Data processing system and method which detect unauthorized memory accesses

US 6,049,876 A
Filed: 02/09/1998
Issued: 04/11/2000
Est. Priority Date: 02/09/1998
Status: Expired due to Term

First Claim

Patent Images

1. A data processing system which detects an unauthorized memory access, comprising:

a processing unit for communicating data and address information which is processed;

a memory coupled to the processing unit for communicating data with the processing unit in response to receiving address information from the processing unit, the memory storing data in pages, one or more of said pages each having one or more predetermined address regions which if addressed cause an exception signal to be generated;

logic circuitry coupled to the processing unit for generating the exception signal, the logic circuitry receiving the address information and in response identifying;

(1) whether the address information is addressing any of the pages having one or more predetermined address regions which cause an exception signal to be generated, and generating a first hit signal which identifies which page of the memory the address information corresponds to;

(2) whether the address information is addressing any of the one or more predetermined address regions and generating a second hit signal which identifies, if any, of the one or more predetermined address regions the address information corresponds to; and

(3) generating the exception signal in response to occurrence of both the first hit signal and the second hit signal; and

security logic coupled to the logic circuitry for affecting what action the processor takes in response to the exception signal being provided.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system (10) which detects unauthorized memory accesses has trap door logic (17) that receives memory address bus (16) signals from a processor (12). The trap door logic (12) utilizes address detection logic (50, 52) to identify page numbers utilizing high order address bits and trap regions utilizing low order address bits. The resulting page number (70-76) signals and trap region (41-44) signals are selectively combined (54) to generate an exception signal (18) which is received by security logic (19). The selective combination (54) may be programmed, or may be fixed during fabrication. In response to the exception signal (18), the security logic (19) implements a predefined security policy, which is transmitted to the processor (12) over control lines (20).

44 Citations

View as Search Results

15 Claims

1. A data processing system which detects an unauthorized memory access, comprising:
- a processing unit for communicating data and address information which is processed;
  
  a memory coupled to the processing unit for communicating data with the processing unit in response to receiving address information from the processing unit, the memory storing data in pages, one or more of said pages each having one or more predetermined address regions which if addressed cause an exception signal to be generated;
  
  logic circuitry coupled to the processing unit for generating the exception signal, the logic circuitry receiving the address information and in response identifying;
  
  (1) whether the address information is addressing any of the pages having one or more predetermined address regions which cause an exception signal to be generated, and generating a first hit signal which identifies which page of the memory the address information corresponds to;
  
  (2) whether the address information is addressing any of the one or more predetermined address regions and generating a second hit signal which identifies, if any, of the one or more predetermined address regions the address information corresponds to; and
  
  (3) generating the exception signal in response to occurrence of both the first hit signal and the second hit signal; and
  
  security logic coupled to the logic circuitry for affecting what action the processor takes in response to the exception signal being provided.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The data processing system of claim 1 wherein the security logic comprises;
    - determining whether the exception signal should be acknowledged and providing the processing unit a control signal in response thereto, the control signal being used by the processing unit in response to detecting that an unauthorized memory access occurred.
  - 3. The data processing system of claim 1 wherein each of the one or more predetermined regions has a size which is programmable by defining how many addresses for each of the one or more predetermined address regions may correspond to address information which is received.
  - 4. The data processing system of claim 1 wherein the logic circuitry further comprises content addressable memory arrays, each having predetermined stored addresses for comparison with the address information which is received and generating either the first hit signal or the second hit signal when one of the predetermined stored addresses matches the address information.
  - 5. The data processing system of claim 1 wherein the logic circuitry generates a plurality of second hit signals, each of the plurality of second hit signals corresponding to a predetermined one of one or more predetremined address regions, and the logic circuitry generates the exception signal upon detection of the first hit signal and a predetermined grouping of the plurality of second hit signals.
  - 6. The data processing system of claim 1 wherein the address information comprises a plurality of individual addresses, each of the individual addresses having a first portion which defines a page number in the memory and having a second portion which defines an offset within the page number.
  - 7. The data processing system of claim 2 wherein the processing unit provides the security logic a mode signal which indicates whether the data processing system is in a user mode or a supervisor mode of operation, the security logic acknowledging any exception signal generated by the logic circuitry when the data processing system is in the user mode, the processing unit taking action to prevent access to the memory upon receipt of the exception signal.
  - 8. The data processing system of claim 1 wherein the address information which is received corresponds to either user program code which is stored in the memory or to user data which is stored in the memory.

