SECURE PROTECTION METHOD AND PROCESSOR

US 20150020211A1
Filed: 07/09/2013
Published: 01/15/2015
Est. Priority Date: 07/09/2013
Status: Active Grant

First Claim

Patent Images

1. A secure protection method, executed by a processor, comprising:

performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor; and

ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure protection method executed by a processor is provided. The secure protection method includes the following steps. Perform a security checking before or after executing an instruction according to an instruction security attribute (ISA) of the instruction and a security attribute (SA) of an operational event (OE). Ignore the OE, defer the OE, or raise a security exception when the security checking fails. The OE is generated as a side effect when the processor fetches or executes the instruction, or generated as a monitoring result on the instruction, or generated in response to an external input of the processor.

Citations

30 Claims

1. A secure protection method, executed by a processor, comprising:
- performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor; and
  
  ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The secure protection method of claim 1, further comprising:
    - performing at least one of a second security checking, a third security checking, and a fourth security checking, whereinthe second security checking is based on the ISA of the first instruction and an SA of an operation resource accessed by the first instruction,the third security checking is performed when the first instruction is a security service instruction and the third security checking is based on the ISA and a code SA of the first instruction,the fourth security checking is based on the ISA of the first instruction and an ISA of a second instruction, wherein the processor fetches the second instruction immediately after the processor fetches the first instruction; and
      
      raising the security exception when any one of the second security checking, the third security checking, and the fourth security checking fails.
  - 3. The secure protection method of claim 2, whereinthe first security checking fails when the ISA of the first instruction is more secure than the SA of the OE,the second security checking fails when the ISA of the first instruction is less secure than the SA of the operation resource or when the ISA of the first instruction is no less secure than the SA of the operation resource and a group identification (group ID) associated with the ISA of the first instruction is different from a group ID associated with the SA of the operation resource,the third security checking fails when the ISA of the first instruction is less secure than the code SA of the first instruction,the fourth security checking fails when the ISA of the first instruction is less secure than the ISA of the second instruction or when the ISA of the first instruction is no less secure than the ISA of the second instruction and the group ID associated with the ISA of the first instruction is different from a group ID associated with the ISA of the second instruction.
  - 4. The secure protection method of claim 2, wherein the operation resource is a data addressed in a load/store address space (LSAS) mapped to an internal storage or an external interface of the processor that the first instruction reads data from or writes data to, a register of the processor, or one of a plurality of security lookup entries (SLEs) stored or accessed by the processor, wherein each said SLE records a region of the LSAS or an instruction fetch address space (IFAS) from which the processor fetches the first instruction and the second instruction and each said SLE further records an SA associated with the region.
  - 5. The secure protection method of claim 4, further comprising:
    - obtaining the ISA of the first instruction from one of the SLEs whose region covers a fetch address of the first instruction;
      
      obtaining the ISA of the second instruction from one of the SLEs whose region covers a fetch address of the second instruction; and
      
      obtaining the SA of the data addressed in the LSAS from one of the SLEs whose region covers an address of the data.
  - 6. The secure protection method of claim 4, wherein instructions fetched by the processor in a host debugging mode are tagged with the SA of a special one the SLEs and the special SLE is solely dedicated to the host debugging mode.
  - 7. The secure protection method of claim 2, wherein the processor stores or accesses a plurality of SLEs, each said SLE comprises an SA and each said SLE is associated with an index, and the secure protection method further comprises:
    - obtaining the SA of the OE from one of the SLEs whose index matches an index of the OE;
      
      obtaining the SA of the operation resource from one of the SLEs whose index matches an index of the operation resource; and
      
      obtaining the code SA of the first instruction from one of the SLEs whose index matches an index of the first instruction, wherein the index of the first instruction is derived from at least one of an instruction code of the first instruction, an operand of the first instruction, and a group ID associated with the ISA of the first instruction.
  - 8. The secure protection method of claim 1, further comprising:
    - resetting the processor, halting the processor, or trapping the processor to handle the security exception in response to the security exception.

