The access protection of memory

 

The invention relates to the processing unit and method for accessing a memory having multiple memory cells for storing data values. The technical result is to increase functionality. A processing unit for controlling access to the memory contains storage device address range for storing information that identifies the address ranges for multiple logical storage areas in the memory storage device attributes to store the attributes used to control access to the cells in the logic region, a logical comparator circuit, the logical schema attribute definitions. The method describes the operation of the specified device. 2 c. and 14 C.p. f-crystals, 5 Il.

The invention relates to the processing unit and method for accessing a memory having multiple memory cells for storing data values, and, in particular, to such a device and method of processing data, which protects the memory access. The term "data value" refers here to both the teams and the elements or blocks of data, for example, the data words.

It is known that to control access to the memory to perform the segmentation paboty, for example, determine whether these areas are accessible only in supervisor mode, can they be placed in the cache memory, whether they are buffered in the system based on a cache memory, etc., Therefore, if the processor issues a memory address that falls into a specific memory area, then this area can be used for security attributes that determine whether the right processor in its current mode of operation to address the memory, and determining whether the data values selected from this area of memory, to be placed in the cache memory, whether the data values written to this memory area, buffering, etc. Such protection mechanisms are often used in a virtual memory system, together with the translation of virtual addresses into physical addresses.

In most implementations, the flexibility provided to define logical areas, is limited. Usually, a logical area are of a fixed size, for example 4K, although in some ways the flexibility to some extent increases, providing the area with several different sizes, for example the field size of 1 KB, 2 KB and 4 KB. Usually, if there are areas with different razmere addresses to define logical areas, containing these addresses would be less complicated if the sizes of these regions Dier only by a power of two.

Using the above approach, you can specify areas of memory and user memory areas supervisor. For example, consider the case in which provides a logical area with a fixed size of 4 Kbytes and the system requires 4 Kbytes for code supervisor and 12 Kbytes for user code, both codes must be mapped into RAM random access volume 16 Kbytes. To achieve this goal must be defined four logical areas, namely one area 4 Kbytes for code supervisor and three areas 4K for user code.

It would be desirable to provide the above functionality, choosing fewer areas than you would in the above-described known methods, resulting in increased system flexibility.

In EP-A-0700002 described control scheme selection unit chip microprocessor. Diagram of the chip select is able to implement map overlapping memory, so that the sub memory may either overlap or lie completely within the boundaries of the main unit. For each memory block are Dec the ve priority mechanism, whether to activate the external control signal, for example signal permits the use of the crystal.

In EP-A-0656592 describes a memory management unit (BUP), having one mode of operation in which bits of the attribute broadcast provided either the first register transparent broadcast (RTP) or the second RTP, or the default location. Each RTP can display different address spaces and different sizes addressable memory, and the default location covers all of the memory that does not appear in any of the RTP.

In US-A-3827029 described small-sized digital computer system, which is designed in such a way that it as optional equipment can be added hardware security subsystem from memory impairment.

According to the first aspect of the present invention provides a processing unit for controlling access to a memory having multiple memory cells for storing data values, and each memory cell has a corresponding address, the device includes a storage device address range for storing information that identifies the address ranges for multiple logical areas in said memory; a storage device is to the memory cells in the logic region; logic diagram of the address comparator for comparing the address issued by the processor, a respective one of the memory cells, with ranges of addresses for a variety of logical areas, and to generate a signal indicating the logical region that contain this address, if one or more logical fields contain the address; the logical schema attribute definitions, responsive to the signal generated by the logical comparator circuit addresses, to apply pre-defined prioritisation criteria to determine which of the logical region that contain the specified address has the highest priority, and display the attributes in the storage device attributes corresponding to this region with the highest priority, for use in controlling access to the memory cell specified by the given address; and one logical areas is a background region, covering the entire memory, and has the lowest priority of all logical areas, as a result, if the address issued by the processor that corresponds to the memory cell that is outside of any of the other logical areas, then the logical schema attribute definitions is adapted to output the attributes include the logic region and the relative priorities assigned to each logical area. If the CPU sets the address that falls within two or more logical field, then to determine what logical region has the highest priority, use prioritisation criteria. Each logical region has a number of attributes defined for this field, which are used to control access to memory cells in the same logical area. Then, based on the scope with the highest priority, the attributes for the field with the highest priority are used to control access to a specific memory location specified by the processor.

