DB 33. For example, it is assumed that the second bus master 10b is identified by the bus master identification unit 200, and an access request to the address 0x8000-0000 in the shared bus slave 500 is input from the second bus master 10b to the access availability determination unit 31.
  • the access permission / inhibition determination unit 31 refers to the access permission / inhibition information DB 33 and prohibits the second bus master 10b from accessing the address 0x8000 — 0000 to 8000 — FFFF! 2 Access to address 0x8000—0000 of bus master 10b is prohibited.
  • the access permission / non-permission determination unit 31 permits the second bus master 10b to access the shared bus slave 500. I do.
  • the access permission / non-permission judgment unit 31 outputs the result of the judgment to the IF unit 400.
  • connection between the bus master identification unit 200 and the access control unit 300 has a hard-wired configuration, since the identification result can be prevented from being falsified.
  • the access permission / prohibition information may be an access permission address that specifies an access permission area for permitting the shared bus slave 500 to access a predetermined area in each power bus master 10, which is information on an access prohibition area.
  • the access permitted area where access is permitted is an area that permits only write access to the shared bus slave 500, an area that permits only read access from the shared bus slave 500, or both an area that permits writing and reading. May be prohibited, or all access may be prohibited.
  • an access request to the access permitted area is made, The access to the shared bus slave from the bus master that has made the bus request is permitted.
  • an access request is made to an area other than the access permitted area, access to the shared bus slave 500 from the bus master making the access request is prohibited.
  • the access request by the bus master 10 may be made by the bus master 10 designating a specific address allocated to the access permission / non-permission information DB 33.
  • the access permission information DB33 is, for example, a register to which a specific address is assigned.
  • the IF section 400 receives the access request and the determination result from access permission / inhibition determination section 31.
  • the IF unit 400 generates a command for accessing the shared bus slave 500 based on the access request and the determination result. For example, when the shared bus slave 500 is a DRAM (Dynamic Random Access Memory), commands such as a RAS (Row Address Strobe signal) and a CAS (Column Address Strobe signal) for controlling the DRAM are generated. If the bus master 10 is permitted to access the area of the access request destination in the shared bus slave 500, the IF unit 400 accesses the area to which the access request was made based on the generated command. In addition, data reading and data writing are executed. When the data has been read, the IF unit 400 outputs the read data to the bus master 10 that has made the access request.
  • DRAM Dynamic Random Access Memory
  • the IF unit 400 may notify the bus master 10 that has made the access request that the access to the access request destination area is prohibited. good.
  • the IF unit 400 further includes a dummy response unit 41 for performing a dummy response and a dummy access unit 42 for performing a dummy access.
  • the dummy response is to make the bus master 10 erroneously recognize that the dummy request is a response that also has the actual access request destination when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination. Means a dummy response to be made.
  • the dummy response unit 41 returns a dummy response to the bus master 10 when the access permission determination unit 31 determines that the access request from the bus master 10 is an access request to the access prohibited area.
  • the dummy response unit 41 Create a dummy response such as completion of reception of an access request and completion of data writing. Then, the created dummy response is sent to the bus master 10 without performing the write operation as requested. Further, the dummy access unit 42 may access a dummy area in the shared bus slave 500 that is not related to the area to which the access request is made, and perform the write operation.
  • the dummy response unit 41 completes the reception of the access request and performs dummy operations such as predetermined read data.
  • the dummy access unit 42 may access a dummy area irrelevant to the access request destination area and perform the read operation. Therefore, it is difficult to distinguish between the access prohibited area and the access permitted area on the shared bus slave 500, and it is possible to prevent analysis for accessing the access prohibited area. It is preferable to output random data or fixed values to the bus master, because the analysis becomes more difficult.
  • Dummy access means that when it is determined that the bus master 10 cannot access the area of the shared bus slave 500 of the access request destination, the access to the actual access request destination is shared with the IF unit 400. This means a dummy access performed to observe a signal between the bus slave 500 and a person who tries to steal information illegally. Even if it is determined that the nosmaster 10 cannot access the area of the shared bus slave 500, some dummy access is performed to the shared bus slave 500. Therefore, analysis by monitoring data noise between the bus master 10 and the shared bus slave 500 can be prevented. For example, by tracing the data bus, it is possible to prevent the access prohibited area and the access permitted area on the shared bus slave 500 from being distinguished from each other.
  • a dummy access in the case of a write operation to an access prohibited area, access is permitted, for example, writing while masking data in the area of the access request destination, issuing a read command instead of a write command. Perform dummy access such as writing to an area that is not affected by writing.
  • a read operation to an access prohibited area an access such as issuing a read command to an area to which access is permitted is performed.
