Method and apparatus for enhancing computer system security
First Claim
1. A computer system comprising:
- a first processor having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said first processor on a respective plurality of control signal lines including a first control signal line being one of said respective plurality of control signal lines, said first control signal line including a first control signal;
a second processor;
a logic controller, said logic controller including apparatus for intercepting said first control signal to/from said first processor and substituting a second control signal to/from said second processor in place of said first control signal such that said logic controller captures control of said first processor, said logic controller isolates said first processor from the remainder of said computer system, and said logic controller obtains separate control over both said first processor and the remainder of said computer system; and
wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller.
3 Assignments
0 Petitions
Accused Products
Abstract
A security enhanced computer system arrangement includes a coprocessor and a multiprocessor logic controller inserted into the architecture of a conventional computer system. The coprocessor and multiprocessor logic controller is interposed between the CPU of the conventional computer system to intercept and replace control signals that are passed over certain of the critical control signal lines associated with the CPU. The multiprocessor logic controller arrangement thereby isolates the CPU of the conventional computer system from the remainder of the conventional computer system, permitting separate control over the CPU and separate control over the remainder of the computer system. By controlling the control signals that are normally passed between the CPU and the remainder of the computer system, the multiprocessor logic controller permits the coprocessor to perform highly secure operations. These secure operations, selectable by a trusted operator or built in to a cooperating operating system, verify that the computer system is a trusted computing base which can be relied upon to perform its operations properly and without compromise.
82 Citations
18 Claims
-
1. A computer system comprising:
-
a first processor having respective address signals, data signals and a plurality of control signals coupled thereto, said plurality of control signals provided to/from said first processor on a respective plurality of control signal lines including a first control signal line being one of said respective plurality of control signal lines, said first control signal line including a first control signal;
a second processor;
a logic controller, said logic controller including apparatus for intercepting said first control signal to/from said first processor and substituting a second control signal to/from said second processor in place of said first control signal such that said logic controller captures control of said first processor, said logic controller isolates said first processor from the remainder of said computer system, and said logic controller obtains separate control over both said first processor and the remainder of said computer system; and
wherein said second processor, said logic controller, and operation of circuitry associated with said second processor and said logic controller are invisible to all other portions of said computer system, with the exception of a BIOS extension associated with said logic controller. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A multiple processor system comprising:
-
a first processor having a plurality of terminals for receiving a first plurality of controls signals coupled thereto, and a plurality of address signals coupled thereto;
a second processor;
a logic controller, said logic controller monitoring at least one critical program area corresponding to predetermined address signals and predetermined control signals of said first processor to detect an attempt to modify said at least one critical program area;
an alarm responsive to said logic controller detecting said attempt to modify said at least one critical program area;
said logic controller responsive to said alarm for interrupting at least one of said first plurality of control signals and substituting at least one of a second plurality of control signals in place of said at least one of said first plurality of control signals, such that said logic controller captures control of said first processor upon detection of said attempt to modify said at least one critical program area, and said logic processor selectively enables said second processor; and
wherein said logic processor and operation of circuitry associated with said logic controller are invisible to said first processor with the exception of a BIOS extension associated with said logic controller. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification