1. Field of the Invention
The present invention relates to a data access control method in a tamper resistant microprocessor and a cache memory implemented processor having a function for supporting the multi-task program execution environment, a cache memory control unit and encryption/decryption function so as to realize the protection of secrecy and the prevention of alteration for the execution codes of the programs and the processing target data.
2. Description of the Related Art
In the computer systems of recent years, the open system that can be constructed by combining hardware and software of various makers has been widespread, as in the case of PCs. In the open system, the information on the operating system (referred hereafter as OS) formed by hardware and system program is publicly disclosed so that it is in principle possible for a user to modify or alter the OS program according to the disclosed information
The application program is operated under the management of this OS, so that when the OS itself is attacked and altered by a third person such as a hacker, there is no way of escaping from this attack. Therefore it has been difficult for the application program provider to protect the application program completely from the analysis or the alteration by the third person.
For this reason, there is a method to encrypt the application program in advance, in order to prevent the analysis and the alteration of the application program to be operated under the OS of the open system. When the program is encrypted, not only the analysis becomes difficult but also the prediction of the operation in the case where the program is altered also becomes difficult so that it is also effective for the prevention of the alteration.
However, the encrypted application program cannot be executed as it is by the existing computer, so that there is a need for a microprocessor which can execute the program while decrypting the program. This microprocessor has functions for protecting the secrecy of the program and providing protection against the analysis and the alteration by encrypting data handled by the program on the presumption that the OS may carry out hostile operations against the application program. In the following, such a microprocessor will be referred to as a tamper resistant microprocessor.
Also, this tamper resistant microprocessor provides the multi-task program execution environment for executing a plurality of protected programs simultaneously in a pseudo-parallel manner (see commonly assigned co-pending U.S. patent application Ser. Nos. 09/781,158 and 09/781,284, and David Lie, et al., “Architectural Support for Copy and Tamper Resistant Software”, ASPLOS-IX Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, Cambridge, Mass., USA, Nov. 12-15, 2000, pp. 168-177).
In the case where the cache memory is implemented on the tamper resistant processor, the encryption processing unit for carrying out encryption and decryption can be arranged between the processor core and the cache memory or between the cache memory and the memory device such as the main memory. When the encryption processing unit is arranged between the cache memory and the main memory, the plaintext contents after the decryption or before the encryption will be stored in the cache memory. For this reason, the latter arrangement is more efficient than the former arrangement because the less number of encryption/decryption processing is required by the latter arrangement.
When the encryption processing unit carries out the encryption or the decryption, if it is under the multi-task program execution environment, a plurality of programs and their data are stored in the cache memory. At this point, there are cases where the eavesdropping or the alteration of the secret information of the other program among the programs in the cache memory can occur due to the alternation of the OS by the third person. In order to prevent such a case, there is a need to limit accesses with respect to the cache memory.
In the conventionally proposed tamper resistant microprocessor, one task ID is given to each one of the programs that are operated simultaneously, and this task ID is utilized in limiting accesses with respect to the cache memory. Each cache line of the cache memory is provided with a secret protection field for storing the task ID. When the processor core stores the plaintext execution code or data into the cache memory, the task ID of the currently executed program is stored into the corresponding secret protection field. When the processor core reads out the content of the cache memory, the task ID is obtained from the secret protection field of the cache line to be read. This task ID is compared with the task ID of the currently executed program, and the reading is permitted only when they coincide.
There is a need to carry out the encryption when data stored in the cache memory is to be written into the memory device such as the main memory, but the encryption key to be used in the encryption is not necessarily the encryption key maintained by the currently executed program. In the conventionally proposed tamper resistant microprocessor, the encryption key is obtained by using the task ID stored in the secret protection field in the cache line. For this reason, a key value table for storing correspondences between the task IDs and the encryption keys is provided inside the processor.
Also, when a plurality of programs carry out cooperative operations simultaneously, there is a function for sharing data among these programs such that data cannot be read out from the other programs. In order to realize this function, one encryption key value is shared by these programs. Each program uses this one encryption key in reading or writing data, such that the contents of the shared memory region can be shared by these programs while the other programs that do not know this one encryption key cannot read or write the contents of that memory region by carrying out the encryption/decryption correctly (see Japanese Patent Application Laid Open No. 2002-202720).
However, the above described method for limiting accesses with respect to the cache memory by using the task ID is associated with the following problems.
The first problem is that the tamper resistant microprocessor that uses this method needs to maintain the key value table storing correspondences between the task IDs and the encryption keys, and the number of programs that can be activated simultaneously is limited by the size of this key value table.
The second problem is that, when the program with one task ID is finished and this task ID is assigned to another program to be newly activated, if the data of the previously executed program still remain in the cache memory, the next program to which the same task ID is assigned would become possible to read that data without knowing the encryption key. In order to avoid this, there is a need to scan the entire region of the cache memory and invalidate the cache lines corresponding to the task ID of the finishing program at a time of finishing the program, but this operation requires a long time. This is particularly noticeable in the microprocessor implemented with the large cache memory.
The third problem is that, in the case where the memory contents are shared when a plurality of programs carry out the cooperative operations simultaneously, in order for another program to read the data written by one program, there is a need to encrypt the data written by that one program and write it into the memory device such as the main memory once, and then decrypt it and read it into the cache memory. In order words, even though it is the same data of the same content, there is a need to encrypt it once and then decrypt it by using the same key again, so that the execution speed is lowered.
The fourth problem is that the method for limiting accesses with respect to the cache memory by using the task ID requires the implementation of many functions by hardware, such as a function for looking up the key value table, a function for scanning the cache region and invalidating relevant cache lines at a time of finishing the program, etc., so that the structure of the microprocessor becomes complicated.