Therefore, if we refer to the above example, where it was necessary to provide 4 Kbytes for code supervisor and 12 Kbytes for user code in RAM 16 Kbytes, according to the present invention this can be achieved by providing two overlapping areas: area 4 Kbytes for code supervisor and area 16 Kbytes for user code. The area supervisor is set with a higher priority than the user, thereby ensuring that any attempt of access to the overlapping area of 4 KB is regulated by the attributes associated with the area supervisor. Track who ever got the field, as required in accordance with known methods.

In preferred embodiments, one of the logical areas can be used as a background region, covering all of the memory and having the lowest priority of all logical areas, as a result, if the address issued by the processor that corresponds to the memory cell that is outside of any other logical area, then to control access to the memory cell specified by this address, use the attributes associated with the background region.

It is possible that certain areas of memory are not completely fill the memory address space, and, consequently, in the map display address will be "holes". However, by selecting the configuration of the region with the lowest priority to cover the entire range of memory addresses and setting the appropriate attributes for this logical area of memory you can determine what will happen when referring to "the hole" (for example, can be set attributes for full access or no access).

In preferred embodiments, the address ranges for the logical fields specified base address, determining whether the memory cell region begins, and attribute razmere size attribute, so the memory size of X must have a base address that is a multiple of the value of X. This approach allows us to simplify the requirements for hardware tools. The base address and the size attribute is usually programmed by the user. Alternatively, use the base address and size attribute ranges of logical areas can be specified starting address and an ending address, defining the beginning and end of the logical area.

The logical comparator circuit address can be performed in any suitable way. In preferred embodiments, the logical comparator circuit address contains a number of Comparators, one for each address range.

The storage device address range can be achieved using any suitable storage device. However, in preferred embodiments, the storage device address range contains a number of registers. Preferably, separate registers were associated with each comparator logic Comparators addresses.

The storage device attributes can be of any suitable type. However, in preferred embodiments, the storage device attribute contains a set of registers and logicheskie schema attribute definitions outputs a signal to the multiplexer, causing the multiplexer to output the attributes from the attribute register corresponding to the area with the highest priority that contains the mentioned address.

In preferred embodiments, the logical comparator circuit address has multiple outputs, and for each logical field provides one output, and outputs generated signal that indicates whether the corresponding logical scope of this address, while the logical schema attribute definitions has a corresponding set of inputs for receiving signals from a specified set of outputs, and this set of inputs is relative priorities used by the logical schema attribute definitions for the application of pre-defined prioritisation criteria.

However, very valuable is that to apply pre-defined prioritisation criteria may be used in alternative ways. For example, in a memory device accessible by the logical schema attribute definitions, as information about the priorities can be stored predetermined prioritisation criteria, and information about the priority determines the relative priorities mentioned logical areas.

In prepost is, sootvetstvujushij cells in the memory that stores data values, the processor, or you must store the values of data processed by the processor core. In addition, the evaluation circuit may include a cache memory for storing data values, the available CPU core. With this device to improve the efficiency of the defining attributes for the region with the highest priority is preferably performed simultaneously with viewing the cache.

For storing both instruction and data can be provided by a single cache memory, and she often refers to the cache memory with the von Neumann architecture. However, as an alternative to store commands may be provided by the first cache memory, and to store the data provided by the second cache memory, and such a cache memory is often referred to as the cache memory architecture of Harvard; in fact the logical comparator circuit address and said logical schema attribute definitions are duplicated for each of the first and second cache memory. Therefore, when using a separate cache memories for data and commands to the circuit elements of data required to define attributes that are used D. is the definition of attributes for the region with the highest priority is preferably performed simultaneously with viewing the cache memory. If you have two cache, the lookup operation in the cache memory of the data may occur simultaneously with the lookup operation in the cache memory, and, therefore, to determine the attributes that are used to access the memory addresses corresponding to the scanning operations in the cache memory commands, and the cache data, you will need two sets of schemes.