  • FIG. 3 is an example of a flowchart showing an example of the access control process.
  • Step S 10 The bus master identification unit 200 receives an access request from the bus master 10 to a desired area of the shared bus slave 500.
  • Step S11 The bus master identification unit 200 identifies which bus master 10 is the access request based on the received access request.
  • Step S12 As a result of the identification in step S11, the bus master identification section 200 determines whether or not an access request is made from a plurality of bus masters 10! If there is an access request from a plurality of bus masters 10, in step 13, the bus master 10 that is given the right to access the shared bus slave is selected. On the other hand, in the case of an access request from one bus master 10, the access request and the identification result are output to the access permission / non-permission determining unit 31.
  • Step S13 The bus master identifying section 200 selects a bus master according to the priority of receiving the access request.
  • the access request and identification result of the selected bus master 10 are output to the access permission / non-permission judgment unit 31.
  • Step S 14 The access permission / inhibition judging section 31 collates the access request and identification result from the bus master identification section 200 with the access permission information in the access permission information DB 33. For example, when the access request is the address of the access destination of the shared bus slave 500, whether the address is the address of the access prohibited area is checked with reference to the access permission / prohibition information DB33.
  • Step S15 If the access permission determination section 31 determines that access is permitted as a result of the comparison, access permission processing is performed in step S16. On the other hand, if it is determined that access is prohibited, access prohibition processing is performed in step S17.
  • Step S16 The IF unit 400 generates a command for accessing the access request destination area in the shared bus slave 500 based on the fact that the access is permitted by the access permission / non-permission determining unit 31. .
  • the shared bus slave 500 is controlled based on the generated command to read data from an access request destination area in the shared bus slave 500 or write data to the access request destination area. I do.
  • Step S17 The IF unit 400 performs an access prohibition process based on the fact that the access is prohibited by the access permission determination unit 31.
  • the access prohibition processing includes (A) notification of access prohibition to the bus master 10, (B) dummy response processing by the dummy response unit 41, (C) dummy access by the dummy access unit 42, and the like.
  • the microprocessor system 1000 With the above configuration, in the microprocessor system 1000 according to the first embodiment, only the bus master 10 permitted by the access permission determination unit 31 can access a desired area of the shared bus slave 500. Therefore, a dedicated area for the specific bus master 10 can be secured on the shared bus slave 500. For this reason, it is possible to prevent data and programs from being read or tampered with by unauthorized access by a bus master other than a specific bus master, and to prevent unauthorized execution of the program and improve security. For example, even if a bus master other than the specific bus master attempts to access the dedicated area of the specific bus master due to a program falsification or malfunction, the access can be prohibited.
  • this is effective when a debugger is connected and an attempt is made to access a dedicated bus master area on the shared bus slave 500 as a bus master.
  • the bus master identification unit 200 identifies from which bus master the access request is issued.
  • the access permission / non-permission determining unit 31 can prohibit the access request by recognizing, based on the access permission / prohibition information, that the access request is an access request to a non-permitted area.
  • bus master 10 shares the shared bus slave 500, it is not necessary to provide a dedicated bus slave for each specific bus master. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting the bus master 10 to a separate bus slave such as a dedicated DRAM or SRAM.
  • FIG. 4 is a configuration diagram of a multiprocessor system according to the second embodiment of the present invention.
  • the bus master identification unit 200 of the multiprocessor system 1000 according to the second embodiment receives an operation ID indicating the operation state of each bus master together with each bus master access request. Then, based on the access request, the bus master identification unit 200 identifies from which of the masters 10 the access request is. Further, the bus master identification unit 200 The identification result of the master, the access request and the operation ID are output to the access permission / non-permission judgment unit 31. When an access request is made from a plurality of bus masters 10, the bus master identification unit 200 selects a bus master that receives the access request.
  • the access permission / prohibition information DB 33 stores access permission / prohibition information according to the operation state of each bus master 10.
  • the access permission / non-permission determining unit 31 determines access permission / prohibition based on the identified operation state of the bus master 10 and the access permission / prohibition information.
  • Other configurations of the second embodiment are the same as those of the first embodiment.
  • the operating state includes, for example, information on a thread being executed.
  • FIG. 5 is an example of access permission / prohibition information according to the operation state stored in the access permission / prohibition information DB 33.
  • the access prohibition area is specified by the access prohibition start address and the access prohibition end address for each operation state of each bus master 10.
  • the operation ID is 0, the first bus master 10a can access the area of the address 0x8000—0000 to 8000—FFFF in the shared bus slave 500.
  • the operation ID is 1, access to the area at addresses 0x8000-0000 to 8000-FFFF is prohibited.
  • Step S 10 The bus master identification unit 200 receives an access request from the bus master 10.
