LOW-OVERHEAD DETECTION OF UNAUTHORIZED MEMORY MODIFICATION USING TRANSACTIONAL MEMORY
First Claim
1. A computing device for detecting unauthorized memory accesses, the computing device comprising:
- a security thread dispatch module to start a security thread; and
a security thread module to;
start a transactional memory envelope within the security thread;
access a monitored memory location within the transactional memory envelope;
detect a transactional abort in response to the access of the monitored memory location;
determine whether a security event has occurred in response to detection of the transactional abort, the security event indicative of an unauthorized write to the monitored memory location that originates from outside of the transactional memory envelope; and
report the security event in response to a determination that the security event has occurred.
8 Assignments
0 Petitions
Accused Products
Abstract
Technologies for detecting unauthorized memory accesses include a computing device having transactional memory support. The computing device executes a transactional memory execution envelope within a security thread. Within the transactional envelope, the security thread reads one or more memory locations. The computing device detects a transactional abort originating from the transactional envelope, and determines whether a security event has occurred. A security event may include an unauthorized write to the monitored memory locations from outside the transactional envelope, including from non-transactional code. The computing device reports any security events that are detected. The computing device may execute several security threads that each monitor a different, non-overlapping memory location. The computing device may spawn a new security thread to monitor a memory location while a previous security thread is handling a transactional abort. Other embodiments are described and claimed.
22 Citations
22 Claims
-
1. A computing device for detecting unauthorized memory accesses, the computing device comprising:
-
a security thread dispatch module to start a security thread; and a security thread module to; start a transactional memory envelope within the security thread; access a monitored memory location within the transactional memory envelope; detect a transactional abort in response to the access of the monitored memory location; determine whether a security event has occurred in response to detection of the transactional abort, the security event indicative of an unauthorized write to the monitored memory location that originates from outside of the transactional memory envelope; and report the security event in response to a determination that the security event has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for detecting unauthorized memory accesses, the method comprising:
-
starting, by a computing device, a security thread; starting, by the computing device, a transactional memory envelope within the security thread; accessing, by the computing device, a monitored memory location within the transactional memory envelope; detecting, by the computing device, a transactional abort in response to accessing the monitored memory location; determining, by the computing device, whether a security event has occurred in response to detecting the transactional abort, the security event indicative of an unauthorized write to the monitored memory location originating from outside of the transactional memory envelope; and reporting, by the computing device, the security event in response to determining the security event has occurred. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
-
start a security thread; start a transactional memory envelope within the security thread; access a monitored memory location within the transactional memory envelope; detect a transactional abort in response to accessing the monitored memory location; determine whether a security event has occurred in response to detecting the transactional abort, the security event indicative of an unauthorized write to the monitored memory location originating from outside of the transactional memory envelope; and report the security event in response to determining the security event has occurred. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification