Apparatus and method for providing secure execution environment for NPU

What is claimed is: 1. An electronic device comprising: a System on Chip (SoC) comprising a processor configured to control the SoC and a neural processing unit (NPU); and a memory comprising an enclave page cache (EPC), in which a validation table is stored, and at least one NPU enclave, wherein the NPU enclave and the EPC have a trusted execution environment (TEE), the TEE isolated from an execution environment in which system software of the processor is executed. 2. The electronic device of claim 1 , wherein the SoC further comprises: an access controller configured to determine whether a program requesting access to the NPU enclave is a program that may access the NPU enclave, based on the validation table. 3. The electronic device of claim 2 , wherein, in an address translation process performed by an input/output memory management unit (IOMMU) of the NPU, when an NPU enclave identification (ID) of the program is not the same as an NPU enclave ID included in the validation table, the access controller blocks the access of the program. 4. The electronic device of claim 1 , wherein the SoC further comprises: a memory protection engine configured to perform a counter mode encryption/decryption operation and to validate integrity of data by constructing a tree for the at least one NPU enclave. 5. The electronic device of claim 4 , wherein the memory protection engine is configured to perform the counter mode encryption/decryption operation at a different granularity according to a machine learning method executed in the NPU. 6. The electronic device of claim 4 , wherein the validation table comprises a read-only identification (ID) bit indicating whether data is read-only data, and the memory protection engine is configured to perform the counter mode encryption/decryption operation by setting a counter value to 1, when it is determined that the data is the read-only data. 7. The electronic device of claim 1 , wherein the SoC further comprises a channel buffer connecting the processor with the NPU. 8. The electronic device of claim 7 , wherein the processor comprises a processor enclave, which is a region having the TEE and the processor enclave is configured to execute an NPU driver, and the NPU driver is configured to grant a right to use the channel buffer to a trusted application that requests to use the NPU. 9. An operating method of a System on Chip (SoC) comprising a processor configured to control the SoC and a neural processing unit (NPU), the method comprising: transmitting, by the processor, data from at least one NPU enclave included in an external memory to an internal memory included in the SoC; performing, by the NPU, an NPU operation, based on the data; and transmitting a result of the NPU operation to the external memory, wherein the at least one NPU enclave has a trusted execution environment (TEE), the TEE isolated from an execution environment in which system software of the processor is executed. 10. The method of claim 9 , further comprising: determining whether a program requesting access to the at least one NPU enclave is a program that may access the at least one NPU enclave, based on a validation table stored in an enclave page cache (EPC) included in the external memory; and controlling access of the program to the at least one NPU enclave based on the determination. 11. The method of claim 10 , wherein the controlling of the access of the program to the at least one NPU enclave comprises blocking the access of the program when an NPU enclave identification (ID) of the program is not the same as an NPU enclave ID included in the validation table. 12. The method of claim 9 , wherein the transmitting the data comprises: performing a counter mode decryption operation on the data transmitted from the external memory to the internal memory; and validating integrity of the data by constructing a tree for the at least one NPU enclave. 13. The method of claim 12 , wherein the performing the counter mode decryption operation comprises setting a counter value to 1 when it is determined that the data is read-only data. 14. The method of claim 12 , wherein the performing of the counter mode decryption operation comprises performing the counter mode decryption operation at a different granularity according to a machine learning method executed by the NPU. 15. The method of claim 9 , wherein the transmitting of the external memory comprises performing a counter mode encryption operation based on the result of the NPU operation, and the performing of the counter mode encryption operation comprises performing the counter mode encryption operation at a different granularity according to a machine learning method executed in the NPU. 16. The method of claim 9 , further comprising: communicating between the processor and the NPU through a channel buffer connecting the processor with the NPU. 17. The method of claim 16 , wherein the processor comprises a processor enclave, which is a region having the TEE and the processor enclave is configured to execute an NPU driver, wherein the communicating through the channel buffer comprises granting, by executing the NPU driver, a right to use the channel buffer to a trusted application that requests to use the NPU. 18. An operating method of a System on Chip (SoC) comprising a processor configured to control the SoC and a neural processing unit (NPU), the method comprising: controlling access of a program to an NPU enclave; and performing a counter mode encryption/decryption operation, wherein the NPU enclave is a region of a memory, which is used by the NPU, the NPU enclave having a trusted execution environment (TEE), the TEE isolated from an execution environment in which system software of the processor is executed. 19. The method of claim 18 , wherein the controlling of the access of the program to the NPU enclave comprises determining whether the program is a program that may access the NPU enclave, based on a validation table stored in an enclave page cache (EPC) included in the memory. 20. The method of claim 18 , wherein the performing of the counter mode encryption/decryption operation comprises validating integrity of data included in the NPU enclave by constructing a tree for the NPU enclave.