Method for executing security-relevant and non-security-relevant software components on a hardware platform

Abstract

The invention relates to a method for executing security-relevant and non-security-relevant software components (SAFET, STANT) on a hardware platform, wherein the hardware platform comprises at least one central processing unit (CPU) and at least one memory (SPE) and wherein the at least one non-security-relevant software component (STANT) is executed together with the at least one security-relevant software component (SAFET) on the same central processing unit (CPU), and wherein the hardware platform comprises a monitoring component (MOD) or is connected to said monitoring component, and wherein said monitoring component (MOD) operates independently of the at least one processor (CPU) of the hardware platform. According to the invention, the hardware platform has write-protection mechanisms for at least a part (SPE, SPE2) of the at least one memory (SPE), wherein the security-relevant software component (SAFET) has full write access to certain ranges (SPE1 - SPE4) or to the entire memory (SPE), or the security-relevant software component (SAFET) has access to a certain range of the memory that is separated from a range of the memory intended for non-security-relevant functions. Before the non-security-relevant software component (STANT) is executed, the security-relevant software component (SAFET) establishes a memory protection against access of a non-security-relevant function (STANT) to at least one range (SPE1, SPE2) of the memory of the security-relevant function (SAFET) such that the non-security-relevant software component (STANT) has write access only in limited ranges (SPE3, SPE4, SPE5) of the memory (SPE) and in particular does not have access to the ranges (SPE, SPE2) of the memory (SPE) separated for security-relevant components, and wherein after the return from the non-security-relevant component (STANT), the memory protection is shut down again, and wherein the monitoring component (MOD) monitors the security-relevant function to determine if the security-relevant function is running properly.

Description

technical field [0001] The invention relates to a method for executing safety-related and non-safety-related software components on a hardware platform, wherein the hardware platform comprises a computer unit and at least one memory, and wherein the at least one non-safety-related software component and the at least one safety-related software The means are both executed on the one computer unit, and wherein the hardware platform comprises the monitoring means or is connected to the monitoring means, and wherein the monitoring means operate independently of the at least one processor of the hardware platform. [0002] In addition, the present invention also relates to a hardware platform, and the above method is implemented on this hardware platform. Background technique [0003] Computer systems are increasingly used to perform tasks that could endanger human life or property if the computer system fails or responds slowly (“safety-related systems”). These systems must be ...

AI Technical Summary

Problems solved by technology

The downside of these operating systems is that they have very specific requirements for the programming of the control unit hardware and functions, so it is also complex and expensive to integrate non-critical functions in these systems

Images