Abstract: According to an embodiment, an information processing device includes a first manager, a second manager, and a generator. The first manager loads a first class of a first object that requests execution of methods contained in a second object and a third class of a limiter configured to limit access from the first object to the methods. The second manager loads a second class of the second object. The generator generates the second object from the second class upon receiving a generation request for generating the second object from the first object, generates the limiter from the second object and the third class, and transmits the limiter to the first object.

Abstract: According to an embodiment, a code processing apparatus includes a determining unit, a concealing unit, an instructing unit, and an unconcealing unit. The determining unit is configured to determine, based on relocation information included in first code data that includes a code body and relocation information representing a portion of the code body to be relocated by a linker, a first portion including at least a part of the code body that is other than the portion. The concealing unit is configured to conceal the first portion. The instructing unit is configured to instruct the linker to process the first code data having the first portion concealed. The unconcealing unit is configured to unconceal the concealed portion of second code data that is generated from the first code data by the linker.

Abstract: An information processing apparatus according to an embodiment includes a reception unit and switching unit. The reception unit receives an interrupt. The switching unit that switches a second operating system (which is executing in a core to a first OS to which the interrupt for the first OS is input, when the reception unit receives an interrupt for the core in which the first OS is a priority OS and the second OS is not the priority OS.

Abstract: A system software unit performs a first authentication operation with an external device using a first key that is registered in advance. A secure software unit determines whether or not system software satisfies a soundness condition. A dedicated memory unit is used to store a second key. While performing a reregistration operation for reregistering the first key, a system software unit requests the secure software unit to read the second key. When the system software satisfies the soundness condition, the secure software unit generates verification data using the second key. When a second authentication operation performed with the external device using the verification data is successful, the system software unit performs the reregistration operation.

Abstract: In one embodiment, a storage unit stores a table tree and verifier tree. The table tree includes parent and child tables. The verifier tree includes parent and child verifiers associated with the parent and child tables, respectively. The parent verifier is used for verifying the child table and child verifier. A device stores a secure table tree corresponded to the table tree and used for address translation and a secure verifier tree corresponded to the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree. The device sets the second address of the secure table tree such that the second address designates data in the first storage unit.

Abstract: An information processing apparatus includes a nonvolatile memory, a flag settable to a first value indicating that a program stored in a memory region of the nonvolatile memory has not been verified, and to a second value indicating that the program has been verified, a switching circuit configured to set the flag to the first value, in response to a request for permission to modify the program stored in the memory region, and a verification circuit that sets the flag to the second value upon verification of the program stored in the memory region, and upon restart of the information processing apparatus, carries out a verification process of the program prior to execution of the program if the first value is set in the flag, and executes the program without the verification process if the second value is set in the flag.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and the child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device, when data has a read-only attribute, calculates verification information based on the data and a secure value varying according as the data is updated, and executes verification based on a verifier corresponded to the data and the verification information.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree.

Abstract: According to one embodiment, an information processing device includes a processor, a nonvolatile memory, a designation unit, and a controller. The nonvolatile memory stores the first software and the second software which is used as substitute for the first software. The designation unit designates software to be executed by the processor at a boot. The controller protects an area of the nonvolatile memory storing the first software from being written while the first software is executed by the processor. When third software is executed by the processor, the third software verifies the second software. When the second software is legal in a result of verifying by the third software, the designation unit designates the second software.

Abstract: According to an embodiment, an information processing device is connectable to a peripheral device and includes a buffer, a first operating system, a second operating system, and a monitor. The monitor is configured to enable the first operating system or the second operating system to execute in a switching manner. The monitor includes a switching controller that, when the second operating system issues an access request to the peripheral device, saves a state of the second operating system and suspends its execution as well as restores a state of the first operating system and restarts its execution. The first operating system includes a request input-output controller that reads the access request from the buffer, that divides the read access request into instructions in receivable units for the peripheral device, and that issues each instruction. The first operating system includes an access controller that accesses the peripheral device according to the instructions.

