Watchdog processors in multicore systems
First Claim
1. A system comprising:
- a first processor;
at least one second processor, wherein each second processor comprises a respective internal component, each internal component performing a discrete function;
a third processor; and
a bus coupling said first processor, said at least one second processor, and the third processor, wherein the third processor is configured to monitor at least one interaction between the first processor and the at least one second processor via the bus,the third processor and each respective internal component of the at least one second processor being in direct connection via one or more wire connections, each of the one or more wire connections being independent of said bus, and said third processor being configured to monitor each internal component of the at least one second processor via a respective wire connection of the one or more wire connections, the third processor monitoring the at least one interaction between the first processor and the at least one second processor and each internal component, the third processor enforcing one of a plurality of selectable interaction policies between the first processor and the at least one second processor, andthe enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the at least one second processor.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for securing a multicore computer chip with a watchdog processor. In a system with a watchdog process and any number of other processors and components, the watchdog processor monitors bus communications between the second processor and at least one third component. The watchdog processor may be further independently coupled to at least one of the other components so that it can monitor internal operations of such component, thereby acquiring detailed information about the specific operations of at least one component in the system. The watchdog processor can enforce an interaction policy on bus communications between components, as well as enforce an independent security policy on the monitored components.
53 Citations
19 Claims
-
1. A system comprising:
-
a first processor; at least one second processor, wherein each second processor comprises a respective internal component, each internal component performing a discrete function; a third processor; and a bus coupling said first processor, said at least one second processor, and the third processor, wherein the third processor is configured to monitor at least one interaction between the first processor and the at least one second processor via the bus, the third processor and each respective internal component of the at least one second processor being in direct connection via one or more wire connections, each of the one or more wire connections being independent of said bus, and said third processor being configured to monitor each internal component of the at least one second processor via a respective wire connection of the one or more wire connections, the third processor monitoring the at least one interaction between the first processor and the at least one second processor and each internal component, the third processor enforcing one of a plurality of selectable interaction policies between the first processor and the at least one second processor, and the enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the at least one second processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a first processor; a functional group coupled to said first processor, wherein the functional group comprises a second processor, and a third processor, the third processor comprising a respective internal component, each internal component performing a discrete function; and a software application comprising a set of application functions and a plurality of selectable interaction policies, wherein said set of application functions are executed by said functional group, and wherein one interaction policy of the plurality of selectable interaction policies is enforced against said functional group by said first processor, and the enforced one interaction policy detects at least one system call that launches a command shell, the enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the third processor. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a first processor coupled to a bus, and configured to monitor an interaction of a second processor and a third processor, wherein said first processor is configured to enforce one of a plurality of selectable interaction policies against said second processor and third processor; at least one wire connection for monitoring an internal component of the second processor, wherein the first processor monitors the interaction between the second processor and the third processor and monitors the internal component in order to enforce the one interaction policy of the plurality of selectable interaction polices, wherein said second processor is coupled to said third processor via said bus and wherein said second processor is configured to initiate at least one process on said third processor, the enforced one interaction policy of the plurality of selectable interaction policies being selected, based at least in part, on either a particular process or an application running on the second processor. - View Dependent Claims (18, 19)
-
Specification