  • Step S11 The bus master identification unit 200 identifies which bus master 10 is the access request. Further, the no-master identification unit 200 may identify the operation state of the bus master 10. The operation state is identified based on, for example, an operation ID input from the bus master 10 in response to an access request.
  • Steps S12 and S13 The bus master identification unit 200 selects the nosmaster 10, and outputs the access request, the identification result, and the operation state of the selected bus master 10 to the access availability determination unit 31.
  • Step S 14 The access permission / non-permission determining section 31 compares the access request from the bus master identifying section 200, the identification result, the operation state, and the access permission / prohibition information in the access permission / prohibition information DB 33. Collate.
  • Steps S15, S16, S17 If access is permitted, access permission processing is performed in step S16. On the other hand, if it is determined that the access is prohibited, the access prohibition process is performed in step S17!
  • FIG. 6 is a configuration diagram of a multiprocessor system according to the third embodiment.
  • the first bus master 10a has a dedicated instruction for accessing the access permission information.
  • Examples of the dedicated instruction include a read instruction for reading the access permission information and a write instruction for writing / rewriting the access permission information. Then, when accessing the access permission information, the first bus master 10a decodes the dedicated instruction and outputs an access request based on the dedicated instruction to the bus master identification unit 200. Bus master identification section 200 outputs an access request to access permission / inhibition determination section 31.
  • the access permission / non-permission judgment unit 31 determines whether the first bus master 10a It is determined based on the access permission information in the access permission information DB 33 whether or not to permit an access request for accessing the access permission information.
  • the access permission information in the access permission information DB 33 includes restriction information on whether access to the access permission information is permitted or not for each bus master.
  • FIG. 7 is an example of the restriction information in the access permission information DB33. In FIG. 7, whether or not access to the access permission information is permitted is set for each bus master as restriction information.
  • the restriction information may be information indicating whether or not access is possible for each type of access availability information of each bus master. That is, the information may prohibit only read access to the access permission information, prohibit only write access, or prohibit both read access and write access.
  • Other configurations of the third embodiment are the same as those of the first embodiment.
  • the access to the access permission information based on the dedicated instruction is performed by, for example, accessing a predetermined address of a register.
  • the multiprocessor system is configured as shown in FIG. 6, it is possible to change the access permission area of the bus master as follows by accessing the access permission information and rewriting the access permission information. For example, suppose a bus master downloads a new program via a network. When a certain bus master needs to extend the dedicated area in the shared bus slave 500 to execute the new program, a certain bus master decodes a write instruction for rewriting the access enable / disable information, and requests an access based on the write instruction. Is output. This access request is executed, for example, by accessing a specific address of the register 35 in the access permission / non-permission determining unit 31.
  • the bus master identification unit 200 receives an access request based on a write instruction, and identifies the bus master making the access request.
  • the access permission / inhibition determination unit 31 determines whether to permit the access request output by the nosmaster based on the access permission information in the access permission information DB 33.
  • the access availability information in the access availability information DB33 includes, for each bus master, restriction information as to whether or not the access request based on the write instruction is permitted. If the access request by the identified nosmaster is permitted, the access permission information in the access permission information DB 33 is rewritten based on the access request to the access permission information. With this rewrite, the bus master is now in the extended shared bus slave 500 It is possible to execute a new program using the area. On the other hand, when access is prohibited based on the access permission information, execution of rewriting of the access permission information is prohibited.
  • the bus master identification unit 200 receives an access request based on a read command from the bus master, and identifies the bus master that has output the access request.
  • the access permission / non-permission determining unit 31 reads the access permission / prohibition information in the access permission / prohibition information DB 33 based on the read command only when reading by the identified bus master is permitted. Then, the read access permission / inhibition information is output to the IF unit 400 and output to the bus master that has issued the read instruction.
  • the access request to the access permission information is performed using the same node as the access request to the shared bus slave. Good.
  • FIG. 8 is a configuration diagram of a multiprocessor system according to a fourth embodiment of the present invention.
  • the multiprocessor system 1000 according to the fourth embodiment has a program authentication unit 21 in a bus master identification unit 200. When the program is authenticated by the program authentication unit 21, the access request is permitted.
  • Other configurations of the fourth embodiment are the same as those of the first embodiment.
  • the program authentication unit 21 authenticates whether the program executed by the bus master 10 is legitimate or illegal, and outputs the authentication result to the access permission / non-permission determining unit 31.
  • program authentication is performed using encryption / decryption techniques such as a public key, a secret key, and an electronic signature. Then, the program authentication unit 21 outputs the authentication result to the access permission determination unit 31.
  • the access permission determination unit 31 prohibits the access request from the bus master 10.