According to the second aspect of the present invention provides a method of operation of the processing unit to control access to a memory having multiple memory cells for storing data values, and each memory cell has a corresponding address, the method contains the following steps: (a) storing information identifying the address ranges for multiple logical storage areas in a memory; (b) storing, for each logical field of the attributes used to control access to memory cells in the logic region; (C) comparison of the address issued by the processor, a respective one of the memory cells, with the range of addresses for a set of logical fields; (g) generating a signal indicating the logical region that contain the above address, if the address contains one or more logical storage areas; (d) the use of the division, what is the logical region that contain the mentioned address has the highest priority; and (e) the output of the stored attributes corresponding to the region with the highest priority, for use in controlling access to the memory cell specified by the given address; in which one of the logical storage areas is a background region, covering all of the memory and having the lowest priority of all logical areas, as a result, if the signal generated in step (g) indicates that the address issued by the processor that corresponds to the memory cell that is outside of any other logical areas, then in step (e) displays the stored attributes associated with the background region.

Then only example given the option of carrying out the invention with reference to the accompanying drawings, in which identical characteristics are used the same reference designations, and where Fig. 1 is a block diagram illustrating a processing unit according to a preferred variant of the present invention; Fig.2 is a table showing how using a field size of five bits can be set to a logical area with different size memory according to preferred variants of the present invention; piezometry to determine attributes, used to control access to the memory; and Fig. 4A, 4B variants of the present invention, which uses a separate cache memory for data and commands.

The processing unit according to a preferred variant of the present invention is described with reference to the flowchart in Fig.1. As shown in Fig. 1, the evaluation circuit has a processor core 10, is set for processing commands received from the memory 120. Data required by the processor core 10 to perform these commands can also be selected from the memory 120. For storing data and commands that you select from the memory 120, is provided by the cache memory 30, so that it is easily accessible to the processor core 10. To control storage of instructions and data in the cache memory 30 and to control the selection of data and commands from this cache memory is also provided a control unit cache memory 40.

According to preferred variants of the present invention in the memory 120 may be defined by a set of logical fields, each logical field has independently programmable size. To describe the preferred option is considered the memory 120 has 4 GB of address space, and it is assumed that this Adrien, actual memory size and the number of defined logical areas can vary to meet the specific requirements of the schema data.

Each logical region is preferably defined by a base address, which defines the beginning of the field memory, and a field size that determines the size of this logical field. In order to simplify the hardware requirements of the Comparators in the block protection block protection discussed in more detail below) expresses the constraint that the base address must match the "border size". Therefore, for example, a Boolean field size 1 MB will be installed, starting with the base address corresponding to the boundary of 1 MB in memory. Specialists in the art it is obvious that this is a limitation on the base address in preferred embodiments, insignificant, and that, with more complex hardware block protection, you will be able to start base address of a memory cell other than the border size.

According to preferred variants of the size of the logical region may be chosen in the range from 4 KB to 4 GB. However, it is clear that this range programmirovanie register size with a field of 5 bits, for different sizes of memory. In the example shown in Fig.2, the size can vary, differing by the value of powers of two. However, specialists in the art it is obvious that there is no need to limit the size by powers of two, and, with the register size with a large number of bits, it is possible to provide additional flexibility when programming the size of each field.

Alternatively, the use of base registers and size to define logical areas can also be used registers at the beginning and end. In such cases, the information corresponding to the valid addresses of the beginning and end of each logical region, is stored in registers and not in the base address and the size of the area.

Having the ability to define logical areas using either registers base and size or registers at the beginning and end, as discussed above, the user can program in memory overlapping logical area. In preferred embodiments of the present invention, each logical region has an independent attributes, such as associated with this area of the protection attributes, the attributes indicating vozmozhno, undoubtedly, it is important that any memory access is processed in a predictable manner. In preferred embodiments, this is accomplished by use of the protection unit 20 shown in Fig.1, and hereinafter further discussed the work of the protection block.