9. A processor, comprising:
- an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS);
  
  an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction;
  
  an operational event (OE) generator, coupled to the instruction fetch unit and the instruction operation unit, generating an OE as a side effect when the instruction fetch unit fetches the first instruction or when the instruction operation unit executes the first instruction, or as a monitoring result on the first instruction, or in response to an external input of the processor; and
  
  a security checking unit, coupled to the instruction fetch unit, the instruction operation unit, and the operational event generator, performing a first security checking before or after the instruction operation unit executes the first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of the OE, wherein the OE generator ignores the OE, defers the OE, or raises a security exception when the first security checking fails.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The processor of claim 9, further comprising:
    - an instruction fetch address generator, coupled to the instruction fetch unit, generating fetch addresses of the first instruction and a second instruction, wherein the instruction fetch unit fetches the second instruction immediately after the instruction fetch unit fetches the first instruction; and
      
      an operation resource address generator, coupled to the instruction fetch unit and the instruction operation unit, generating a data address or an index associated with an operation resource accessed by the first instruction, wherein the security checking unit further performs a second security checking, a third security checking, and/or a fourth security checking, whereinthe second security checking is based on the ISA of the first instruction and a security attribute (SA) of the operation resource, wherein the SA of the operation resource is obtained according to the data address or the index,the third security checking is performed when the first instruction is a security service instruction and the third security checking is based on the ISA and a code SA of the first instruction,the fourth security checking is based on the ISA of the first instruction and an ISA of the second instruction,the security checking unit raises the security exception when either of the second security checking, the third security checking, or the fourth security checking fails.
  - 11. The processor of claim 10, whereinthe first security checking fails when the ISA of the first instruction is more secure than the SA of the OE,the second security checking fails when the ISA of the first instruction is less secure than the SA of the operation resource or when the ISA of the first instruction is no less secure than the SA of the operation resource and a group identification (group ID) associated with the ISA of the first instruction is different from a group ID associated with the SA of the operation resource,the third security checking fails when the ISA of the first instruction is less secure than the code SA of the first instruction,the fourth security checking fails when the ISA of the first instruction is less secure than the ISA of the second instruction or when the ISA of the first instruction is no less secure than the ISA of the second instruction and the group ID associated with the ISA of the first instruction is different from a group ID associated with the ISA of the second instruction.
  - 12. The processor of claim 10, wherein the operation resource is a data addressed in a load/store address space (LSAS) mapped to an internal storage or an external interface of the processor that the first instruction reads data from or writes data to, a register of the processor, or one of a plurality of security lookup entries (SLEs), and the processor further comprises:
    - an SLE unit, coupled to the instruction fetch address generator, the instruction fetch unit, the operation resource address generator, the OE generator, and the security checking unit, providing the plurality of SLEs, wherein each said SLE records a region of the LSAS or the IFAS from which the processor fetches the first instruction and the second instruction and each said SLE further records an SA associated with the region.
  - 13. The processor of claim 12, wherein the instruction fetch unit obtains the ISA of the first instruction from one of the SLEs whose region covers the fetch address of the first instruction, the instruction fetch unit obtains the ISA of the second instruction from one of the SLEs whose region covers the fetch address of the second instruction, and the security checking unit obtains the SA of the data addressed in the LSAS from one of the SLEs whose region covers an address of the data.
  - 14. The processor of claim 12, wherein instructions fetched by the instruction fetch unit in a host debugging mode are tagged with the SA of a special one of the SLEs and the special SLE is solely dedicated to the host debugging mode.
  - 15. The processor of claim 10, further comprising:
    - an SLE unit, coupled to the instruction fetch address generator, the instruction fetch unit, the operation resource address generator, the OE generator, and the security checking unit, providing a plurality of SLEs, wherein each said SLE comprises an SA and each said SLE is associated with an index, wherein the security checking unit obtains the SA of the OE from one of the SLEs whose index matches an index of the OE, obtains the SA of the operation resource from one of the SLEs whose index matches an index of the operation resource, and obtains the code SA of the first instruction from one of the SLEs whose index matches an index of the first instruction, wherein the index of the first instruction is derived from at least one of an instruction code of the first instruction, an operand of the first instruction, and a group ID associated with the ISA of the first instruction.
  - 16. The processor of claim 9, further comprising:
    - a security exception unit, coupled to the security checking unit, resetting the processor, halting the processor, or trapping the processor to handle the security exception in response to the security exception.

