Unlock instant, AI-driven research and patent intelligence for your innovation.

Computer system having memory protection function

A computer system and storage protection technology, applied in the direction of memory system, computing, preventing unauthorized use of memory, etc., to achieve the effect of preventing buffer overflow attacks

Inactive Publication Date: 2007-11-14
SHARP KK
View PDF1 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0025] Until the accumulation area is destroyed, there is a possibility that the normal action will no longer be performed and become the intention of the attacker

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Computer system having memory protection function
  • Computer system having memory protection function
  • Computer system having memory protection function

Examples

Experimental program
Comparison scheme
Effect test

no. 1 approach

[0065] FIG. 1 shows a schematic configuration example of a system 1 of the present invention. As shown in Figure 1, system 1 of the present invention is constituted as, has: CPU (central processing unit) 10, ROM (read-only memory) 11, RAM 12, nonvolatile memory 13, peripheral I / O connect 14, memory map circuit 15 , access right judging circuit 16 , data bus 17 , and address bus 18 . CPU 10 , ROM 11 , RAM 12 , nonvolatile memory 13 , and peripheral I / O interface 14 are connected to each other through address bus 18 and data bus 17 . The ROM 11 , the RAM 12 , and the nonvolatile memory 13 constitute a storage area 19 for storing program codes executable by the CPU 10 and for storing data.

[0066] Furthermore, in the present embodiment, among the storage areas 19, a program code area storing program codes and a fixed data area storing fixed data are formed in the ROM 11 and the nonvolatile memory 13, and are utilized when the program is executed. Assuming that the storage area...

Embodiment 1

[0072] Next, an example of the defense operation of the system 1 of the present invention when receiving a buffer overflow attack as illustrated in FIG. 5 will be described. FIG. 7 shows execution of a normal program, prevention of execution of a malicious illegal program, and status changes of the stack area when a buffer overflow attack is received (#13 to #15).

[0073] #13: Operation when buffer overflow attack is received The same operation as #6 to #8 shown in FIG. 5 is performed.

[0074]#14: Based on the falsified return address, the CPU 10 transfers control to a malicious illegal program embedded in a stack area set within an execution-unpermitted address range. Here, the access right judging circuit 16 detects that the execution program storage address Spc indicated by the value of the program counter 20 is within the execution disallowed address range of the access control memory map stored in the memory mapping circuit 15, and activates access prohibition. Signal ...

Embodiment 2

[0080] Next, another example of the defense operation of the system 1 of the present invention when receiving a buffer overflow attack as illustrated in FIG. 5 will be described. In this second embodiment, the operation of defending against a buffer overflow attack will be described with the entire system as an initial state.

[0081] FIG. 8 shows the execution of the program when the execution of the malicious illegal program is detected and the reset process is performed, the execution of the malicious illegal program is prevented, and the state changes of the stack area (#16 to #18).

[0082] #16: Operation when buffer overflow attack is received The same operation as #6 to #8 shown in FIG. 5 is performed.

[0083] #17: Based on the falsified return address, the CPU 10 transfers control to a malicious illegal program embedded in a stack area set within an execution-unpermitted address range. Here, the access right judging circuit 16 detects that the execution program stora...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A computer system for preventing secret data in a memory area from being erased, altered or leaked due to a buffer overflow attack and the like comprises a memory map circuit (15) for storing an access control memory map which defines whether the CPU (10) has an access right for executing a program with respect to each address of the memory area (19), an access right determination circuit (16) for determining whether the CPU (10) has the access right to the memory area of an execution program storage address (Spc) designated by a program counter (20) based on the access control memory map, and outputting an access prohibition signal (SC) which makes the CPU (10) execute a predetermined operation to disable the CPU (10) from accessing the memory area of the execution program storage address when the CPU (10) does not have the access right.

Description

technical field [0001] The present invention relates to a computer system equipped with a CPU (Central Computing Processing Unit) capable of executing computer programs and a storage area composed of one or more storage devices capable of storing computer programs and data. Or access control of deletion, tampering, and leakage of confidential data in a storage area caused by illegal use. More specifically, it relates to a data protection technology for a data storage area containing confidential data. Background technique [0002] In a computer system equipped with a CPU and one or more storage devices, it is usually used to avoid unstable or inoperable operation of the entire system caused by unexpected access from the CPU to the storage device or access outside the authority. , and an access control unit to the storage device is set in the system. [0003] Existing access control usually attaches attributes to each file, and judges whether the user has access right to the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F12/14G06F21/12G06F21/52
CPCG06F12/1483G06F12/1441
Inventor 大山茂郎
Owner SHARP KK