公开(公告)号：US20160026581A1

公开(公告)日：2016-01-28

申请号：US14367989

申请日：2013-12-17

申请人： Igor Muttik ,  Roman Dementiev ,  Alex Nayshtut ,  INTEL CORPORATION

发明人： Igor MUTTIK ,  Roman DEMENTIEV ,  Alex NAYSHTUT

IPC分类号： G06F12/14 ,  G06F21/60

CPC分类号： G06F12/14 ,  G06F12/1441 ,  G06F21/53 ,  G06F21/54 ,  G06F21/566 ,  G06F21/60

摘要： Technologies for detecting unauthorized memory accesses include a computing device having transactional memory support. The computing device executes a code segment identified as suspicious and detects a transactional abort during execution of the code segment. The computing device may execute a security support thread concurrently with the code segment that reads one or more monitored memory locations. A transactional abort may be caused by a read of the security support thread conflicting with a write from the code segment. The computing device may set a breakpoint within the code segment, and a transactional abort may be caused by execution of the code segment reaching the breakpoint. An abort handler determines whether a security event has occurred and reports the security event. The abort handler may determine whether the security event has occurred based on the cause of the transactional abort. Other embodiments are described and claimed.

摘要翻译： 用于检测未经授权的存储器访问的技术包括具有事务存储器支持的计算设备。 计算设备执行标识为可疑的代码段，并且在执行代码段期间检测事务中止。 计算设备可以与读取一个或多个监视的存储器位置的代码段同时执行安全支持线程。 事务中止可能是由安全支持线程读取与代码段的写入冲突引起的。 计算设备可以在代码段内设置断点，并且可能由执行到达断点的代码段引起事务中止。 中止处理程序确定是否发生安全事件并报告安全事件。 中止处理程序可以基于事务中止的原因来确定安全事件是否已经发生。 描述和要求保护其他实施例。

公开(公告)号：US20150278123A1

公开(公告)日：2015-10-01

申请号：US14228842

申请日：2014-03-28

申请人： Alex Nayshtut ,  Igor Muttik ,  Roman Dementiev

发明人： Alex Nayshtut ,  Igor Muttik ,  Roman Dementiev

IPC分类号： G06F12/14

CPC分类号： G06F21/00 ,  G06F9/467 ,  G06F9/48 ,  G06F12/1441 ,  G06F21/52 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566 ,  G06F2212/1016 ,  G06F2212/1052

摘要： Technologies for detecting unauthorized memory accesses include a computing device having transactional memory support. The computing device executes a transactional memory execution envelope within a security thread. Within the transactional envelope, the security thread reads one or more memory locations. The computing device detects a transactional abort originating from the transactional envelope, and determines whether a security event has occurred. A security event may include an unauthorized write to the monitored memory locations from outside the transactional envelope, including from non-transactional code. The computing device reports any security events that are detected. The computing device may execute several security threads that each monitor a different, non-overlapping memory location. The computing device may spawn a new security thread to monitor a memory location while a previous security thread is handling a transactional abort. Other embodiments are described and claimed.

摘要翻译： 用于检测未经授权的存储器访问的技术包括具有事务存储器支持的计算设备。 计算设备在安全线程内执行事务性存储器执行包络。 在事务包络内，安全线程读取一个或多个内存位置。 计算设备检测源自事务包络的事务中止，并确定是否发生了安全事件。 安全事件可能包括从事务信封之外的非监督存储器位置的非授权写入，包括非事务性代码。 计算设备报告检测到的任何安全事件。 计算设备可以执行几个安全线程，每个安全线程监视不同的，不重叠的存储器位置。 计算设备可以产生新的安全线程来监视存储器位置，同时先前的安全线程正在处理事务中止。 描述和要求保护其他实施例。

公开(公告)号：US20180095759A1

公开(公告)日：2018-04-05

申请号：US15282011

申请日：2016-09-30

申请人： Raanan Sade ,  Roman Dementiev ,  Ravi Rajwar ,  Ady Tal ,  Alex Gerber

发明人： Raanan Sade ,  Roman Dementiev ,  Ravi Rajwar ,  Ady Tal ,  Alex Gerber

IPC分类号： G06F9/30 ,  G06F12/0855 ,  G06F12/123 ,  G06F12/0875

CPC分类号： G06F9/30043 ,  G06F9/3838 ,  G06F9/466 ,  G06F9/467 ,  G06F12/0857 ,  G06F12/0862 ,  G06F12/0875 ,  G06F12/1027 ,  G06F12/12 ,  G06F12/123 ,  G06F2212/1024 ,  G06F2212/452 ,  G06F2212/6022

摘要： Suspendable load address tracking inside transactions is disclosed. An example processing device of implementations of the disclosure includes a transactional memory (TM) read set tracking component circuitry to identify a suspend read tracking instruction within a transaction executed by the processing device, mark load instructions occurring in the transaction subsequent to the identified suspend read tracking instruction with a suspend attribute, wherein the addresses corresponding to the marked load instructions are excluded from a read set maintained for the transaction, identify a resume read tracking instruction within the transaction, and stop marking the load instructions occurring subsequent to the identified resume read tracking instruction with the suspend attribute.

