1. Field of the Invention
The present invention relates to a microprocessor capable of guaranteeing that the content of a memory is not unjustly falsified, a node terminal provided with such a microprocessor and capable of proving the execution of a program, a computer system and a program execution proving method.
2. Description of the Related Art
In recent years, with the development of networks, grid computing according to which a plurality of computers are connected and utilized as one computer, a mobile agent system for carrying out a processing by moving from one computer to another while suspending a program and an executed state of the program and other systems have been realized.
The grid computing is one method for solving a program having a large computational effort. A certain computer (job dispatch server or merely server) divides a problem and transfers programs and data for solving sections of the problem to a multitude of computers (nodes) network-connected with the server. Each node executes the received program and returns an execution result to the server. Projects such as seti@home, United Devices, Distribute.net, particularly those by volunteer participants are known as projects using such grip computing. Since rewards are given according to the computational effort in these projects, it is essential to guarantee or prove that the nodes precisely executed the given programs.
In the mobile agent system, a program transmitted from a certain computer (agent) is executed while being moved from one to another of network-connected computers (hosts). In order to obtain a correct execution result, it is necessary to guarantee that the program was properly executed in the hosts by way of which the program had been moved. For security in the mobile agent, it is necessary to prevent two attacks, i.e. a malicious attack from the agent to the host and a malicious attach from the host to the agent.
Besides the above grid computing and mobile agent system, the e-commerce, the DRM (digital right management) for software and digital contents and the like have been recently in widespread use, wherefore computer security having even higher reliability is being required. At present, the security of most computers secures reliability only by software, but there is a limit in securing reliability by entering a security code or carrying out an obfuscation processing for each application configured by a different programmer. Further, the software is weak against an attack from malicious software being simultaneously executed in the same computer such as an operating system (OS) or an other process. Accordingly, a scheme called trusted computing for supporting the computer security not by software, but by both hardware and software is being studied.
An architecture called “AEGIS” is, for example, disclosed in the following document as a method for guaranteeing that a program is not falsified in order to prove that a remote computer precisely executed this program in such trusted computing:
“AEGIS: Architecture for tamper-evident and tamper-resistant processing” by G. E. Suh, D. Clarke, B. Gassend, M. van Kijk, and S. Devadas, proc. Of the 17th Int. Conference on Supercomputing, June 2003.”
This AEGIS is configured to guarantee no falsification of the content of a memory by using a special hash function in order to deal with a malicious attack.
However, a technology according to the above document only mathematically argues the reality of guaranteeing that the content of the memory is not falsified using the special hash function, and does not disclose a specific configuration. The implementation of such a special hash function in hardware is thought to extend a critical path and lead to a temporarily and spatially large overhead.