  • the access permission / non-permission determining unit 31 checks the access request of the bus master 10 against the access permission / prohibition information in the access permission / prohibition information DB 33, and the access is prohibited if the access request is permitted but the program is not authenticated. You. That is, the access permission / non-permission determining unit 31 permits the access request of the bus master 10 only when the program is authenticated and the access request is permitted by the access permission / prohibition information.
  • the program authentication unit 21 is provided in the bus master identification unit 200.
  • the program authentication unit 21 may be configured as an independent function block that is not provided in the bus master identification unit 200.
  • the access permission information in the access permission information DB33 may include information on whether or not the program needs to be authenticated in order to determine that the program is accessible.
  • FIG. 9 is a configuration diagram of a multiprocessor system according to a fifth embodiment of the present invention.
  • program authentication is performed in the same manner as in the fourth embodiment, and access permission / inhibition determination for the access permission information shown in the third embodiment is performed.
  • the first bus master 10a of the multiprocessor system according to the fifth embodiment has a dedicated instruction for accessing the access permission information as in the third embodiment.
  • the access permission information in the access permission information DB 33 includes restriction information on whether or not the access to the access permission information is permitted for each bus master.
  • the bus master identification unit 200 has a program authentication unit 21 as in the fourth embodiment.
  • Other configurations of the fifth embodiment are the same as those of the first embodiment.
  • the first bus master 10a When accessing the access permission information, the first bus master 10a outputs an access request based on a dedicated instruction to the bus master identification unit 200.
  • the bus master identifying unit 200 issues an access request and identifies a bus master.
  • the program authentication unit 21 in the bus master identification unit 200 determines whether the program executed by the bus master 10 is legitimate or not. Authentication is performed, and the authentication result is output to the access permission determination unit 31.
  • the access permission / non-permission determining unit 31 receives the authentication result, the identification result, and the access request.
  • the access permission / non-permission determining unit 31 determines whether to permit the access request based on the access permission / prohibition information in the access permission / prohibition information DB 33, and permits or prohibits the access request from the bus master 10 based on the authentication result. I do. As described above, even when an access request is made by decoding a dedicated instruction such as a read instruction or a write instruction, security can be further enhanced by using program authentication together. Note that here, an example in which a dedicated instruction for accessing the access permission information is provided is shown.
  • the access permission information DB may be a register to which an address is assigned, that is, the access permission information is obtained by accessing the address. You can access to,.
  • FIG. 10 is a configuration diagram of a multiprocessor system according to the sixth embodiment of the present invention.
  • a multiprocessor system 1000 having an access control unit according to the sixth embodiment has a first bus master identification unit 200a and a second bus master identification unit 200b.
  • the bus master 150 including the second bus master 10b and the third bus master 10c is connected to the first bus master identification unit 200a, and the first bus master 10a is connected to the second bus master identification unit 200b.
  • Other configurations are the same as those of the first embodiment.
  • An access request from the second bus master 10b and the third bus master 10c is output to the first bus master identification unit 200a, and an access request from the first bus master 10a is output to the second bus master identification unit 20 Ob.
  • the first bus master identification unit 200a identifies whether the request is an access request from the second bus master 10b or an access request from the third bus master 10c. In the case of an access request from both the second bus master 10b and the third bus master 10c, it is determined which of the bus masters receives the access request, for example, according to the priority of receiving the access request. Further, first bus master identification section 200a outputs the identification result to second bus master identification section 200b.
  • the second bus master identification unit 200b accepts an access request from the first bus master 10a and determines whether to accept the access request of the first bus master 10a by the ability to accept the access request of the bus master identified by the first bus master identification unit 200a. .
  • the plurality of nosmaster identification units can be provided as appropriate in consideration of the number of bus masters, the number of wirings, and the wiring length.
  • FIG. 11 is a configuration diagram of a multiprocessor system according to a seventh embodiment of the present invention.
  • the multiprocessor system 1000 includes a system LSI 600 and a shared bus slave 500.
  • the system LSI 600 is formed such that the multiprocessor 100, the bus master identification unit 200, the access control unit 300, and the IF (InterFace) unit 400 are included on one chip.
  • the shared bus slave 500 is a shared area external to the system LSI 600, and is configured by an external shared memory such as a DRAM and an SRAM (Static Random Access Memory).
  • the internal configuration of each unit of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the IF (interFace) unit 400, and the shared bus slave 500 is the same as in the first embodiment.
  • the degree of freedom can be increased, such as changing the capacity of the shared area after designing the system LSI.
