Abstract: A master is provided which is connected to at least one slave via an interface, wherein the at least one master is designed, in a transmission mode to transfer a valid combination of output data and associated error detection data via the interface, and wherein the at least one master is furthermore designed, in a non-transmission mode, to output an invalid combination of output data and associated error detection data in case of an erroneous output request.

Abstract: It is suggested to process an interrupt event as follows: (i) receiving an interrupt event at a service request node; (ii) providing, by the service request node, an interrupt service request based on the interrupt event, and a security information; and (iii) forwarding the interrupt service request to an interrupt service provider.

Abstract: A direct memory access (DMA) circuit is provided. The DMA circuit may include a plurality of groups of direct memory access channels, wherein each of the groups includes at least one DMA channel and a resource usage counter configured to count an execution time in which one of the DMA channels of the group is executed, and an arbiter configured to evaluate a value of the resource usage counter of a group upon a request for execution time by one of the DMA channels of the group, and, taking into account a result of the evaluation, to assign, delay assignment, or deny execution time for using the direct memory access to one of the groups. Relevant FIG.

Abstract: Some examples relate to a method. In the method, a write transaction is routed from a master device to a slave device through a communication path. The communication path includes a first bridge and a second bridge downstream of the first bridge. The first bridge and the second bridge are coupled to one another via an interface structure. The first bridge sets a write busy signal on the communication path when the write transaction is processed by the first bridge; and in response to the first bridge setting the write busy signal, the second bridge holds the write busy signal until the write transaction has been received by the slave device. Upon the slave device receiving the write transaction, the second bridge resets the write busy signal to propagate the reset write busy signal back to the master device through the first bridge.

Abstract: A data processing device is described including one or more processors implementing a plurality of data processing entities, one or more software interrupt nodes and an access register for each software interrupt node. The access register specifies which one or more data processing entities of the plurality of data processing entities is/are each allowed to, as interrupt source data processing entity, trigger an interrupt service request on the software interrupt node for another one of the plurality of data processing entities as an interrupt target processing entity. Each software interrupt node is configured to forward an interrupt service request triggered by an interrupt source data processing entity which is allowed to trigger an interrupt service request on the software interrupt node to an interrupt target processing entity.

Abstract: An interconnect including an input couplable to a source, and an encoder coupled to the input. The encoder is configured to: group information that is received from the source via a same channel; size the grouped information to a common width; and apply protection to the sized grouped information.

Abstract: A master is provided which is connected to at least one slave via an interface, wherein the at least one master is designed, in a transmission mode to transfer a valid combination of output data and associated error detection data via the interface, and wherein the at least one master is furthermore designed, in a non-transmission mode, to output an invalid combination of output data and associated error detection data in case of an erroneous output request.

Abstract: A System on Chip (SoC), including a plurality of processor cores including a secure master, which is configured to run security software, and a non-secure master, which is configured to run non-security software; a resource configured to be shared by the secure master and the non-secure master; and a state machine configured to protect the resource by allowing only the secure master to transition the resource to a particular state of the state machine, and allowing only the non-secure master to transition the resource to another particular state of the state machine.

Abstract: The present disclosure relates to a security device, a system, and a method for securing a control apparatus. The security device includes a data security unit which is configured to secure data, data communication and information, and includes a first security component inside the data security unit to operate in a first operating mode, and at least one first monitoring unit to operate in a high-availability mode which, said first monitoring unit being configured to detect a fault present in the first security component. The high-availability mode is different from the first operating mode. The security device further includes a second security component which is configured to operate in the high-availability mode and to output a first response signal if a fault is detected by the first monitoring, where the high-availability mode is available independently from the first operating mode.

Abstract: A security hardware device is configured to secure a control apparatus. The security hardware device includes a data security domain; a functional safety domain; a data security processor provided in the data security domain and is configured to secure data from unauthorized access or manipulation; a functional safety processor provided in the functional safety domain and is configured to detect functional errors and generate respective safety alerts in response to detecting the functional errors; and a monitoring processor configured to analyze the respective safety alerts provided by the functional safety processor for at least one pattern of safety alerts indicative of a security attack and generate a response signal in response to the respective safety alerts having at least one of the at least one pattern of safety alerts.

Abstract: A method and apparatus for distributing interconnect bandwidth among master agents. The method includes allocating to each of the master agents a respective portion of the interconnect bandwidth within a time interval; monitoring the master agents to determine if any of the master agents has consumed its allocated portion of interconnect bandwidth within a current time interval; and if a master agent has consumed its allocated portion of interconnect bandwidth within the current time interval, delaying any new access requests from this master agent for a predetermined request delay time within the current time interval.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-multiplexed sequence or round-robin manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-sliced manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.

Abstract: A data processing device is described including one or more processors implementing a plurality of data processing entities, one or more software interrupt nodes and an access register for each software interrupt node. The access register specifies which one or more data processing entities of the plurality of data processing entities is/are each allowed to, as interrupt source data processing entity, trigger an interrupt service request on the software interrupt node for another one of the plurality of data processing entities as an interrupt target processing entity. Each software interrupt node is configured to forward an interrupt service request triggered by an interrupt source data processing entity which is allowed to trigger an interrupt service request on the software interrupt node to an interrupt target processing entity.

Abstract: A System on Chip (SoC), including a plurality of processor cores including a secure master, which is configured to run security software, and a non-secure master, which is configured to run non-security software; a resource configured to be shared by the secure master and the non-secure master; and a state machine configured to protect the resource by allowing only the secure master to transition the resource to a particular state of the state machine, and allowing only the non-secure master to transition the resource to another particular state of the state machine.

Abstract: According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

Abstract: According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

Abstract: The disclosure relates to systems and methods for defining a processor safety privilege level for controlling a distributed memory access protection system. More specifically, a safety hypervisor function for accessing a bus in a computer processing system includes a module, such as a Computer Processing Unit (CPU) or a Direct Memory Access (DMA) for accessing a system memory and a memory unit for storing a safety code, such as a Processor Status Word (PSW) or a configuration register (DMA (REG)). The module allocates the safety code to a processing transaction and the safety code is visible upon access of the bus by the module.

Abstract: A memory protector is configured to evaluate access requests referring to a memory address space. The access requests comprise address parameters referring to addresses of the memory address space. The memory protector comprises an address evaluator, an address results combiner, and a data register. The address evaluator is configured to evaluate whether the address parameters refer to address ranges of a set of address ranges and is configured to provide results regarding the address ranges. The address results combiner is configured to combine results provided by the address evaluator depending on access protection groups to which the address ranges are mapped to. The memory protector is configured to provide access grant results based on combinations provided by the address results combiner. The data register is configured to store data concerning the set of address ranges and concerning a mapping of the address ranges to the access protection groups.

Abstract: A service request interrupt router having an interrupt controller mapped to an Interrupt Service Provider (ISP) having virtual ISPs; Service Request Nodes (SRNs) configured to convert respective interrupt signals to corresponding service requests, wherein each of the SRNs is configured to direct its service request to one of the virtual ISPs; and an arbitrator configured to arbitrate among the virtual ISPs in a time-sliced manner, and for each of the virtual ISPs, to arbitrate which of the service requests directed thereto has a highest priority.