Data processing system and method which detect unauthorized memory accesses
First Claim
1. A data processing system which detects an unauthorized memory access, comprising:
- a processing unit for communicating data and address information which is processed;
a memory coupled to the processing unit for communicating data with the processing unit in response to receiving address information from the processing unit, the memory storing data in pages, one or more of said pages each having one or more predetermined address regions which if addressed cause an exception signal to be generated;
logic circuitry coupled to the processing unit for generating the exception signal, the logic circuitry receiving the address information and in response identifying;
(1) whether the address information is addressing any of the pages having one or more predetermined address regions which cause an exception signal to be generated, and generating a first hit signal which identifies which page of the memory the address information corresponds to;
(2) whether the address information is addressing any of the one or more predetermined address regions and generating a second hit signal which identifies, if any, of the one or more predetermined address regions the address information corresponds to; and
(3) generating the exception signal in response to occurrence of both the first hit signal and the second hit signal; and
security logic coupled to the logic circuitry for affecting what action the processor takes in response to the exception signal being provided.
18 Assignments
0 Petitions
Accused Products
Abstract
A data processing system (10) which detects unauthorized memory accesses has trap door logic (17) that receives memory address bus (16) signals from a processor (12). The trap door logic (12) utilizes address detection logic (50, 52) to identify page numbers utilizing high order address bits and trap regions utilizing low order address bits. The resulting page number (70-76) signals and trap region (41-44) signals are selectively combined (54) to generate an exception signal (18) which is received by security logic (19). The selective combination (54) may be programmed, or may be fixed during fabrication. In response to the exception signal (18), the security logic (19) implements a predefined security policy, which is transmitted to the processor (12) over control lines (20).
44 Citations
15 Claims
-
1. A data processing system which detects an unauthorized memory access, comprising:
-
a processing unit for communicating data and address information which is processed; a memory coupled to the processing unit for communicating data with the processing unit in response to receiving address information from the processing unit, the memory storing data in pages, one or more of said pages each having one or more predetermined address regions which if addressed cause an exception signal to be generated; logic circuitry coupled to the processing unit for generating the exception signal, the logic circuitry receiving the address information and in response identifying;
(1) whether the address information is addressing any of the pages having one or more predetermined address regions which cause an exception signal to be generated, and generating a first hit signal which identifies which page of the memory the address information corresponds to;
(2) whether the address information is addressing any of the one or more predetermined address regions and generating a second hit signal which identifies, if any, of the one or more predetermined address regions the address information corresponds to; and
(3) generating the exception signal in response to occurrence of both the first hit signal and the second hit signal; andsecurity logic coupled to the logic circuitry for affecting what action the processor takes in response to the exception signal being provided. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a data processing system having a processing unit which communicates data and address with a memory, a method for restricting access to predetermined portions of the memory by a user of the data processing system, comprising the steps of:
-
creating pages within the memory and for one or more of the pages, programming a plurality of predetermined address regions which have restricted user access; analyzing address information communicated from the processing unit to the memory for purposes of accessing data stored in the memory, said analyzing comprising;
(a) identifying whether the address information is addressing any pages having a plurality of predetermined address regions with restricted user access and generating a first hit signal in response thereto;
(b) identifying whether the address information is addressing any of the plurality of predetermined address regions which have restricted user access and generating a second hit signal in response thereto; and
(c) using the first hit signal and the second hit signal to selectively provide an exception signal; andusing the exception signal to determine if the exception signal is further qualified, and if the exception signal is not further qualified, denying use of the memory. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A data processor with a memory access control feature, comprising:
-
a processor which processes data and address information; memory access circuitry coupled to the processor for receiving the address information, the memory access circuitry being configured to identify whether;
(1) the address information is addressing any of a plurality of predetermined memory region addresses by comparing predetermined stored memory addresses with the received address information and generating a first hit signal in response to detecting a match thereof; and
(2) whether the address information is addressing any of one or more of a plurality of predetermined restricted memory address sub-regions by comparing predetermined stored addresses of restricted memory regions with the received address information and generating a second hit signal in response to detecting a match thereof, the memory access circuitry using combinatorial logic to detect generation of the first hit signal and the second hit signal to provide an exception signal in response to identifying both a predetermined memory region address and a predetermined restricted memory address sub-region; andlogic circuitry coupled to the memory access circuitry and the processor for affecting what action the processor takes in response to the exception signal being provided. - View Dependent Claims (15)
-
Specification