  • a bus encryption unit 450 for encrypting / decrypting access data such as addresses, write data, and read data exchanged between the system LSI 600 and the shared bus slave 500 connected to the outside is provided. It is preferable to have. By providing the bus encryption unit 450, it is possible to prevent the access to the dedicated area of each bus master 10 in the shared bus slave 500 from being analyzed.
  • the system LSI 610 may be configured to include the shared bus slave 500 in the chip.
  • the shared bus slave 500 By including the shared bus slave 500 in one chip, the confidentiality of access from the no master 10 to the shared bus slave can be improved.
  • FIG. 13 is a configuration diagram of a multiprocessor system according to an eighth embodiment of the present invention.
  • the multiprocessor system 1000 includes a system LSI 620, a first shared bus slave 500a, and a second shared bus slave 500b.
  • the system LSI 620 includes a multiprocessor 100, a bus master identification unit 200, an access control unit 300, a first IF unit 400a and a second IF unit 400b. It is formed so as to be included on one chip.
  • the first shared bus slave 500a and the second shared bus slave 500b are connected to the first IF unit 400a and the second IF unit 400b, and are shared by a plurality of bus masters 10 in the system LSI 620.
  • a first access permission / non-permission judgment unit 31a corresponding to the first shared bus slave 500a and a second access permission / non-permission judgment unit 3lb corresponding to the second shared bus slave 500b are provided.
  • the first IF section 400a and the second IF section 400b are respectively provided between the first shared bus slave 500a and the first access permission / non-permission judgment section 31a, and between the second shared bus slave 500b and the second access permission / non-permission judgment section 31b.
  • the first access availability determination unit 31a and the second access availability determination unit 31b have the same configuration as the access availability determination unit 31 of the first embodiment.
  • the first IF section 400a and the second IF section 400b have the same configuration as the IF section 400 of the first embodiment.
  • Other multiprocessor 100 and bus master identification unit 200 access availability information DB33 has the same configuration as that of the first embodiment.
  • the system LSI 630 may be configured to include the second shared bus slave 500b in the chip, and the first shared bus slave 500a may be connected to the system LSI 630. Therefore, the secrecy of access from the bus master 10 to the second shared bus slave 500b can be improved. As described above, it is possible to obtain a multiprocessor system capable of restricting access while having various modes such as incorporating or externally attaching the first shared bus slave 500a and the second shared bus slave 500b inside the system LSI. . When a shared bus slave is externally attached, the degree of freedom can be increased, for example, by changing the capacity of the shared area.
  • FIG. 15 is a configuration diagram of a multiprocessor system according to the ninth embodiment of the present invention.
  • the multiprocessor system 1000 is a data processing system that processes a large amount of data such as a facsimile machine, and includes a system LSI 640, a peripheral circuit unit 900 such as a scanner and a printer, and a memory unit 950 such as a DRAM and an SRAM.
  • the system LSI 640 is connected to the peripheral circuit unit 900 and the memory unit 950, and is included on a single chip of the multiprocessor 100, the bus master identification unit 200, the access control unit 300, the DMA control unit 700, and the memory scheduler 800. It is formed as follows.
  • the ninth embodiment In the multiprocessor system 1000, in order to improve the data processing efficiency, data is directly transferred between the peripheral circuit unit 900 and the memory 950 without passing through the multi-processor 100.
  • the configurations and operations of the DMA control unit 700 and the memory scheduler 800 will be described.
  • the DMA control section 700 includes a host IF section 400, a shared bus slave 500, and a peripheral circuit IF section 750.
  • the shared bus slave 500 is shared by a plurality of bus masters 10 constituting the multiprocessor 100.
  • the shared bus slave 500 has a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes. It is.
  • the peripheral circuit IF section 750 of the DMA control section 700 is connected to the memory scheduler 800 and the peripheral circuit section 900. Further, the memory scheduler 800 is connected to a memory 950 outside the system LSI 640, and generates commands for accessing the memory.
  • peripheral circuit unit 900 such as a scanner or a printer
  • data input from the peripheral circuit unit 900 is transferred to the memory via the peripheral circuit IF unit 750 and the memory scheduler 800 based on the DMA control information in the shared bus slave 500. Transferred to 950.
  • the bus master identification unit 200 identifies the bus master 10 that has issued the access request.
  • the access permission / inhibition determination unit 31 determines access permission / inhibition based on the access permission / inhibition information in the access permission / inhibition information DB 33.
  • access to the shared bus slave 500 is performed via the host IF unit 400. In this way, by restricting access to the shared bus slave 500, which is a DMA control register, it is possible to prevent unauthorized access to DMA control information.
  • a dedicated area for the bus master can be secured in the shared bus slave 500 that is the DMA control register. Therefore, for example, unauthorized reading due to rewriting of DMA control information for reading and decrypting encrypted data from the peripheral circuit unit 900 can be prevented.