When the processor core 10 queries the command or data element (here both commands and data are called data values), it places the memory address of the data values on the line 54 of the processor bus 50. In addition, the processor core 10 processor generates the control signal on the bus line 52. CPU control signal contains information, for example, whether the address request to read or write, the type of access (for example, serial), the size of the access (e.g., word, byte), an operating mode of the processor (for example, the supervisor mode or user mode), etc. This CPU control signal is received by the control unit, the cache memory 40 and invites the control unit cache memory to determine whether the desired data value in the cache memory 30. The control unit cache memory 40 instructs the cache memory 30 to compare the address on the bus line 54 with the address in the cache memory to determine whether the cache data value according to what it is then read by the processor core 10. If the values of the data corresponding to this address is not in the cache 30, then the control unit cache memory 40 sends on line 130 a signal to the interface unit bus 95, indicating that the data value should be selected from the memory 120.

Simultaneously with the process of viewing the cache memory controller protection 150 in block 20 are sewn processor also receives the control signal on the bus line 52 and, after determining that the CPU control signal relates to potential access for reading or writing in the memory 120 or the cache memory 30, and instructs the address Comparators 70 to check, put the processor core 10 to the bus line 54. In preferred embodiments, for each logical region has one address comparator, and each of the Comparators has a corresponding register containing the address range for a particular logical field. Each comparator is adapted to compare this range of addresses with a specific address on the bus line 54, to determine whether the address corresponding to the logical field. Whenever the comparator determines that the address is within the address range of the logical places it on the appropriate line 160 displays on the priority encoder 75 signal match.

Assuming that the address Comparators 70 generate more than one signal match, then the priority encoder 75 is adapted for the application of prioritisation criteria to determine the relative priorities of each of the defined logical areas. Information about the priority assigned to each logical region may be stored in the protection unit 20, and for each logical area for which the address Comparators formed signal match, the priority encoder may be adapted to perform in order to use relevant information about the priority to determine which logical region has the highest priority.

However, in preferred embodiments, the relative priorities of the logical fields are defined by the ordering of the inputs to the priority encoder 75. If there are eight address Comparators 70 (Comparators 0-7) corresponding to eight logical areas (logical region 0-7), then it is preferable to have eight corresponding wires 160, connected to eight inputs (inputs 0-7) of the priority encoder 75. Then the inputs, the t together with the number of input that is, input number 7 has the highest priority and input number 0 has the lowest priority.

Then the priority encoder is adapted to apply conditional logic that determines first if the signal matches the number of input 1, the corresponding logical field 7. If so, then the priority encoder 75 to the multiplexer 80 outputs the signal indicating that the register of attributes 85 to output the attributes for the logical region 7. If the signal matches the entry corresponding to the logical region 7, is not received, then the priority encoder 75 determines if the signal matches the number of input 6 corresponding to the logical region 6. If so, then the priority encoder 75 to the multiplexer 80 outputs the signal indicating that the register of attributes 85 display the attributes for the logical region 6. If the entry corresponding to the logical region 6, the signal match is not accepted, then a similar process is repeated for each entry in turn until a match is found, the input signal matches. It is obvious that, although the above description defines the process in logical terms, the actual process usually will not be executed sequentially as data signals together and generating an output signal, identifying the region with the highest priority.

In preferred embodiments, the signal matches will always have a place in the area with the lowest priority (region 0), since it is determined as a background region, covering the memory address space in General. Therefore, the processing performed by the priority encoder 75, will cause the multiplexer 80 is sent to the signal indicating that the multiplexer select register attributes 85 the attributes associated with the highest priority that contains the address issued by the processor core 10. Then the attributes issued by the multiplexer 80, proceed to logical block 90 and the interface unit bus 95. Logical block 90 also receives from the bus line 52 processor control signal. This CPU control signal, among other things, determines the mode of operation of the processor core 10. Therefore, logical block 90 may use this information to determine whether to allow or attributes derived by multiplexer 80, the processor core 10 in its current operating mode to have access to the requested memory address. For example, if the logical unit 90 determines that the processor core 10 is in the mode of polzovatelei supervisor, then the logical block 90 may be adapted for the formation of a premature termination signal line 140 to the processor core 10 and highway 170 to block bus interface 95.