9. In a data processing system having a processing unit which communicates data and address with a memory, a method for restricting access to predetermined portions of the memory by a user of the data processing system, comprising the steps of:
- creating pages within the memory and for one or more of the pages, programming a plurality of predetermined address regions which have restricted user access;
  
  analyzing address information communicated from the processing unit to the memory for purposes of accessing data stored in the memory, said analyzing comprising;
  
  (a) identifying whether the address information is addressing any pages having a plurality of predetermined address regions with restricted user access and generating a first hit signal in response thereto;
  
  (b) identifying whether the address information is addressing any of the plurality of predetermined address regions which have restricted user access and generating a second hit signal in response thereto; and
  
  (c) using the first hit signal and the second hit signal to selectively provide an exception signal; and
  
  using the exception signal to determine if the exception signal is further qualified, and if the exception signal is not further qualified, denying use of the memory.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 wherein the step of creating pages within the memory in which for one or more of the pages the plurality of predetermined address regions having restricted user access is programmed, further comprises the step of:
    - programming a differing number of predetermined address regions for at least two different pages.
  - 11. The method of claim 9 further comprising the step of using the exception signal to determine if the exception signal is further qualified by using a user/supervisor mode signal provided by the processing unit and, in response to detecting that a supervisor mode exists, disqualifying the exception signal to permit access to the one of the plurality of predetermined address regions with restricted user access which is being addressed.
  - 12. The method of claim 9 further comprising the step of:
    - using one of a programmable logic array, a Read Only Memory (ROM), a decoding logic circuit or combinatorial logic to provide the exception signal.
  - 13. The method of claim 9 further comprising the step of:
    - implementing the memory as one of a Flash memory, a Dynamic Random Access Memory (DRAM) or a Read Only Memory (ROM).

14. A data processor with a memory access control feature, comprising:
- a processor which processes data and address information;
  
  memory access circuitry coupled to the processor for receiving the address information, the memory access circuitry being configured to identify whether;
  
  (1) the address information is addressing any of a plurality of predetermined memory region addresses by comparing predetermined stored memory addresses with the received address information and generating a first hit signal in response to detecting a match thereof; and
  
  (2) whether the address information is addressing any of one or more of a plurality of predetermined restricted memory address sub-regions by comparing predetermined stored addresses of restricted memory regions with the received address information and generating a second hit signal in response to detecting a match thereof, the memory access circuitry using combinatorial logic to detect generation of the first hit signal and the second hit signal to provide an exception signal in response to identifying both a predetermined memory region address and a predetermined restricted memory address sub-region; and
  
  logic circuitry coupled to the memory access circuitry and the processor for affecting what action the processor takes in response to the exception signal being provided.
- View Dependent Claims (15)
- - 15. The data processor of claim 14 wherein the data processor provides a mode signal to the logic circuitry for defining whether the data processor is in a supervisor mode or a user mode, the data processor not restricting memory access when the exception signal is provided if the data processor is in the supervisor mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
North Star Innovations Inc. (Wi-LAN Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Moughanni, Claude, Moyer, William C., Aslam, Taimur
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Revak, Christopher A.

Application Number

US09/032,015
Time in Patent Office

792 Days
Field of Search

713/200, 711/100, 711/101, 711/102, 711/103, 711/104, 711/105, 711/163, 711/154
US Class Current

726/26
CPC Class Codes

G06F 12/1433 for a module or a part of a...

G06F 12/1441 for a range

Data processing system and method which detect unauthorized memory accesses

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Data processing system and method which detect unauthorized memory accesses

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others