17. A secure protection method, executed by a processor, comprising:
- performing a first security checking based on an instruction security attribute (ISA) and a code security attribute (SA) of a first instruction when the first instruction is a security service instruction; and
  
  raising a security exception when the first security checking fails.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The secure protection method of claim 17, further comprising:
    - performing at least one of a second security checking and a third security checking, whereinthe second security checking is based on the ISA of the first instruction and an SA of an operation resource accessed by the first instruction,the third security checking is based on the ISA of the first instruction and an ISA of a second instruction, wherein the processor fetches the second instruction immediately after the processor fetches the first instruction; and
      
      raising the security exception when any one of the second security checking and the third security checking fails.
  - 19. The secure protection method of claim 18, whereinthe first security checking fails when the ISA of the first instruction is less secure than the code SA of the first instruction,the second security checking fails when the ISA of the first instruction is less secure than the SA of the operation resource or when the ISA of the first instruction is no less secure than the SA of the operation resource and a group identification (group ID) associated with the ISA of the first instruction is different from a group ID associated with the SA of the operation resource,the third security checking fails when the ISA of the first instruction is less secure than the ISA of the second instruction or when the ISA of the first instruction is no less secure than the ISA of the second instruction and the group ID associated with the ISA of the first instruction is different from a group ID associated with the ISA of the second instruction.
  - 20. The secure protection method of claim 18, wherein the operation resource is a data addressed in a load/store address space (LSAS) mapped to an internal storage or an external interface of the processor that the first instruction reads data from or writes data to, a register of the processor, or one of a plurality of security lookup entries (SLEs) stored or accessed by the processor, wherein each said SLE records a region of the LSAS or an instruction fetch address space (IFAS) from which the processor fetches the first instruction and the second instruction and each said SLE further records an SA associated with the region.
  - 21. The secure protection method of claim 20, further comprising:
    - obtaining the ISA of the first instruction from one of the SLEs whose region covers a fetch address of the first instruction;
      
      obtaining the ISA of the second instruction from one of the SLEs whose region covers a fetch address of the second instruction; and
      
      obtaining the SA of the data addressed in the LSAS from one of the SLEs whose region covers an address of the data.
  - 22. The secure protection method of claim 18, wherein the processor stores or accesses a plurality of SLEs, each said SLE comprises an SA and each said SLE is associated with an index, and the secure protection method further comprises:
    - obtaining the SA of the operation resource from one of the SLEs whose index matches an index of the operation resource; and
      
      obtaining the code SA of the first instruction from one of the SLEs whose index matches an index of the first instruction, wherein the index of the first instruction is derived from at least one of an instruction code of the first instruction, an operand of the first instruction, and a group ID associated with the ISA of the first instruction.

23. A processor, comprising:
- an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS);
  
  an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction;
  
  a security checking unit, coupled to the instruction fetch unit and the instruction operation unit, performing a first security checking based on an instruction security attribute (ISA) and a code security attribute (SA) of the first instruction when the first instruction is a security service instruction, raising a security exception when the first security checking fails.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The processor of claim 23, further comprising:
    - an instruction fetch address generator, coupled to the instruction fetch unit, generating fetch addresses of the first instruction and a second instruction, wherein the instruction fetch unit fetches the second instruction immediately after the instruction fetch unit fetches the first instruction; and
      