Abstract: A system software unit performs a first authentication operation with an external device using a first key that is registered in advance. A secure software unit determines whether or not system software satisfies a soundness condition. A dedicated memory unit is used to store a second key. While performing a reregistration operation for reregistering the first key, a system software unit requests the secure software unit to read the second key. When the system software satisfies the soundness condition, the secure software unit generates verification data using the second key. When a second authentication operation performed with the external device using the verification data is successful, the system software unit performs the reregistration operation.

Abstract: According to an embodiment, an information processing device is connectable to a peripheral device and includes a buffer, a first operating system, a second operating system, and a monitor. The monitor is configured to enable the first operating system or the second operating system to execute in a switching manner. The monitor includes a switching controller that, when the second operating system issues an access request to the peripheral device, saves a state of the second operating system and suspends its execution as well as restores a state of the first operating system and restarts its execution. The first operating system includes a request input-output controller that reads the access request from the buffer, that divides the read access request into instructions in receivable units for the peripheral device, and that issues each instruction. The first operating system includes an access controller that accesses the peripheral device according to the instructions.

Abstract: According to an embodiment, a code processing apparatus includes a determining unit, a concealing unit, an instructing unit, and an unconcealing unit. The determining unit is configured to determine, based on relocation information included in first code data that includes a code body and relocation information representing a portion of the code body to be relocated by a linker, a first portion including at least a part of the code body that is other than the portion. The concealing unit is configured to conceal the first portion. The instructing unit is configured to instruct the linker to process the first code data having the first portion concealed. The unconcealing unit is configured to unconceal the concealed portion of second code data that is generated from the first code data by the linker.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and the child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device, when data has a read-only attribute, calculates verification information based on the data and a secure value varying according as the data is updated, and executes verification based on a verifier corresponded to the data and the verification information.

Abstract: In one embodiment, a storage unit stores a table tree and verifier tree. The table tree includes parent and child tables. The verifier tree includes parent and child verifiers associated with the parent and child tables, respectively. The parent verifier is used for verifying the child table and child verifier. A device stores a secure table tree corresponded to the table tree and used for address translation and a secure verifier tree corresponded to the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree. The device sets the second address of the secure table tree such that the second address designates data in the first storage unit.

Abstract: According to an embodiment, a computer program product includes a computer-readable medium including program, when executed by a computer, to have a plurality of modules run by the computer. The computer includes a memory having a shared area, which is an area accessible to only those modules which run cooperatively and storing therein execution module identifiers. Each of the modules includes a first operation configured to store, just prior to a switchover of operations to an other module that runs cooperatively, an identifier of the other module as the execution module identifier in the shared area; and a second operation configured to execute, when the execution module identifier stored in the shared area matches with an identifier of own module immediately after a switchover of operations from the other module, a function inside the own module.

Abstract: The debugging unit writes a public key of the key issuing server and an initializing program given from outside, to the storage unit. The instruction executing unit reads and executes the initializing program stored in the storage unit. The debug disabling unit disables the debugging unit. The public-key encrypting unit encrypts the random number by the public key in the storage unit, the random number generated by the random number generating unit after the debugging unit is disabled. The transmitting unit transmits the encrypted random number to the key issuing server. The receiving unit receives an individual key encrypted by the random number from the key issuing server. The individual-key writing unit decrypts the encrypted individual key by the random number to obtain the individual key and write the individual key to the storage unit.

Abstract: According to an embodiment, an information processing device includes a first manager, a second manager, and a generator. The first manager loads a first class of a first object that requests execution of methods contained in a second object and a third class of a limiter configured to limit access from the first object to the methods. The second manager loads a second class of the second object. The generator generates the second object from the second class upon receiving a generation request for generating the second object from the first object, generates the limiter from the second object and the third class, and transmits the limiter to the first object.

Abstract: A control device includes: a random number generating unit that generates a random number; a first setting unit that sets the random number in a first storage; a message creating unit that encrypts the random number using a public key of the administrative server and to create a request message to be transmitted to the administrative server; a timer starting unit that starts a timer; an activation unit that activates the system software; a timer canceling unit that accepts an interruption from the system software and cancels the timer; a message verifying unit that verifies the notification message from the administrative server using the public key and the random number; and a restart unit that restarts the system software while limiting the functions, in the case where the timer expires time or the verification fails.