The processing performed by the protection unit 20, preferably occurs at the same time as viewing the cache memory, in order to maintain a sufficient processing speed. If the requested data value exists in the cache memory 30 and the logical unit 90 does not form on line 140 a premature termination signal, then the processor core 10 will use the data extracted from the cache memory 30. However, if the requested data value is not available in the cache memory, then, as discussed earlier, tract 130 signal will be sent, giving a command to the interface unit bus (BISH) 95 to access memory 120 for this data value.

BISH 95 will check the CPU control signal on the bus line 52 to determine whether the command issued by the processor core 10, a read command or a write command. If we assume that it is a read command and what path 170 of the logical block 90 not adopted a premature termination signal, then BISH 95 will give a command to the multiplexer 100 to send the address line since in the write buffer 105 - if any command delay write, it will be completed before a read command to. The effect of the write buffer are discussed further below). On the bus line 62 also has a control signal that is used by the memory controller 180 to control access to the memory 120. Memory controller 180, based on the control signal on the bus line 62, specifies that you want to read from the memory, and instructs the memory output line data bus 66 data from the address specified in the line bus of 64 addresses.

BISH 95 sends a signal to the buffer 110, causing the buffer 110 to send data placed in memory 120 on the line of the external bus 66, line processor bus 56. In addition, if the attributes obtained BISH 95 from multiplexer 80 of the protection unit 20, indicate that the address contains the data value can be placed in the cache memory, then BISH 95 will send on highway 135 to the control unit cache memory 40 signal which instructs the control unit cache memory to remember the selected data value in the cache memory 30. The value of data selected from the memory 120 and placed in the bus line 56, then remembered in the cache memory 30 and enters the processor core 10. As a result, the value of data becomes easily accessible from processe can be placed in the cache memory, then the data will not be saved in the cache memory, and processor core 10 will read the data value from the bus line 56.

In the above description, it was shown how to use the protection unit 20 to control access to the memory 120 to read data values from the memory 120. When the address issued by the processor core 10, is the address at which the processor wants to write the data value that occurs the following procedure.

Processor core will give the processor a control signal on the bus line 52, the address is on the bus line 54, and the data value to be remembering, on the bus line 56. the security controller 150 in the protection unit 20 will assess the processor control signal on the bus line 52 and, after determining that the processor control signal is related to the access to the memory 120 for writing, will give a command to the address Comparators 70 to check, put the processor core 10 on bus line 54. Then, the protection unit will perform the same procedure that was described previously in connection with the read command, in order to determine the logical area with the highest priority that contains this address. This will cause the attributes associated with this field will be displayed in BISH is predelete, whether the command issued by the processor core 10, a read command or a write command. If we assume that this is a write command, then the BISH will determine what must be done to record, and uses the information about the attributes adopted from the protection unit 20, to control the write procedure.

Logical block 90 on the attributes extracted by the multiplexer 80, and CPU control signal determines whether the processor core to write on a specific address in its current mode, and if not, it will issue a signal to premature termination. Any premature termination signal is sent to BISH 95 on highway 170, giving him the command to ignore a write command and is sent over path 140 in the processor core 10, to cause the removal of information about the data, address and control respectively with the bus lines 56, 54 and 52, and allow the processor core 10 to perform a process of elimination required in the event of such premature termination.

However, if we assume that the given processor core can write to the address on the bus line 54, and, therefore, BISH 95 receives a signal of premature termination, then BISH 95 uses the information about the attributes of the e to buffer any possible then BISH 95 will give a command to the write buffer 105 to select the signals data, address and control bus 50. Once this is done, the processor core 10 can process the next command without waiting for the write command.

The write buffer is preferably a buffer of type "first - come, first-served basis. If the external bus 60 is free, that BISH 95 instructs the multiplexer 100 to display the next item from the write buffer to the external bus 60. Then, the multiplexer 100 outputs the necessary control signals, addresses and data on the bus line 62, 64 and 66, respectively, and the memory controller 180 uses the control signal to control write access to the memory 120. At this point the data will be recorded in the memory 120. When data records are processed sequentially from write buffer 105, at the same time in the memory 120 will be written to the data corresponding to the address issued by the processor through the bus line 54.

