Protection against cache poisoning
First Claim
1. A system for protecting computers against cache poisoning, the system comprising:
- one or more processors;
a memory accessible by at least one of the processors;
a cache-entity table configured to maintain a plurality of associations between a plurality of data caches and a plurality of entities, wherein each of said data caches is associated with a different one of said entities; and
a cache manager configured toreceive data that is associated with any of said entities and store said received data in any of said data caches that said cache-entity table indicates is associated with said entity;
receive a data request from any of said entities and retrieve said requested data from any of said data caches that said cache-entity table indicates is associated with said requesting entity;
identify any entry that appears in at least a predefined number of said data caches, and move said identified entry from said data caches to a global cache, said global cache separate from said data caches, wherein subsequent data requests for said identified entry are satisfied by retrieving said identified entry directly from said global cache; and
wherein any of said cache-entity table and cache manager are implemented in either of computer hardware and computer software embodied in a computer-readable medium.
1 Assignment
0 Petitions
Accused Products
Abstract
Protecting computers against cache poisoning, including a cache-entity table configured to maintain a plurality of associations between a plurality of data caches and a plurality of entities, where each of the caches is associated with a different one of the entities, and a cache manager configured to receive data that is associated with any of the entities and store the received data in any of the caches that the cache-entity table indicates is associated with the entity, and receive a data request that is associated with any of the entities and retrieve the requested data from any of the caches that the cache-entity table indicates is associated with the requesting entity, where any of the cache-entity table and cache manager are implemented in either of computer hardware and computer software embodied in a computer-readable medium.
-
Citations
10 Claims
-
1. A system for protecting computers against cache poisoning, the system comprising:
-
one or more processors; a memory accessible by at least one of the processors; a cache-entity table configured to maintain a plurality of associations between a plurality of data caches and a plurality of entities, wherein each of said data caches is associated with a different one of said entities; and a cache manager configured to receive data that is associated with any of said entities and store said received data in any of said data caches that said cache-entity table indicates is associated with said entity; receive a data request from any of said entities and retrieve said requested data from any of said data caches that said cache-entity table indicates is associated with said requesting entity; identify any entry that appears in at least a predefined number of said data caches, and move said identified entry from said data caches to a global cache, said global cache separate from said data caches, wherein subsequent data requests for said identified entry are satisfied by retrieving said identified entry directly from said global cache; and wherein any of said cache-entity table and cache manager are implemented in either of computer hardware and computer software embodied in a computer-readable medium. - View Dependent Claims (2, 3, 4)
-
-
5. A method for protecting computers against cache poisoning, the method comprising:
-
maintaining, in a cache-entity table, a plurality of associations between a plurality of data caches and a plurality of entities, wherein each of said data caches is associated with a different one of said entities; receiving data that is associated with any of said entities; storing said received data in any of said data caches that said cache-entity table indicates is associated with said entity; receiving a data request from any of said entities; retrieving said requested data from any of said data caches that said cache-entity table indicates is associated with said requesting entity; and identifying any entry that appears in at least a predefined number of said data caches, and moving said identified entry from said data caches to a global cache, said global cache separate from said data caches, wherein subsequent data requests for said identified entry are satisfied by retrieving said identified entry directly from said global cache. - View Dependent Claims (6)
-
-
7. A method for protecting computers against cache poisoning, the method comprising:
-
maintaining, in a cache-entity table, a plurality of associations between a plurality of data caches and a plurality of entities, wherein each of said data caches is associated with a different one of said entities; receiving data that is associated with any of said entities; storing said received data in any of said data caches that said cache-entity table indicates is associated with said entity; identifying any entry that appears in at least a predefined number of said data caches; moving said entry from said data caches to a global cache, said global cache separate from said data caches; receiving a data request from any of said entities; satisfying said data request by retrieving said requested data directly from said global cache if said requested data is in said global cache; and in response to determining that said requested data is not in said global cache, retrieving said requested data from any of said data caches that said cache-entity table indicates is associated with said requesting entity. - View Dependent Claims (8)
-
-
9. A computer program product for protecting computers against cache poisoning, the computer program product comprising:
-
a computer readable storage medium; and computer program instructions operative to maintain, in a cache-entity table, a plurality of associations between a plurality of data caches and a plurality of entities, wherein each of said data caches is associated with a different one of said entities; receive data that is associated with any of said entities; store said received data in any of said data caches that said cache-entity table indicates is associated with said entity; identify any entry that appears in at least a predefined number of said data caches; move said entry from said data caches to a global cache, said global cache separate from said data caches; receive a data request from any of said entities; satisfy said data request by retrieving said requested data directly from said global cache if said requested data is in said global cache; and retrieve said requested data from any of said data caches that said cache-entity table indicates is associated with said requesting entity if said requested data is not in said global cache, wherein said program instructions are stored on said computer readable storage medium. - View Dependent Claims (10)
-
Specification