A runtime access control device and method

A production method and technology of safety devices, applied in the information field, can solve problems such as safety without systematic consideration

Active Publication Date: 2021-08-20
杨力祥
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] In order to solve the problem that the original intention of the design of the existing system architecture does not consider security systematically, the present invention discloses a security device. On the basis of design, the security problem is solved systematically. At the same time, preferably, a security device is disclosed. To ensure that even in the attack state, the security device can remain effective

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach S1

[0278] The feature of the embodiment S1 is: under the RISC-V system, the memory area boundary information is composed of memory address values, the first type of instruction execution and interrupt / abnormal generation are respectively transferred to different transfer areas, and the security is recorded through a dedicated storage facility. For the information required by the device and the state data required by the guarantee device, the preferred storage facility in this embodiment is: a special register.

Embodiment approach

[0280] S-A-A1. Set up a special register group for recording the information required to ensure the effectiveness of the safety device, which is used to record various memory area boundary information, interrupt site information, specific address information required across regions, and safety device opening / closing identification information

[0281] The processor needs to dynamically obtain some data during operation to ensure the normal operation of the safety device, so some registers are added for use by the processor. In the simplified instruction set RSIC-V, there are 4096 preset control status registers for use, and we select some of them as additional control status registers. In order to be compatible with RSIC, in addition to satisfying the coding rules and usage specifications of its registers, an attribute is added to the registers, that is, the correlation with the security device. The correlation refers to: if the register is related to the security device, the ...

specific Embodiment approach S2

[0426] The feature of the embodiment S2 is: under the RISC-V system, the memory area boundary information is composed of memory address values, and the first type of instruction execution and interrupt / abnormal generation are respectively transferred to the same transfer area, preferably, transferred to the common code location, and record the information required by the security device and the state data required by the security device through a dedicated storage facility. The preferred storage facility in this embodiment is: a dedicated register. The two can be transferred to the same address or different addresses in the common transit area, and this production method is preferably transferred to the common address.

[0427] Implementation of the safety device:

[0428] S-B-A1. Set up a special register group for recording the information required to ensure the effectiveness of the safety device, which is used to record various memory area boundary information, interrupt si...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a device and method for access control during operation, which relate to information technology, especially information security technology. The device includes a safety device and a guarantee device, and the safety device performs access control on a memory area based on hardware; The security device is based on hardware to ensure that the control state data that makes the security device valid and the specific instruction that makes the security device valid can be set only in a specific state; the security device provides a legal way to cross memory area boundaries, including executing special When a cross-area transfer instruction or an interrupt / exception occurs, it must first be transferred to the transfer area, and then the code in this area performs a boundary switch and transfers to the final target address; especially, if the two are transferred to the common code in the same transfer area Location, the hardware provides identification information to distinguish whether the transfer is caused by the execution of a cross-region transfer instruction or the generation of an interrupt / exception; interrupt return will also cause a cross-region transfer.

Description

technical field [0001] The present application relates to the field of information technology, in particular to a runtime isolation method, a runtime access control method and a computing device. Background technique [0002] In the prior art, especially in the existing operating system and processor architecture technology, the design of memory and its use is more concerned with compactness, convenience, and high efficiency. Such a design makes the codes of each function intricately Interconnected, the data has hardly any encapsulation, or only limited encapsulation during the syntax compilation phase of the high-level language, while at runtime it can be accessed virtually at will without any checks. [0003] Specifically, checking the grammar can only ensure that the source code does not contain illegal access that is not allowed by the grammar, but at runtime, the attacker may use some means to change the execution sequence of the program or the data access object, thus ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/60
CPCG06F21/604
Inventor 杨力祥
Owner 杨力祥
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap