Hardware monitors attached to central processing units (CPU) for checking software are known. The hardware monitor typically checks software being executed on the CPU to determine that the software is executing and accessing data between permitted regions. For example, the hardware monitor can be configured to detect when an instruction falls outside a permitted region and can be maliciously inserted or where data is being read from a memory space or written to a memory space outside a permitted region with similar associated security issues.
These hardware monitors, sometimes known as fetch monitors, can be implemented on integrated circuits sitting next to a CPU monitoring memory accesses and checking whether processes (supervisor and user) are staying within predefined boundaries. A common cause of processes accessing instructions or data outside their defined boundaries is the operation of ‘hacked software’. When detecting that software has been hacked the fetch monitor or hardware monitor can quickly force a chip reset to prevent illegitimate accesses being performed.
Central processing units have the ability to run concurrent software processes, for example a CPU may have multiple user processes operating on a CPU, each user process has an associated user context defining; a set of memory regions that the user process is allowed to fetch instructions from, a set of memory regions from which the user process is allowed to read data from and, a set of memory regions from which the user process is allowed to write data to. Current CPU and hardware monitor design is flawed in that, each time the user process is changed, the CPU has to perform a hardware register access from the CPU to the hardware monitor over the system bus which can take tens of hundreds of clock cycles before the hardware monitor is set to monitor for the new user process.