Rockwell Automation 1785-Lx6B,D17856.5.13 MNL. PLC-5 PROTECTED PROCESSOR User Manual

Chapter 3
Configuring DTE Protection

3-7

Indexed Addressing

Because indexed addressing lets the end user determine the effective data-
table address at run time by manipulating the status-file index word (S:24)
location in ladder program, another risk could exist. When DTEP is enabled
and the end user does not have the ability to modify privileges, the protected
processor screens for indexed addressing and prevents insertion if the file
number addressed intersects with any of the protected ranges in the DTEP
file. If a protection violation occurs, the request is rejected, an error code
(

Data

Table

Element

Protection

Violation

) is returned, and

minor-fault bit S:17/11 is set.

Since the processor does not prevent the overrunning of data-table file
boundaries through the use of indexed addressing, a small security risk does
still exist with this screening. While this screening mechanism checks to
make sure that no protected elements exist in the addressed file, the
mechanism cannot check for the possibility of overwriting a protected
element in subsequent files since it has no way of knowing:

•

how many data-table files the indexed instruction might possibly affect
during execution

•

what the value of the .POS field of the control structure will be at
execution time

Important: Make sure that your index-addressed instructions do not exceed
the file boundary.

Writing Data to Memory through the Coprocessor Port

The products using the coprocessor port use two raw data-transfer
mechanisms that do not fall under the current passwords and privileges
functionality. Therefore, any coprocessor is prevented from writing raw
data to processor memory when the DTEP mechanism is enabled. The
override privilege, Modify Privileges, has no effect in this case because
there are no privileges associated with the coprocessor port’s raw
data-transfer mechanisms.

On detecting a raw-data transfer request that causes a protection violation,
the processor responds by setting a fault flag back to the coprocessor and
setting major fault “Channel 3 Device Fault” (bit 6) in the processor with a
fault code of

COPRO

Transfer

Not

Valid

with

Data

Table

Element

Protection

Invoked

(106).

Screened commands coming through the coprocessor port are screened
according to the rules of the standard DTEP mechanism.

Importing and Exporting ASCII Files

Because of the data-protection issues that the protected processor is designed
to address, you cannot use the 6200 Series programming software’s ASCII
processor memory import or export functions on a protected processor
memory file.