1. Field of the Invention
The present invention relates to a multitask execution system for executing a plurality of tasks in parallel.
2. Description of the Related Art
In recent years, in fact, every computer from a personal computer (PC) used by an individual to a server computer for providing a service of electronic commerce and the like, and further to a super computer has provided a multitask environment.
Here, the multitask environment is an environment enabling a plurality of “tasks” as processing units to be handled by the computer to be executed simultaneously.
It is expected that, in the near future, such a multitask environment will be realized also in a platform such as a cellular phone in which computing resources are limited.
In general, an operating system provides a function to prevent an interference between the tasks by allocating memory spaces (memory spaces for the respective tasks) independent of one another to the respective tasks by using a technology called virtual addressing.
However, like a case of debugging and so on of a program, there is a case where it is necessary for a certain task to access the memory space for the other task, and accordingly, the respective tasks are not necessarily independent of one another.
Therefore, it is common that important information such as data necessary to manage the tasks is placed not in the memory spaces for the respective tasks but in a memory space (memory space for the operating system) allocated by the operating system for itself.
However, in comparison with the memory spaces for the respective tasks, the memory space for the operating system lacks in flexibility, for example, has difficulty performing paging. The paging is a technology for making a memory space with a size larger than a capacity size of installed memories usable by temporarily saving data on the memory space into a secondary storage device such as a hard disk.
To place a large amount of information in such a memory area for the operating system, which has the property as described above, can possibly bring an adverse effect in performance.
The most u-and-coming technique at present as a method of safely placing the above-described important information in the memory spaces for the respective tasks in order to solve such a problem is to encrypt the important information, thereby preventing the important information concerned from being accessed by the other tasks.
As such a technique, for example, U.S. Pat. No. 5,224,166 (hereinafter, referred to as Patent Document 1) discloses a technology for storing data and a code in an encrypted format on external storage and memory, and decrypting such data and code when reading the data and code into a cache area placed in a physically safe area in a central processing unit (CPU), thereby eliminating unauthorized accesses from the other tasks.
In such a technology, a key for decrypting the encrypted data and code is also placed in the physically safe area, thereby eliminating the unauthorized accesses from the other tasks.
Moreover, in such a technology, decrypted plaintext data is placed only in the cache area located in the physically safe area, and when being written back to the memory by cache-write-back operation of the CPU, the plaintext data is automatically encrypted, and confidentiality thereof is thus ensured.
Moreover, as such a technique, Japanese Patent Laid Publication No. 2001-318787 (hereinafter, referred to as Patent Document 2) discloses a technology for performing decryption processing for the data on the memory when reading the data concerned into the cache, performing encryption processing for the data when writing the data into the cache, and in addition, encrypting also inherent information of the task, such as an execution register, when implementing a function of the operating system, which is called “context switching”, thereby also preventing an attack using a debugger.
However, in the above-described conventional technologies, it is basically necessary to perform the encryption processing by using encryption keys different for each task, and accordingly, memory areas for holding keys the number of which is equal to the number of tasks operatable simultaneously are required.
Moreover, in the above-described conventional technologies, a symmetric key encryption algorithm executable at a high speed is used as an encryption algorithm.
In the case of using a “CBC (Cipher Block Chaining) mode” common as the symmetric key encryption algorithm, data called “IV (Initialization Vector)” is required.
However, as a result of a recent research in the cryptography, it is pointed out that unpredictability is required also for the data called “IV” (for example, refer to “SP 800-38A Recommendation for Block Cipher Modes of Operation—Methods and Technique”, National Institute of Standards and Technology, US Department of Commerce, December 2001, which is referred to as Non-Patent Document 1). Accordingly, in order to safely utilize the encryption algorithm as described above, a much more memory area is required.
Although such a requirement for the memory is not problematic to a platform having a sufficient memory resource, such as the recent PC, server computer and super computer, the requirement can be a great problem in a platform having a limited memory resource, such as a PDA and the cellular phone.
In order to solve such a problem, Japanese Patent Laid Publication No. 2001-51819 (hereinafter, referred to as Patent Document 3) discloses a technology for performing encryption processing for context data by using a single key generated as random number data at a time of reset processing of a microprocessor, thereby protecting the context data concerned.
However, as in the technology disclosed in Patent Document 3, in a method of simply performing the encryption processing by using the single key as the means for protecting the important information in the individual tasks, defects to be described below are inherent, and the method has had a problem that it cannot be safe in a cc n multitask environment.
Specifically, in the case of protecting the important information on the tasks by the encryption processing using the singly key, as shown in FIGS. 1A and 1B, an attacker performs operations as below by using two tasks B and C, and thus can read important information of a task A as an object to be attacked.
First, the task B under execution stops execution of the task A and the task C by an interface provided by the operating system.
Second, the task B copies a protected area (already encrypted by the operating system at this point of time) storing the important information of the task A to a protected area (also already encrypted by the operating system at this point of time) of the task C (refer to FIG. 1A).
Third, the task B resumes the execution of the task C, and allows the task C itself to output important information stored in the protected area thereof (refer to FIG. 1B). Such operations are executed under the task C, and accordingly, the important information stored in the protected area is decrypted by the operating system. As a result, the important information of the task A will be outputted.