  • the power in the example in which the shared bus slave 500 is the DMA control register is not limited thereto.
  • accumulator, stack register, program counter, split And various control registers such as an embedded register and a flag register.
  • 100 including a plurality of bus masters is referred to as a multiprocessor.
  • a multimaster may be used.
  • FIGS. 16 to 18 are configuration diagrams of a multiprocessor system according to the tenth embodiment of the present invention.
  • the multiprocessor system 2000 is a data processing system that processes a large amount of data, and includes a system LSI 740, a peripheral circuit unit 900, and an external shared bus slave 500.
  • the system LSI 740 is connected to the peripheral circuit unit 900 and the shared bus slave 500, and is formed so that the multiprocessor 100, the DMA controller 700, and the memory scheduler 800 are included on one chip. .
  • the DMA controller 700 directly controls data transfer between the peripheral circuit unit 900 and the shared bus slave 500 without passing through the multiprocessor 100 in order to improve data processing efficiency. Further, the memory scheduler 800 is connected to the shared bus slave 500 outside the system LSI 740, and generates commands for accessing the shared bus slave 500.
  • the multiprocessor 100 is composed of a plurality of bus masters 10 (bus masters 10a, 10b ′...), And the shared bus slave 500 is shared by the plurality of bus masters 10.
  • each bus master is assigned a dedicated first bus master dedicated area 50a, a second bus master dedicated area 50b, a third bus master dedicated area 50c, and a shared area 51 shared by each bus master 10. including.
  • each bus master 10 can access the shared bus slave 500 via the memory scheduler 800 or the DMA controller 700.
  • the DMA controller 700 has a bus master identification unit 200a and an access control unit 300a
  • both the DMA controller 700 and the memory scheduler 800 have a bus master identification unit and an access control unit
  • the memory scheduler 800 has a bus master identification unit 200b and an access control unit 300b.
  • the DMA controller 700 includes a no-master identification unit 200a, an access control unit 300a, a host IF (InterFace) unit 400a, a control register 550, and a peripheral circuit IF unit 750.
  • the bus master identification unit 200a identifies which bus master 10 is the access request. Then, the access request and the identification result are output to the access control unit 300a.
  • the access control unit 300a includes an access permission / inhibition determination unit 3la and an access permission / inhibition information DB 33a.
  • Access permission / non-permission information The DB 33a stores, for each bus master 10, access permission / non-permission information indicating whether or not access to the shared bus slave 500 is possible. For example, information that allows the first bus master 10a to access the first bus master dedicated area 50a, information that enables the second bus master 10b to access the second bus master dedicated area 50b, and information that allows the third bus master 10c to access the bus master dedicated area 50c. Access permission information including information for enabling access is stored.
  • the access permission / inhibition determination unit 31a performs access permission / inhibition determination by comparing the access request and the identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33a.
  • the access propriety judging section 31 outputs the judgment result to the host IF section 400a.
  • the control register 550 is a DMA control register that stores information (hereinafter, DMA control information) necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes.
  • DMA control information information necessary for performing direct data transfer, such as a transfer mode, a transfer destination or transfer source address, and the number of transfer bytes.
  • the peripheral circuit IF section 750 is connected to the memory scheduler 800 and the peripheral circuit section 900.
  • the bus master identification unit 200a identifies the bus master 10 that has made the access request.
  • the access permission / non-permission determination unit 31a determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33a.
  • the control register 550 is accessed through the host IF unit 400a.
  • the path IF unit 750 transfers an access request from each bus master to the memory scheduler 800 based on the DMA control information in the control register.
  • the memory scheduler 800 accesses the shared bus slave 500 based on the access request.
  • the memory scheduler 800 also acquires the access result from the dedicated area or the shared area for each bus master.
  • the memory scheduler 800 transmits the access result to the peripheral circuit IF unit 750.
  • the peripheral circuit IF unit 750 transmits the access result to each bus master 10.
  • each bus master 10 accesses the shared bus slave 500 via the DMA controller 700
  • only the bus master permitted by the access permission / non-permission judging unit 3 la determines whether the shared bus slave 500 Can access the area. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and illegal access by a bus master other than the specific bus master is prohibited, thereby improving security.
  • information on access permission to the peripheral circuit unit 900 such as an external I / O and an external port may be stored in the access permission information DB 33a for each bus master 10.
  • each bus master 10 accesses the peripheral circuit section 900 via the DMA controller 700, only the bus master 10 to which access is permitted by the bus master identification section 200a and the access permission / non-permission determination section 31a is in the vicinity of a predetermined area to which access is permitted.
  • the circuit section 900 becomes accessible. Therefore, security can be further improved.