However, if the interface unit bus 95 determines that the address to which data should be written, is not buffered, then the block bus interface 95 will give a command to the multiplexer 100 to select the information processor control, address and data directly from sootvetstvuyuschemu address in the memory 120. However, before you do, write buffer 105 is generally exempt from any records in it, in order to ensure the processing of write commands in the correct order. Once you have recorded newfiletime data corresponding to the current write command may be processed the following command.

Now with reference to Fig.3, which presents a block diagram showing the processing steps performed in the protection unit 20 may be considered a process, performed by this block protection. In step 300, the protection unit 20 waits for the address, put the processor core 10 to the bus line address 54. As mentioned earlier, the security controller 150 in the protection unit 20 responds to the control signal on bus PC 52, giving a command to the address Comparators 70 to check, put the processor core 10 on bus line 54. In preferred embodiments, for each logical field provides one address comparator, and therefore, in preferred embodiments, the block address Comparators 70 includes eight Comparators addresses. Each comparator address has a corresponding address register containing the address range for the corresponding logical field. Address line address 54, is compared at step 310 d is dressy the comparator outputs a signal "match" the corresponding wire 160.

All signals generated by the address Comparators 70, are in the priority encoder 75, where in step 330 apply prioritisation criteria to determine the logical region that contains the address, which has the highest priority. As mentioned earlier, in preferred embodiments, this is accomplished by the fact that the priority encoder is configured to perform conditional logic operations, determining first whether the passed signal matching at the input corresponding to the region with the highest priority. If this signal has not been received, then checked the entry corresponding to the region with the next highest priority, and so on, until the identified signal match. Since the priority encoder 75 performs the logical check of the inputs in descending order of priority, first identified signal matches will correspond to the logical area with the highest priority that contains the address issued by the processor core 10. Obviously, this process need not be performed sequentially on one input at a time, and in preferred embodiments can be used in a suitable logic circuit for receiving all eight input signals together and generating an output from at least one signal matches because either all of the address space will be covered with different logical areas, or one of the logical storage areas will be the background area to cover the entire address space of the memory 120. However, to determine the logical background region is not necessary, and therefore, there is an opportunity to shape the signals match, that indicates that the address issued by the processor core 10, corresponds to the "hole" in the memory 120. In such cases, in the absence of a background region, the system is usually supplied by the hardware, the determining processing of the access holes; for example, it may be arranged so that any access to the hole will cause it to generate a logical block 90 of premature termination signal. On the other hand, if the logical background region is defined, then to rely on this there is no need, because the access control will be used, the attributes corresponding to that of the background region.

If we assume that the background area should be defined as the region with the lowest priority, this background area can be performed with a fixed installation so that it will cover the entire address space. Then this area with the low is e which decreases by one the number of Comparators and the wires 160 to the priority encoder 75. If the address Comparators 70 does not generate signals match, indicating that none of the logical areas does not contain the mentioned address, then the priority encoder 75 may be adapted to send a signal to the multiplexer 80 to give him the command to display the attributes associated with the region of the lowest level. This approach can improve efficiency, although it is somewhat reduced flexibility because the Comparators addresses do not compare the address with the address ranges for the region with the lowest priority, with attributes for this area with the lowest priority are used in the form of direct sequence Comparators addresses, determining that none of the logical areas does not contain the mentioned address.

Once the priority encoder 75 will determine which of the logical region that contain this address has the highest priority, then it outputs to the multiplexer 80 signal instructing the multiplexer to select at step 340 the attributes from the attribute register 85, containing the attributes for this logical field. Once the attributes are selected by the multiplexer 80, these attributes are displayed in step 350 for use in controlling access to memory or cache memory.

To indicate whether the attributes, output at step 350 that the processor core 10 in its current mode of operation should not have access to the given memory address in the logical field defined by these attributes. For example, if the processor core 10 is operating in user mode and one of the attributes displayed in step 370, indicates that the address is only available in supervisor mode, the logical block 90 will be issued for the tract of 140 in the processor core 10 a premature termination signal, indicating that the processor core 10 is not able to access this area of memory, and will send on highway 170 in BISH 95 signal premature termination.

In the above description discussed the processing unit, in which you can define multiple logical memory regions in which the logical memory areas may overlap, in order to increase the flexibility of the device.

