SECURE PROTECTION METHOD AND PROCESSOR
First Claim
1. A secure protection method, executed by a processor, comprising:
- performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor; and
ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure protection method executed by a processor is provided. The secure protection method includes the following steps. Perform a security checking before or after executing an instruction according to an instruction security attribute (ISA) of the instruction and a security attribute (SA) of an operational event (OE). Ignore the OE, defer the OE, or raise a security exception when the security checking fails. The OE is generated as a side effect when the processor fetches or executes the instruction, or generated as a monitoring result on the instruction, or generated in response to an external input of the processor.
-
Citations
30 Claims
-
1. A secure protection method, executed by a processor, comprising:
-
performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor; and ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A processor, comprising:
-
an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS); an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction; an operational event (OE) generator, coupled to the instruction fetch unit and the instruction operation unit, generating an OE as a side effect when the instruction fetch unit fetches the first instruction or when the instruction operation unit executes the first instruction, or as a monitoring result on the first instruction, or in response to an external input of the processor; and a security checking unit, coupled to the instruction fetch unit, the instruction operation unit, and the operational event generator, performing a first security checking before or after the instruction operation unit executes the first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of the OE, wherein the OE generator ignores the OE, defers the OE, or raises a security exception when the first security checking fails. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A secure protection method, executed by a processor, comprising:
-
performing a first security checking based on an instruction security attribute (ISA) and a code security attribute (SA) of a first instruction when the first instruction is a security service instruction; and raising a security exception when the first security checking fails. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A processor, comprising:
-
an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS); an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction; a security checking unit, coupled to the instruction fetch unit and the instruction operation unit, performing a first security checking based on an instruction security attribute (ISA) and a code security attribute (SA) of the first instruction when the first instruction is a security service instruction, raising a security exception when the first security checking fails. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A secure protection method, executed by a processor, comprising:
-
performing a first security checking before or after executing a first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of an operational event (OE), wherein the OE is generated as a side effect when the processor fetches or executes the first instruction, or generated as a monitoring result on the first instruction, or generated in response to an external input of the processor; ignoring the OE, deferring the OE, or raising a security exception when the first security checking fails; performing a second security checking based on the ISA and a code SA of the first instruction when the first instruction is a security service instruction; and raising the security exception when the second security checking fails.
-
-
30. A processor, comprising:
-
an instruction fetch unit, fetching a first instruction from an instruction fetch address space (IFAS); an instruction operation unit, coupled to the instruction fetch unit, executing the first instruction; an operational event (OE) generator, coupled to the instruction fetch unit and the instruction operation unit, generating an OE as a side effect when the instruction fetch unit fetches the first instruction or when the instruction operation unit executes the first instruction, or as a monitoring result on the first instruction, or in response to an external input of the processor; and a security checking unit, coupled to the instruction fetch unit, the instruction operation unit, and the operational event generator, performing a first security checking before or after the instruction operation unit executes the first instruction according to an instruction security attribute (ISA) of the first instruction and a security attribute (SA) of the OE, and performing a second security checking based on the ISA and a code SA of the first instruction when the first instruction is a security service instruction, wherein the OE generator ignores the OE, defers the OE, or raises a security exception when the first security checking fails, wherein the security checking unit raises the security exception when the second security checking fails.
-
Specification