1. Field of the Invention
The present invention relates to a system of assuring security for information processing systems such as computers. More precisely, it relates to a secure processor and a program for the secure processor, which are capable of preventing operation of malicious execution codes as in computers and various kinds of equipment with a built-in processor.
2. Description of the Related Art
In the systems using a processor, operations can be described by a program so that those operations showing high flexibility and multiple functions can be easily mounted when compared to systems configured entirely by hardware. Because of these features, processors have been used in numerous systems such as personal computers, PDAs, cellular phones, and information household appliances and with the increased popularity of these systems, processing requiring higher levels of security as in e-commerce has been performed widely. Although a variety of kinds of system-based measures such as encryption for line data and user authentication have been taken in order to tighten security, software-level or processor-level security has become an issue when coping with the spread of computer viruses and illegal accessing as well as dealing with system-level security in recent years.
For example, as a variety of kinds of equipment with a built-in processor including cellular phones and information household appliances are connected to networks, there is a high likelihood that this equipment is also exposed to external threats similar to those of personal computers. When precisely analyzing problems such as illegal access, the main cause is the fact that the malicious execution codes operate within the terminals. It is important to prevent the malicious codes or undesirable codes from operating on a processor, but the measures taken traditionally at the processor side to prevent the operation of the malicious codes are not adequate at all. As a result, the problem remains that a secure software execution environment has not been provided.
Next, traditionally a processing is executed as follows: when storing data and execution codes for instructions in the main memory device or in the secondary memory device, encryption is performed for assuring security, and the encrypted data are then decrypted prior to the actual execution of instructions and are stored in the cache memory within the processor, and the processing is executed. In this case, the hardware for executing the encryption processing is loaded externally on another chip which is different from the processor chip. Therefore, there was the problem that encryption processing performance such as processing speed tends to become inferior.
Also, in such encryption processing, the encryption key used for encryption of data is determined at the side of encryption processing on the external chip so that there are no relationships with the kinds of instructions to be executed at the processor side, supervisor/user mode or the access addresses for fetching the data or instructions. In addition, the problem remained that an appropriate encryption key can not be selected in response to the instructions to be executed since the execution unit at the processor side can not specify a key to be used for encryption and decryption.
The following literature is available as the prior art regarding the security of this software execution environment.
Patent Reference 1: Japanese Patent Application Disclosure 2002-353960, “code Execution Apparatus and Code Distributing Method”
This document discloses a code execution apparatus wherein the encrypted execution code is authenticated to confirm effectiveness of the encrypted code, and the secure processor fetches instructions corresponding to the encrypted code in order to execute them as a secure task.
However, in this code execution apparatus, there are no relationships between the process corresponding to the execution code and the key used for authentication. For example, a problem could not be solved such that if a malicious operation is performed in the operating system (OS) and then if another authentication key is allocated in the program, the malicious code must be operated.