摘要: 在高可靠、高安全的SOC及嵌入式系统的应用中，通常会由于外部复杂环境造成系统内存区出现代码段非法操作、内存非法访问、堆栈溢出、某一关键任务崩溃或者宕机等异常，造成系统运行的关键任务失效。为解决以上问题，本文以PPC460软核处理器为基础，设计了一种软硬件结合的安全防护技术，通过硬件限定内存的访问空间和权限，进而限定软件任务只能在特定的空间具有特定的操作权限，能够有效阻止系统内存和堆栈的非法访问。通过硬核化的关键任务快照与恢复技术对稳定态任务进行快照，当有关键任务受损后及时发现并恢复该任务的原始参数，来保障整个系统稳定的运行；同时辅以异常上传模块，可供软件进行异常分析。经实验验证本设计能够对内存保护区起到安全防护功能，同时通过注入故障，能够将原有稳定任务恢复并正常运行。

Abstract: In the application of highly reliable and secure SOC and embedded systems, it is common to encounter anomalies such as code segment illegal operations, memory illegal access, stack overflow, critical task crashes or crashes in the system memory area due to complex external environments, resulting in the failure of critical tasks during system operation. To solve the above problems, this article designs a security protection technology that combines software and hardware based on the PPC460 soft core processor. By limiting the access space and permissions of memory through hardware, software tasks can only have specific operation permissions in specific spaces, which can effectively prevent illegal access to system memory and stack. By using Hardware-based critical task snapshot and recovery techniques to snapshot stable tasks, when a critical task is damaged, the original parameters of the task can be detected and restored in a timely manner to ensure the stable operation of the entire system; At the same time, it is supplemented by an abnormal upload module, which can be used for software to conduct abnormal analysis. Through experimental verification, this design can provide security protection for the memory protection area, and by injecting faults, it can restore the original stable tasks and run them normally.