Abstract: A System on Chip (SoC), including a plurality of processor cores including a secure master, which is configured to run security software, and a non-secure master, which is configured to run non-security software; a resource configured to be shared by the secure master and the non-secure master; and a state machine configured to protect the resource by allowing only the secure master to transition the resource to a particular state of the state machine, and allowing only the non-secure master to transition the resource to another particular state of the state machine.

Abstract: The present disclosure relates to a security device, a system, and a method for securing a control apparatus. The security device includes a data security unit which is configured to secure data, data communication and information, and includes a first security component inside the data security unit to operate in a first operating mode, and at least one first monitoring unit to operate in a high-availability mode which, said first monitoring unit being configured to detect a fault present in the first security component. The high-availability mode is different from the first operating mode. The security device further includes a second security component which is configured to operate in the high-availability mode and to output a first response signal if a fault is detected by the first monitoring, where the high-availability mode is available independently from the first operating mode.

Abstract: A security hardware device is configured to secure a control apparatus. The security hardware device includes a data security domain; a functional safety domain; a data security processor provided in the data security domain and is configured to secure data from unauthorized access or manipulation; a functional safety processor provided in the functional safety domain and is configured to detect functional errors and generate respective safety alerts in response to detecting the functional errors; and a monitoring processor configured to analyze the respective safety alerts provided by the functional safety processor for at least one pattern of safety alerts indicative of a security attack and generate a response signal in response to the respective safety alerts having at least one of the at least one pattern of safety alerts.

Abstract: A method and apparatus for distributing interconnect bandwidth among master agents. The method includes allocating to each of the master agents a respective portion of the interconnect bandwidth within a time interval; monitoring the master agents to determine if any of the master agents has consumed its allocated portion of interconnect bandwidth within a current time interval; and if a master agent has consumed its allocated portion of interconnect bandwidth within the current time interval, delaying any new access requests from this master agent for a predetermined request delay time within the current time interval.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-multiplexed sequence or round-robin manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-sliced manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.

Abstract: A data processing device is described including one or more processors implementing a plurality of data processing entities, one or more software interrupt nodes and an access register for each software interrupt node. The access register specifies which one or more data processing entities of the plurality of data processing entities is/are each allowed to, as interrupt source data processing entity, trigger an interrupt service request on the software interrupt node for another one of the plurality of data processing entities as an interrupt target processing entity. Each software interrupt node is configured to forward an interrupt service request triggered by an interrupt source data processing entity which is allowed to trigger an interrupt service request on the software interrupt node to an interrupt target processing entity.

Abstract: A System on Chip (SoC), including a plurality of processor cores including a secure master, which is configured to run security software, and a non-secure master, which is configured to run non-security software; a resource configured to be shared by the secure master and the non-secure master; and a state machine configured to protect the resource by allowing only the secure master to transition the resource to a particular state of the state machine, and allowing only the non-secure master to transition the resource to another particular state of the state machine.

Abstract: According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

Abstract: According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

Abstract: The disclosure relates to systems and methods for defining a processor safety privilege level for controlling a distributed memory access protection system. More specifically, a safety hypervisor function for accessing a bus in a computer processing system includes a module, such as a Computer Processing Unit (CPU) or a Direct Memory Access (DMA) for accessing a system memory and a memory unit for storing a safety code, such as a Processor Status Word (PSW) or a configuration register (DMA (REG)). The module allocates the safety code to a processing transaction and the safety code is visible upon access of the bus by the module.

Abstract: A memory protector is configured to evaluate access requests referring to a memory address space. The access requests comprise address parameters referring to addresses of the memory address space. The memory protector comprises an address evaluator, an address results combiner, and a data register. The address evaluator is configured to evaluate whether the address parameters refer to address ranges of a set of address ranges and is configured to provide results regarding the address ranges. The address results combiner is configured to combine results provided by the address evaluator depending on access protection groups to which the address ranges are mapped to. The memory protector is configured to provide access grant results based on combinations provided by the address results combiner. The data register is configured to store data concerning the set of address ranges and concerning a mapping of the address ranges to the access protection groups.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-sliced manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.