      an operation resource address generator, coupled to the instruction fetch unit and the instruction operation unit, generating a data address or an index associated with an operation resource accessed by the first instruction, wherein the security checking unit further performs a second security checking and/or a third security checking, whereinthe second security checking is based on the ISA of the first instruction and an SA of the operation resource, wherein the SA of the operation resource is obtained according to the data address or the index,the third security checking is based on the ISA of the first instruction and an ISA of the second instruction,the security checking unit raises the security exception when the second security checking or the third security checking fails.
  - 25. The processor of claim 24, whereinthe first security checking fails when the ISA of the first instruction is less secure than the code SA of the first instruction,the second security checking fails when the ISA of the first instruction is less secure than the SA of the operation resource or when the ISA of the first instruction is no less secure than the SA of the operation resource and a group identification (group ID) associated with the ISA of the first instruction is different from a group ID associated with the SA of the operation resource,the third security checking fails when the ISA of the first instruction is less secure than the ISA of the second instruction or when the ISA of the first instruction is no less secure than the ISA of the second instruction and the group ID associated with the ISA of the first instruction is different from a group ID associated with the ISA of the second instruction.
  - 26. The processor of claim 24, wherein the operation resource is a data addressed in a load/store address space (LSAS) mapped to an internal storage or an external interface of the processor that the first instruction reads data from or writes data to, a register of the processor, or one of a plurality of security lookup entries (SLEs), and the processor further comprises:
    - an SLE unit, coupled to the instruction fetch address generator, the instruction fetch unit, the operation resource address generator, and the security checking unit, providing the plurality of SLEs, wherein each said SLE records a region of the LSAS or the IFAS from which the processor fetches the first instruction and the second instruction and each said SLE further records an SA associated with the region.
  - 27. The processor of claim 26, wherein the instruction fetch unit obtains the ISA of the first instruction from one of the SLEs whose region covers the fetch address of the first instruction, the instruction fetch unit obtains the ISA of the second instruction from one of the SLEs whose region covers the fetch address of the second instruction, and the security checking unit obtains the SA of the data addressed in the LSAS from one of the SLEs whose region covers an address of the data.
  - 28. The processor of claim 24, further comprising:
    - an SLE unit, coupled to the instruction fetch address generator, the instruction fetch unit, the operation resource address generator, and the security checking unit, providing a plurality of SLEs, wherein each said SLE comprises an SA and each said SLE is associated with an index, wherein the security checking unit obtains the SA of the operation resource from one of the SLEs whose index matches an index of the operation resource, and obtains the code SA of the first instruction from one of the SLEs whose index matches an index of the first instruction, wherein the index of the first instruction is derived from at least one of an instruction code of the first instruction, an operand of the first instruction, and a group ID associated with the ISA of the first instruction.

29. A secure protection method, executed by a processor, comprising:
- performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor;
  
  ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails;
  
  performing a second security checking based on the ISA and a code SA of the first instruction when the first instruction is a security service instruction; and
  
  raising the security exception when the second security checking fails.

30. A processor, comprising:
- an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS);
  
  an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction;
  
  an operational event (OE) generator, coupled to the instruction fetch unit and the instruction operation unit, generating an OE as a side effect when the instruction fetch unit fetches the first instruction or when the instruction operation unit executes the first instruction, or as a monitoring result on the first instruction, or in response to an external input of the processor; and
  
  a security checking unit, coupled to the instruction fetch unit, the instruction operation unit, and the operational event generator, performing a first security checking before or after the instruction operation unit executes the first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of the OE, and performing a second security checking based on the ISA and a code SA of the first instruction when the first instruction is a security service instruction, wherein the OE generator ignores the OE, defers the OE, or raises a security exception when the first security checking fails, wherein the security checking unit raises the security exception when the second security checking fails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Andes Technology Corporation
Original Assignee
Andes Technology Corporation
Inventors
Lai, Chi-Chang, Chang, Chuan-Hua

Granted Patent

US 10,061,940 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 12/1441   for a range

G06F 12/1491   in a hierarchical protectio...

G06F 21/52   during program execution, e...

G06F 21/60   Protecting data

G06F 21/71   to assure secure computing ...

G06F 9/3861   Recovery, e.g. branch miss-...

SECURE PROTECTION METHOD AND PROCESSOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PROTECTION METHOD AND PROCESSOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links