Although there was discussed a particular variant, it is obvious that the invention is not limited thereto and that within the scope of the invention can be performed many of his modifications and additions. For example, the cache memory 30 can be used for storing both instruction and data, as shown in Fig. 1 or, alternatively, one cache memory can be used is preferably to use two block protection 20, one for commands and one for data. Both options by which it could be implemented, is shown in Fig. 4A and 4C.

In Fig. 4A cache commands 430 and the cache data memory 440 at the same time the available processor core 10. When viewing the cache memory in the cache memory commands 430 uses the command address, that address is also served in the protection block 400 to determine the attributes that should be used to control access to the memory if required. Similarly, when viewed in the cache data memory 440 uses the address data, the address also served in the protection block 410 to determine the attributes that should be used to control access to memory, if required. The protection blocks 400 and 410 preferably be the same as the protection unit 20 shown in Fig.1, except that the attribute registers and registers that define logical areas, are provided now with one set of registers 420. Hence, in Fig.1 how to access data and to access the commands memory use the same logical area and attributes.

However, an alternative approach, shown in Fig.4B, for protection units 400 and 410 should be separate regice of different sizes, which have different attributes. This provides greater flexibility, as, for example, you may need to have for area commands area data of different sizes.

Claims

1. A processing unit for controlling access to a memory having multiple memory cells for storing data values, and each memory cell has a corresponding address, the device includes a storage device address range for storing information that identifies the address ranges for multiple logical storage areas in the memory storage device attributes for storing, for each logical field of the attributes used to control access to the cells in the logic region, the logical comparator circuit for comparing the address issued by the processor, a respective one of the memory cells, with ranges of addresses for a set of logical fields, and generate a signal, specifies the logical region that contain the above address, if one or more logical fields contain the above-mentioned address, the logical schema attribute definitions, responsive to the signal generated by the logical comparator circuit addresses dalriada mentioned address, has the highest priority, and output attributes in the storage device attributes corresponding to this area with the highest priority, for use in controlling access to the memory cell specified by the mentioned address with one logical areas is a background region, covering all of the memory and having the lowest priority of the logical storage areas, as a result, if the address issued by the processor that corresponds to the memory cell that is outside any of the other logical areas, then the logical schema attribute definitions is adapted to output the attributes associated with the background region.

2. The processing unit under item 1, in which the address ranges for logical fields defined by a base address that identifies which memory cell region begins, and the size of the logical area.

3. The processing unit under item 2, in which the base address is determined as a function of the size attribute, so that the memory size of X must have a base address that is a multiple of the value X.

4. The processing unit under item 2 or 3, wherein the base address and the size attribute is programmed by the user.

5. The processing unit under item 1, in catocala and the end of the logical area.

6. The processing unit under item 5, in which the start address and the address programmed by the end user.

7. The processing unit according to any one of the preceding paragraphs, in which the logical comparator circuit address contains a number of Comparators, one for each address range.

8. The processing unit according to any one of the preceding paragraphs, in which the storage device address range contains a number of registers.

9. The processing unit under item 8, if it is dependent on p. 7, in which each comparator is connected separate registers.

10. The processing unit according to any one of the preceding paragraphs, in which the storage device attribute contains a set of registers of the attributes connected to the multiplexer, where each register contains attributes for the logical field, the logical schema attribute definitions displays the signal in the multiplexer, causing the multiplexer to output the attributes from the attribute register corresponding to the area with the highest priority that contains the mentioned address.

11. The processing unit according to any one of the preceding paragraphs, in which the logical comparator circuit addresses has many drove, indicates whether the corresponding logical scope of the above-mentioned address, the logical schema attribute definitions has a corresponding set of inputs for receiving signals from multiple outputs and multiple inputs has a relative priorities used by the logical schema attribute definitions for the application of pre-defined prioritisation criteria.

12. The processing unit according to any one of paragraphs.1-10, in which predetermined prioritisation criteria are stored as information about the priorities in a memory device accessible to the logical schema attribute definitions, and information about the priority specifies the relative priority of logical areas.

13. The processing unit according to any preceding paragraph, further containing processor core for issuing addresses corresponding to memory cells in the memory that stores data values, the processor, or you must store the values of data processed by the processor core.