Abstract: An interrupt interface of a central processing unit (CPU) comprises a bus with a plurality of interfaces to various components of the CPU. These components can include a memory that includes instructions to execute operations of a processor component, a plurality of virtual machines (VMs) and a virtual machine monitor (VMM)/hypervisor configured to execute the plurality of VMs. The processor can receive interrupt requests (interrupt) as service requests in parallel, which can be executed by the VMM or any one or more of the plurality of VMs to execute VM applications on a dedicated instance of a guest operating system for a task. The processor can further determine whether to grant an interrupt request to the VMM and the VMs based on predetermined criteria, including a current task priority, a pending interrupt priority, or an interrupt enable, associated with the current status of each of the component.

Abstract: The present disclosure relates to a security device, a system, and a method for securing a control apparatus. The security device includes a data security unit which is configured to secure data, data communication and information, and includes a first security component inside the data security unit to operate in a first operating mode, and at least one first monitoring unit to operate in a high-availability mode which, said first monitoring unit being configured to detect a fault present in the first security component. The high-availability mode is different from the first operating mode. The security device further includes a second security component which is configured to operate in the high-availability mode and to output a first response signal if a fault is detected by the first monitoring, where the high-availability mode is available independently from the first operating mode.

Abstract: An interrupt interface of a central processing unit (CPU) comprises a bus with a plurality of interfaces to various components of the CPU. These components can include a memory that includes instructions to execute operations of a processor component, a plurality of virtual machines (VMs) and a virtual machine monitor (VMM)/hypervisor configured to execute the plurality of VMs. The processor can receive interrupt requests (interrupt) as service requests in parallel, which can be executed by the VMM or any one or more of the plurality of VMs to execute VM applications on a dedicated instance of a guest operating system for a task. The processor can further determine whether to grant an interrupt request to the VMM and the VMs based on predetermined criteria, including a current task priority, a pending interrupt priority, or an interrupt enable, associated with the current status of each of the component.

Abstract: A system for a multiple chip architecture that enables different system on-chip (SoC) systems with varying compatibilities to interact as one SoC via a transparent interface. The system address maps of the single SoCs are configured so that each provide a system address map of the two SoCs without overlap or address re-mapping when connected to one another via the transparent interface. The transparent interface enables components related to safety/security and interrupt communication of a first and second SoC within the multiple chip system to transparently communicate and interact. The transparent interface can enable sources of both SoCs to be flexibly mapped to interrupt services providers on the first/second SoC within the multiple chip system.

Abstract: A system for a multiple chip architecture that enables different system on-chip (SoC) systems with varying compatibilities to interact as one SoC via a transparent interface. The system address maps of the single SoCs are configured so that each provide a system address map of the two SoCs without overlap or address re-mapping when connected to one another via the transparent interface. The transparent interface enables components related to safety/security and interrupt communication of a first and second SoC within the multiple chip system to transparently communicate and interact. The transparent interface can enable sources of both SoCs to be flexibly mapped to interrupt services providers on the first/second SoC within the multiple chip system.

Abstract: A memory protector is configured to evaluate access requests referring to a memory address space. The access requests comprise address parameters referring to addresses of the memory address space. The memory protector comprises an address evaluator, an address results combiner, and a data register. The address evaluator is configured to evaluate whether the address parameters refer to address ranges of a set of address ranges and is configured to provide results regarding the address ranges. The address results combiner is configured to combine results provided by the address evaluator depending on access protection groups to which the address ranges are mapped to. The memory protector is configured to provide access grant results based on combinations provided by the address results combiner. The data register is configured to store data concerning the set of address ranges and concerning a mapping of the address ranges to the access protection groups.

Abstract: A system for a multiple chip architecture that enables different system on-chip (SoC) systems with varying compatibilities to interact as one SoC via a transparent interface. The system address maps of the single SoCs are configured so that each provide a system address map of the two SoCs without overlap or address re-mapping when connected to one another via the transparent interface. The transparent interface enables components related to safety/security and interrupt communication of a first and second SoC within the multiple chip system to transparently communicate and interact. The transparent interface can enable sources of both SoCs to be flexibly mapped to interrupt services providers on the first/second SoC within the multiple chip system.