公开(公告)号：US20160283232A1

公开(公告)日：2016-09-29

申请号：US14671569

申请日：2015-03-27

申请人： Raanan Sade ,  Ryan L. Carlson ,  Larisa Novakovsky ,  Erik G. Hallnor ,  Ravi Rajwar ,  Roman Dementiev

发明人： Raanan Sade ,  Ryan L. Carlson ,  Larisa Novakovsky ,  Erik G. Hallnor ,  Ravi Rajwar ,  Roman Dementiev

IPC分类号： G06F9/30 ,  G06F9/38

CPC分类号： G06F9/30047 ,  G06F9/383 ,  G06F9/3834 ,  G06F9/3842 ,  G06F9/46

摘要： A processor includes a core and a prefetcher. The prefetcher includes logic to issue a request for data including a requested prefetch. The core includes logic to receive an indication of the request, determine whether the request is for a restricted region of memory, and, based upon whether the request is for the restricted region of memory, allow or deny the request.

摘要翻译： 处理器包括核心和预取器。 预取器包括发出对包括请求的预取的数据的请求的逻辑。 核心包括用于接收请求的指示的逻辑，确定请求是否是针对存储器的受限区域，以及基于该请求是针对该存储器的受限区域，允许还是拒绝该请求。

公开(公告)号：US20160188243A1

公开(公告)日：2016-06-30

申请号：US14670982

申请日：2015-03-27

申请人： Roman Dementiev ,  Igor Muttik ,  Alex Nayshtut

发明人： Roman Dementiev ,  Igor Muttik ,  Alex Nayshtut

IPC分类号： G06F3/06

摘要： Technologies for detecting unauthorized memory accesses include a computing device with a processor having transactional memory support. The computing device executes a security assistance thread that starts a transaction using the transactional memory support. Within the transaction, the security assistance thread writes arbitrary data to one or more monitored memory locations. The security assistance thread waits without committing the transaction. The security assistance thread may loop endlessly. The transactional memory support of the computing device detects a transactional abort caused by an external read of the monitored memory location. The computing device analyzes the transactional abort and determines whether a security event has occurred. The computing device performs a security response if a security event has occurred. The monitored memory locations may include memory-mapped operating system libraries, kernel data structures, executable images, or other memory structures that may be scanned by malicious software. Other embodiments are described and claimed.

摘要翻译： 用于检测未经授权的存储器访问的技术包括具有处理器的具有事务存储器支持的计算设备。 计算设备执行安全协助线程，该线程使用事务内存支持来启动事务。 在事务中，安全协助线程将任意数据写入一个或多个监视的内存位置。 安全协助线程等待而不提交事务。 安全协助线程可能无休止地循环。 计算设备的事务存储器支持检测由监视的存储器位置的外部读取引起的事务中止。 计算设备分析事务中止并确定安全事件是否发生。 如果发生安全事件，则计算设备执行安全响应。 所监视的存储器位置可以包括可被恶意软件扫描的存储器映射操作系统库，内核数据结构，可执行映像或其他存储器结构。 描述和要求保护其他实施例。

公开(公告)号：US06687878B1

公开(公告)日：2004-02-03

申请号：US09270255

申请日：1999-03-15

申请人： Zvika Eintracht ,  Alexander Ovsiankin ,  Roman Dementiev ,  Gil Sideman

发明人： Zvika Eintracht ,  Alexander Ovsiankin ,  Roman Dementiev ,  Gil Sideman

IPC分类号： G06F700

CPC分类号： G06Q10/10 ,  G06F17/241 ,  G06F17/30893 ,  H04L51/16 ,  H04N1/2179 ,  H04N2201/3245 ,  H04N2201/3277

摘要： A system for collaborative document annotation whereby notes (i.e. annotations) associated with a document, such as an image or text document, are stored in a notes database on a central notes server. The documents and associated annotations are treated independently from each other whereby separate data structures are created for the documents and for the associated annotations. A web server application on the server side functions to capture requests from one or more note client applications for creating, storing, editing and retrieving annotations related to specific documents stored on the notes server. On the client side, the notes client functions to display the document that the user wishes to annotate and provides the tools necessary to permit the user to create, edit, delete, retrieve and store notes. A synchronization process transmits the annotations generated by the user from the notes client to the notes server. In response, the notes server transmits back an acknowledgement along with any new notes that other notes clients may have posted since the last synchronization was performed thus enabling multiple notes clients to annotate a document asynchronously with respect to each other. When annotations are posted to the notes server by a notes client, the state of the annotation database is synchronized such that all other notes clients can retrieve the current, up to date annotations associated with a document.

