Browse Prior Art Database

Memory Protection for I/O Devices

IP.com Disclosure Number: IPCOM000060921D
Original Publication Date: 1986-Jun-01
Included in the Prior Art Database: 2005-Mar-09
Document File: 2 page(s) / 60K

Publishing Venue

IBM

Related People

Oseas, J: AUTHOR

Abstract

This input/output system employs several schemes for protecting storage and assuring system integrity at a terminal. It applies special storage protection logic to "memory mapped" I/O devices in a way to make a system more secure. This article describes two ways of improving the security of a system: first by controlling the execution of certain software called execute protection, and second by controlling access to and from an I/O device. The underlying approach modifies a base system microprocessor so as to merge the functions of an I/O adapter directly into the main microprocessor system without exposing the code or the intermediate data used by it to the other users of the microprocessor system. The protected I/O adapter function shares the main engine and memory.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Memory Protection for I/O Devices

This input/output system employs several schemes for protecting storage and assuring system integrity at a terminal. It applies special storage protection logic to "memory mapped" I/O devices in a way to make a system more secure. This article describes two ways of improving the security of a system: first by controlling the execution of certain software called execute protection, and second by controlling access to and from an I/O device. The underlying approach modifies a base system microprocessor so as to merge the functions of an I/O adapter directly into the main microprocessor system without exposing the code or the intermediate data used by it to the other users of the microprocessor system. The protected I/O adapter function shares the main engine and memory. An I/O device or adapter may be protected in the like manner such that it can be accessed only by protected code. A delay trigger from the memory protect logic ensures that only protected code can access this adapter or memory. Fig. 1 shows an implementation which illustrates the principle. Provisions are made through the use of additional logic to select an address range(s) AR of interest and control access to that selection. Control is specified as follows: a. A single I-FETCH at 10 to the address range AR 11 will set state Q at 12 and allow all subsequent accesses (except DMA) to AR until an I-FETCH outside of AR is performed. This subsequent I-FETCH outside of AR will reset state Q at...