1. Field of the Invention
The present invention relates to a method and a device for controlling access to a data memory, by using attributes defining authorizations to access secured memory areas of the data memory.
2. Description of the Related Art
In various applications, a data memory frequently contains elements access to which must be write, read or execution restricted (program code). Access to such a memory must therefore be controlled.
Such an access control is particularly provided in integrated circuits for smart cards the memories of which contain confidential information such as secret codes, identification numbers, encryption keys . . . This information is read by a microprocessor when sessions are opened under the control of the operating system but cannot be read by a user program. This is therefore referred to as read-restricted access. Other types of data can be read by any type of program but cannot be re-written. This is therefore referred to as write-restricted access.
To ensure such an access control, the data are grouped together in the memory by type of authorized access (same authorization level) by placing them in a determined memory area with which information relating to the access authorizations granted to the memory area is associated. This information is coded in the form of a binary word called attribute. The total number of attributes varies according to the number of secured memory areas each having a particular authorization level.
FIG. 1 schematically represents the architecture of a classical access control device implanted in an integrated circuit comprising a CPU (microprocessor central processing unit) and a data memory DMEM. The CPU and the memory are linked by a data bus DTB, an address bus ADB, and a control bus CMD. The CPU sends read-access commands CMD (for a memory that can only be read) or read/write-access commands (for a memory that can be read and written) to the memory. The data memory is sectored, which means that it comprises areas each having a particular security level determined by an attribute. These areas are for example pages Pi (word lines) each comprising a plurality of binary words W0 to Wn.
The classical access control device mainly comprises a circuit MAC (memory access controller) and an attribute memory ATMEM containing a plurality of attributes ATi, each attribute corresponding to a secured memory area Pi of the data memory DMEM.
When the CPU sends a command CMD to the data memory DMEM, for example a read command, accompanied by the address ADrw of a binary word to be read in the data memory, the attribute memory ATMEM supplies to the circuit MAC, the attribute ATi corresponding to the page Pi in which the binary word must be read. The circuit MAC determines, according to the nature of the command CMD and of the attribute, whether or not this access is authorized. The circuit MAC supplies for example an inhibiting signal in the shape of an interrupt signal IT. The signal IT is applied to an interrupt decoder ITDEC that supplies an interrupt vector ITV to the CPU.
Other information can be taken into account by the circuit MAC to determine the access authorizations, such as the operating mode of the CPU (“user” mode, “operating system” mode, “test” mode, etc.) for example.
Such an access control device has the advantage of being rapid and transparent to the CPU, since the attribute is read simultaneously with the access to the data memory, a barred access resulting in an interrupt signal being sent during the clock cycle during which the access to the memory is performed, or during the next clock cycle.
Such a device also has various disadvantages.
Firstly, the attribute memory ATMEM occupies a considerable surface area of silicon. This memory actually comprises a memory array of the same type as that of the data memory, for example an EEPROM or FLASH memory array (electrically erasable and programmable), a ROM memory array (read-only accessible) or RAM memory array (volatile memory array that is read and write accessible, and which must be initialised after each reset of the integrated circuit). The access to this memory array requires control circuits such as an address decoder, sense amplifiers, as well as a charge pump (for an electrically erasable and programmable memory array). Now, these various control circuits, and the memory array itself, are complex and cumbersome.
Secondly, simultaneously reading a datum in the memory DMEM and an attribute in the memory ATMEM leads to considerable peak power consumption, as a result of the simultaneous triggering of the sense amplifiers and the decoders of each memory.
Another classical embodiment of an access control device is schematically represented in FIG. 2. Here, the attributes are saved in the data memory itself, and are distributed among the various secured pages, i.e., with one attribute ATi per secured page Pi. When a binary word W0 to Wn is read in a page Pi, the corresponding attribute ATi, saved in the same page, is simultaneously read and is sent to the circuit MAC.
This solution avoids implanting a distinct attribute memory but requires producing a complex column decoder and adding specific sense amplifiers for the parallel reading of an attribute during the reading of a datum, such that the consumption peaks remain when all the sense amplifiers are triggered simultaneously.