  • bus master 10 shares the shared bus slave 500, it is not necessary to separately provide a dedicated bus slave for each specific bus master 10. Therefore, it is possible to reduce the cost of providing bus wiring and terminals for connecting a separate bus slave and the bus master 10.
  • the memory scheduler 800 further includes a bus master identification unit 200b and an access control unit 30.
  • the memory scheduler 800 includes a no-master identification unit 200b, an access control unit 300b, and an IF (Inter
  • the bus master identification unit 200b When an access request from the master 10 to the shared bus slave 500 is received, it is identified which bus master 10 is the access request. Then, it outputs the access request and the identification result to the access control unit 300b.
  • the access control unit 300b has an access permission / inhibition determination unit 3lb and an access permission / inhibition information DB 33b.
  • Access permission information DB33b stores access permission information indicating whether access to the shared bus slave 500 is possible or not for each bus master 10.
  • the access permission / inhibition determination unit 31b performs access permission / inhibition determination by comparing the access request and identification result input from the bus master identification unit 200a with the access permission / inhibition information in the access permission / inhibition information DB 33b.
  • Access availability determination section 31b outputs the determination result to IF section 470.
  • the bus master identification unit 200b identifies the bus master 10 that has made the access request.
  • the access permission / non-permission determining unit 31b determines access permission / prohibition based on the access permission / prohibition information in the access permission / prohibition information DB 33b.
  • the access to the permitted area of the shared bus slave 500 is performed via the IF unit 470.
  • the IF unit 470 transmits the access result obtained from the shared bus slave 500 to each bus master 10.
  • FIG. 18 only the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b.
  • the configuration of the memory scheduler 800 is the same as that of FIG.
  • the DMA controller 700 has a host IF unit 400a that receives an access request from each bus master 10, a control register 550, and a peripheral circuit IF unit 750, and does not include the bus master identification unit 200a and the access control unit 30Oa.
  • the access request from each bus master 10 to the shared bus slave 500 is made via the DMA controller 700 and the memory scheduler 800, and the request is made directly via the memory scheduler 800. That is, an access request to the shared bus slave 500 is always made via the memory scheduler 800.
  • the memory scheduler 800 is provided with the bus master identification unit 200b and the access control unit 300b, only the bus masters permitted by them can access the predetermined area of the shared bus slave 500. Therefore, a dedicated area for a specific bus master is secured on the shared bus slave, and unauthorized access by a bus master other than the specific bus master is prohibited, thereby improving security.
  • a dedicated area for each bus master may be provided in the control register 550 as in the ninth embodiment.
  • FIG. 19 shows a configuration in which the control register 550 in FIG. 17 is a control register shared by each bus master.
  • Access permission information DB33a stores, for each bus master, access permission information indicating whether or not the dedicated area can be accessed. For example, access permission / non-permission information including information for enabling the first bus master 10a to access the first bus master dedicated area 550a and information for enabling the second bus master 10b to access the second bus master dedicated area 550b are stored.
  • the bus master identification unit 200a and the access availability determination unit 31a control access to the control register 550 based on the access availability information DB 33a.
  • the present invention can be used for improving the security of a multiprocessor system.

Abstract

Il est possible d'améliorer la sécurité dans un système à multiprocesseurs tout en diminuant le coût. Il est fourni un dispositif de contrôle d'accès jugeant si un accès est permis à au moins un des bus partagés asservis par une pluralité de bus principaux à partir des bus principaux. Le dispositif de contrôle d'accès inclut : une unité de stockage d'information d'accès habilité/non-habilité pour stocker une information d'accès habilité/non habilité interdisant l'accès à une zone prédéterminée du bus partagé asservi à partir des bus principaux ; et une unité de jugement d'accès habilité/non habilité utilisée quand un bus principal effectue une requête pour accéder à une zone voulue du bus asservi partagé, pour juger si le bus principal peut accéder à la zone du bus partagé asservi de la destination de requête d'accès selon l'information d'accès habilité/non habilité dans l'unité de stockage d'information d'accès habilité/non habilité.