14. The processing unit on p. 13, further containing a cache memory for storing data values, the available CPU core.

15. The processing unit under item 14, in which the first is logicheskie the comparator circuit addresses and the logical schema attribute definitions are duplicated for each of the first and second cache memory.

16. The method of operation of the processing unit to control access to a memory having multiple memory cells for storing data values, and each memory cell has a corresponding address, the method contains the steps by (a) storing information identifying the address ranges for multiple logical storage areas in the memory, (b) provide storage for each logical field of the attributes used to control access to memory cells in the logical field, and (C) compare the addresses issued by the processor, a respective one of the memory cells, with the range of addresses for a variety of logical areas, (g) generate a signal indicating the logical region that contain the above address, if the address is contained in one or more logical fields, (d) apply, in accordance with the signal generated in step (d), predetermined prioritisation criteria to determine which of the logical region that contain the mentioned address has the highest priority, and (e) discharge of stored attributes corresponding to the region with the highest priority, for use in controlling access to the cell p all memory and having the lowest priority of the logical storage areas as a result, if the signal generated in step (g) indicates that the address issued by the processor that corresponds to the memory cell that is outside any of the other logical storage areas, the step (e) deduce stored attributes associated with the background region.

 

Same patents:

The invention relates to protected memory, in particular memory, providing multiple layers of protection for areas of application

The invention relates to systems for protection against illegal use of the software product

The invention relates to the field of protection against unauthorized access to information stored in the personal computer, and can be used in automated systems for handling confidential information-based personal computers

The invention relates to systems of information protection, such as technical documentation, placed in storage, and retrieval of information

The invention relates to a device for the protection of information in computer, and particularly to a device for the destruction of information when there is a risk of its diversion, which is carried out on the basis of a signal of an unauthorized attempt to access, and the user at his request

The invention relates to the field of information security and is designed to protect against unauthorized distortion of each support information document

The invention relates to the field of information security management in the data channels and can be used in the respective circuits when the cryptographic transformation

The invention relates to computing, and in particular to information and computer systems and networks, and can be used to provide isolation of the software environment on workstations, functional and information servers

The microcomputer // 2198424
The invention relates to computing

The invention relates to computing

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

FIELD: digital memory technologies.

SUBSTANCE: board has rewritable power-independent memory and control circuit, means for storing address, pointing at limit between authentication area and non-authentication area, circuit for changing size of said areas. Reading device contains estimation means, reading information, pointing at number of times, for which digital data can be read, and playback means. Second device variant additionally has means for digital output of contents.

EFFECT: higher efficiency.

3 cl, 23 dwg

FIELD: computer science.

SUBSTANCE: method includes protective mathematical conversion of service data of network frame prior to transfer to environment for transfer of a LAN. To said protective conversion the data is subjected, which is contained in headers of network frames of channel level, and also in headers of all encapsulated network packets and segments. As a result the very possibility of interception is prevented.

EFFECT: higher efficiency.

7 cl, 2 dwg

FIELD: data carriers.

SUBSTANCE: device for reproduction of data from data carrier, program zone of which is used for recording a set of files, and control zone - for controlling copy protection data concerning the file, recorded in program zone, has computer for calculating copy protection information for each time file is reproduced, comparison means for comparing value, calculated on reproduction command, being prior to current one, to value, calculated on current reproduction command, and if these values coincide, the last value is stored as copy protection value, calculated on reproduction command , prior to current one and control means for allowing reproduction of file, appropriate for current command, if value, calculated as response to command, previous relatively to current command, coincides as a result of comparison to value, calculated as a response to current command.

EFFECT: higher reliability, higher efficiency.

4 cl, 46 dwg

FIELD: data carriers.

SUBSTANCE: device has calculating, reserving and recording modules. Each variant of semiconductor memory card contains area for recording user data for controlling volume and area for recording user data. On carrier method for computer initialization is recorded, including calculation of size of volume control information, reserving areas and recording therein of control information for volume and user data, recording main boot record and sectors table in first section of first area, skipping preset number of sectors, recording information of boot sector of section, file allocation table and root directory element to following sectors.

EFFECT: higher efficiency.

5 cl, 59 dwg

Up!