摘要翻译： 用于协作文档注释的系统，其中与诸如图像或文本文档的文档相关联的笔记（即，注释）存储在中央笔记服务器上的笔记数据库中。 文档和相关注释被彼此独立地对待，从而为文档和相关联的注释创建单独的数据结构。 服务器端的Web服务器应用程序用于捕获来自一个或多个笔记客户端应用程序的请求，用于创建，存储，编辑和检索与备注服务器上存储的特定文档相关的注释。 在客户端，笔记客户端用于显示用户希望注释的文档，并提供允许用户创建，编辑，删除，检索和存储笔记所需的工具。 同步过程将用户生成的注释从笔记客户端发送到笔记服务器。 作为响应，笔记服务器从执行上一次同步以来发送回确认以及其他注释客户端可能已发布的任何新注释，从而使多个注释客户端能够相对于彼此异步地注释文档。 当注释由笔记客户端发布到笔记服务器时，注释数据库的状态将被同步，以便所有其他注释客户端可以检索与文档相关联的当前最新注释。

公开(公告)号：US20180004511A1

公开(公告)日：2018-01-04

申请号：US15201075

申请日：2016-07-01

申请人： ROMAN DEMENTIEV ,  KSHITIJ A. DOSHI

发明人： ROMAN DEMENTIEV ,  KSHITIJ A. DOSHI

IPC分类号： G06F9/30

CPC分类号： G06F9/3005 ,  G06F9/30018 ,  G06F9/30101 ,  G06F9/30145 ,  G06F9/3832 ,  G06F9/3842 ,  G06F9/3863 ,  G06F9/528

摘要： An apparatus and method are described for reentering a transactional sequence for hardware transactional memory. For example, one embodiment of a processor comprises: one or more cores to execute instructions and process data; execution circuitry within at least one of the cores to execute a transactional sequence of instructions; a mask value to identify a specified set of architectural state to be saved upon reaching a particular instruction within the transactional sequence of instructions; and a scratchpad memory within the execution circuitry to store the specified set of architectural state upon reaching the particular instruction within the sequence of instructions.

公开(公告)号：US20160180085A1

公开(公告)日：2016-06-23

申请号：US14581099

申请日：2014-12-23

申请人： Igor Muttik ,  Alex Nayshtut ,  Yuriy Bulygin ,  Andrew A. Furtak ,  Roman Dementiev

发明人： Igor Muttik ,  Alex Nayshtut ,  Yuriy Bulygin ,  Andrew A. Furtak ,  Roman Dementiev

IPC分类号： G06F21/56 ,  G06F9/46

CPC分类号： G06F9/467 ,  G06F12/1475 ,  G06F21/56 ,  G06F2212/1052

摘要： A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.

摘要翻译： 一种技术允许通过在处理器中使用事务内存支持来检查动态生成的代码的内存边界。 存储器边界检查包括创建输出代码，识别输出代码中的只读存储器区域并创建提供给安全监控线程的映射。 安全监视线程作为事务执行，并确定在输出代码中被监视线程的并行执行期间是否只向只读存储器区域发生事务冲突。

公开(公告)号：US06519050B1

公开(公告)日：2003-02-11

申请号：US09376549

申请日：1999-08-18

申请人： Zvika Eintracht ,  Roman Dementiev

发明人： Zvika Eintracht ,  Roman Dementiev

IPC分类号： G06K1500

CPC分类号： H04N1/6033 ,  H04N1/62

摘要： A client/server system for reading, measuring and displaying color density of documents located on a remote file system accessed over a WAN such as the Internet. The color density information displayed corresponds to specific coordinates of documents that are located on the remote image file servers. The invention provides means for reading, displaying and recording color density measurements of original digital images located on remote image file servers rather than representations of these digital images stored on the user's local computer or LAN. A web server application on the server side functions to capture measurement requests from one or more client applications for measuring, sending, recording and retrieving color density measurements related to specific positions of specific documents located on an image filer server. On the client side a client software application functions to display the document that the user wishes to read color density information from and provides the tools necessary to permit the user to measure, send, record and retrieve color density measurements. Additional information regarding spot colors and position in a digital color book can also be displayed as requested by the user. Further, the user can record the results of the color density measurement by pressing an annotation button in the color densitometer window. In response, a note containing the color values is created and placed over the document.

摘要翻译： 用于读取，测量和显示位于通过诸如因特网的WAN访问的远程文件系统上的文档的颜色浓度的客户端/服务器系统。 显示的颜色浓度信息对应于位于远程图像文件服务器上的文档的特定坐标。 本发明提供了用于读取，显示和记录位于远程图像文件服务器上的原始数字图像的颜色浓度测量的装置，而不是存储在用户本地计算机或LAN上的这些数字图像的表示。 服务器端的Web服务器应用程序用于捕获来自一个或多个客户应用程序的测量请求，用于测量，发送，记录和检索与位于图像文件服务器上的特定文档的特定位置相关的色彩浓度测量。 在客户端，客户端软件应用程序用于显示用户希望从中读取颜色密度信息的文档，并提供允许用户测量，发送，记录和检索颜色密度测量所需的工具。 关于专色和数字彩色书籍中的位置的附加信息也可以根据用户的要求显示。 此外，用户可以通过按压颜色浓度计窗口中的注释按钮来记录颜色浓度测量的结果。 作为响应，包含颜色值的注释被创建并放置在文档上。