PCT/JP2005/009512 2004-06-14 2005-05-25 Dispositif de contrôle d'accès et procédé de contrôle d'accès WO2005121979A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004-175207 2004-06-14
JP2004175207A JP2007264679A (ja) 2004-06-14 2004-06-14 アクセス制御装置及びアクセス制御方法

Publications (1)

Publication Number Publication Date
WO2005121979A1 true WO2005121979A1 (fr) 2005-12-22

Family

ID=35503254

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/009512 WO2005121979A1 (fr) 2004-06-14 2005-05-25 Dispositif de contrôle d'accès et procédé de contrôle d'accès

Country Status (2)

Country Link
JP (1) JP2007264679A (fr)
WO (1) WO2005121979A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007132741A1 (fr) * 2006-05-11 2007-11-22 Panasonic Corporation Dispositif de commande dma
JP2009523280A (ja) * 2006-01-13 2009-06-18 フリースケール セミコンダクター インコーポレイテッド プロテクションシステム及びその動作方法
US7793083B2 (en) 2004-11-26 2010-09-07 Panasonic Corporation Processor and system for selectively disabling secure data on a switch
CN114968881A (zh) * 2021-02-25 2022-08-30 精工爱普生株式会社 电路装置和电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS59121561A (ja) * 1982-12-28 1984-07-13 Fuji Facom Corp マルチプロセサシステムにおける共有資源アクセス保護方式
JPS59191198A (ja) * 1983-04-14 1984-10-30 Hitachi Ltd メモリ保護装置
JPH03212749A (ja) * 1990-01-17 1991-09-18 Fuji Xerox Co Ltd マルチプロセッサシステム
JP2000353128A (ja) * 1999-04-29 2000-12-19 Internatl Business Mach Corp <Ibm> メモリへのアクセスを選択的に制限するシステム及び方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS59121561A (ja) * 1982-12-28 1984-07-13 Fuji Facom Corp マルチプロセサシステムにおける共有資源アクセス保護方式
JPS59191198A (ja) * 1983-04-14 1984-10-30 Hitachi Ltd メモリ保護装置
JPH03212749A (ja) * 1990-01-17 1991-09-18 Fuji Xerox Co Ltd マルチプロセッサシステム
JP2000353128A (ja) * 1999-04-29 2000-12-19 Internatl Business Mach Corp <Ibm> メモリへのアクセスを選択的に制限するシステム及び方法

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7793083B2 (en) 2004-11-26 2010-09-07 Panasonic Corporation Processor and system for selectively disabling secure data on a switch
JP2009523280A (ja) * 2006-01-13 2009-06-18 フリースケール セミコンダクター インコーポレイテッド プロテクションシステム及びその動作方法
US8806654B2 (en) 2006-01-13 2014-08-12 Freescale Semiconductor, Inc. Controlling the access of master elements to slave elements over a communication bus
WO2007132741A1 (fr) * 2006-05-11 2007-11-22 Panasonic Corporation Dispositif de commande dma
CN114968881A (zh) * 2021-02-25 2022-08-30 精工爱普生株式会社 电路装置和电子设备
CN114968881B (zh) * 2021-02-25 2023-12-05 精工爱普生株式会社 电路装置和电子设备

Also Published As

Publication number Publication date
JP2007264679A (ja) 2007-10-11

Similar Documents

Publication Publication Date Title
US7444668B2 (en) Method and apparatus for determining access permission
CN109766165B (zh) 一种内存访问控制方法、装置、内存控制器及计算机系统
JP4602403B2 (ja) データ処理システムにおけるエンディアンネス制御方法および装置
US7010684B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US7139915B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
KR100629069B1 (ko) 데이터 액세스 방법, 데이터 액세스 시스템 및 컴퓨터 판독 가능 기록 매체
US7434264B2 (en) Data processing system with peripheral access protection and method therefor
US7277972B2 (en) Data processing system with peripheral access protection and method therefor
US8060925B2 (en) Processor, memory, computer system, and method of authentication
JP4945053B2 (ja) 半導体装置、バスインターフェース装置、およびコンピュータシステム
JP2000347942A (ja) 情報処理装置
JPH09259045A (ja) メモリカードのセキュリティシステム装置及びそのメモリカード
TW201411405A (zh) 保護多安全cpu之計算系統及其方法
JP4591163B2 (ja) バスアクセス制御装置
WO2005121979A1 (fr) Dispositif de contrôle d&#39;accès et procédé de contrôle d&#39;accès
JP2007310601A (ja) マイクロコンピュータおよびそのソフトウェア保護方法
JP2007109053A (ja) バスアクセス制御装置
US20080028226A1 (en) System-on-a-chip and method for securely transferring data on a system-on-a-chip
WO2007020758A1 (fr) Lsi pour carte ci
CN117993030A (zh) 存储器的管理方法、芯片、电子设备和可读存储介质
JP5324676B2 (ja) プロセッサ、バスインターフェース装置、およびコンピュータシステム
JP5380392B2 (ja) 半導体装置、バスインターフェース装置、およびコンピュータシステム
CN115905108A (zh) 一种用于risc-v芯片的iopmp架构实现方法
CN116361841A (zh) 访问认证方法、系统、终端设备、服务器和存储介质
CN114041133A (zh) 一种集成芯片及数据处理方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP