Content-addressable memory based enforcement of configurable policies

Berg, Michael J

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Content-addressable memory based enforcement of configurable policies

Abstract

A monitoring device for monitoring transactions on a bus includes content-addressable memory ("CAM") and a response policy unit. The CAM includes an input coupled to receive a bus transaction tag based on bus traffic on the bus. The CAM stores data tags associated with rules of a security policy to compare the bus transaction tag to the data tags. The CAM generates an output signal indicating whether one or more matches occurred. The response policy unit is coupled to the CAM to receive the output signal from the CAM and to execute a policy action in response to the output signal.

Inventors:: Berg, Michael J

Issue Date:: Tue May 06 00:00:00 EDT 2014

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1130455

Patent Number(s):: 8719925

Application Number:: 12/546,740

Assignee:: Sandia Corporation (Albuquerque, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F16/90344 - {by using string matching techniques}
G06F21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
G06F21/55 - Detecting local intrusion or implementing counter-measures
G06F21/554 - {involving event detection and direct action}
G06F21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F21/561 - {Virus type analysis}
G06F21/566 - {Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities}
G06F21/567 - {using dedicated hardware}
G06F21/70 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
G06F21/85 - interconnection devices, e.g. bus-connected or in-line devices
G06F2221/2101 - Auditing as a secondary aspect

Show less

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2009 Aug 25

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Berg, Michael J. Content-addressable memory based enforcement of configurable policies.  United States: N. p., 2014. 
        Web.

Copy to clipboard


                    Berg, Michael J. Content-addressable memory based enforcement of configurable policies.  United States.

Copy to clipboard


                    Berg, Michael J. Tue .  
        "Content-addressable memory based enforcement of configurable policies".  United States.  https://www.osti.gov/servlets/purl/1130455.

Copy to clipboard


                    
@article{osti_1130455,

  title        = {Content-addressable memory based enforcement of configurable policies},

  author       = {Berg, Michael J},

  abstractNote = {A monitoring device for monitoring transactions on a bus includes content-addressable memory ("CAM") and a response policy unit. The CAM includes an input coupled to receive a bus transaction tag based on bus traffic on the bus. The CAM stores data tags associated with rules of a security policy to compare the bus transaction tag to the data tags. The CAM generates an output signal indicating whether one or more matches occurred. The response policy unit is coupled to the CAM to receive the output signal from the CAM and to execute a policy action in response to the output signal.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue May 06 00:00:00 EDT 2014},

  month        = {Tue May 06 00:00:00 EDT 2014}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

System for protecting unauthorized memory accesses by comparing base memory address with mask bits and having attribute bits for identifying access operational mode and type
patent, April 1996

Gillespie, Byron R.; Garbus, Elliot; Kahn, Mitchell
US Patent Document 5,513,337
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/5513337

Apparatus for live bus insertion of add-on devices
patent, June 1996

Bowman, Michael
US Patent Document 5,530,810
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/5530810

Content addressable memory device
patent, February 2004

Pereira, Jose Pio; Rathnavelu, Sunder R.; Beraha, Rodolfo G.
US Patent Document 6,697,276
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6697276

Integrated circuit device with electronically accessible device identifier
patent, May 2007

Nataraj, Bindiganavale S.
US Patent Document 7,215,004
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7215004

Processor based system and method for virus detection
patent-application, January 2005

Das, Kaustibh; Elgebaly, Hani
US Patent Application 10/612763; 20050005153
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20050005153

CAM memory architecture and a method of forming and operating a device according to a CAM memory architecture
patent-application, June 2005

Kaginele, Sathya P.
US Patent Application 11/034720; 20050138280
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20050138280

Attack Prevention Techniques
patent-application, December 2009

Wang, Sheng-Yih; Talmor, Ron
US Patent Application 11/616209; 20090300759
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20090300759

Integrating cache coherence protocols for heterogeneous multiprocessor system. Part 2
journal, September 2004

Suh, T.; Lee, H. -H. S.; Blough, D. M.
IEEE Micro, Vol. 24, Issue 5
https://doi.org/10.1109/MM.2004.50

Packet classification on multiple fields
journal, October 1999

Gupta, Pankaj; McKeown, Nick
ACM SIGCOMM Computer Communication Review, Vol. 29, Issue 4
https://doi.org/10.1145/316194.316217

A hardware-based memory acquisition procedure for digital investigations
journal, February 2004

Carrier, Brian D.; Grand, Joe
Digital Investigation, Vol. 1, Issue 1, p. 50-60
https://doi.org/10.1016/j.diin.2003.12.001

Works referencing / citing this record:

Mock attack cybersecurity training system and methods
patent, January 2017

Sadeh-Koniecpol, Norman; Wescoe, Kurt; Brubaker, Jason
US Patent Document 9,558,677
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9558677

Context-aware training systems, apparatuses, and methods
patent, January 2017

Sadeh-Koniecpol, Norman; Wescoe, Kurt; Brubaker, Jason
US Patent Document 9,547,998
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9547998

Software network behavior analysis and identification system
patent, October 2016

Davis, Aaron; Aldrich, Timothy M.; Bialek, Matthew S.
US Patent Document 9,479,521
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9479521

Systems and methods of analyzing a software component
patent, July 2016

Kospiah, Shaun; Grubel, Brian C.; Snare, Brett W.
US Patent Document 9,396,082
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9396082

Systems and methods of analyzing a software component
patent, May 2016

Kirk, Terrance J.; Bialek, Matthew S.; Kospiah, Shaun
US Patent Document 9,336,025
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9336025

Systems and methods of analyzing a software component
patent, March 2016

Kirk, Terrance J.; Bialek, Matthew S.; Kospiah, Shaun
US Patent Document 9,280,369
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9280369

Trust verification of a computing platform using a peripheral device
patent, February 2015

Quinn, Rian; Torrey, Jacob
US Patent Document 8,966,642
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8966642

Similar Records in DOE Patents and OSTI.GOV collections:

Mapping virtual addresses to different physical addresses for value disambiguation for thread memory access requests

Patent Gala, Alan; Ohmacht, Martin

A multiprocessor system includes nodes. Each node includes a data path that includes a core, a TLB, and a first level cache implementing disambiguation. The system also includes at least one second level cache and a main memory. For thread memory access requests, the core uses an address associated with an instruction format of the core. The first level cache uses an address format related to the size of the main memory plus an offset corresponding to hardware thread meta data. The second level cache uses a physical main memory address plus software thread meta data to store the memorymore » « less
Full Text Available
Low-overhead mechanism to detect address faults in ECC-protected memories

Patent Kwon, Kon-Woo; Kozhikkottu, Vivek; Somasekhar, Dinesh

Embodiments are generally directed to a low-overhead mechanism to detect address faults in ECC-protected memories. An embodiment of an apparatus includes a memory array; an error correction code (ECC) encoder for the memory array to encode ECC values based on a data value and a respective address value for the data value; and an ECC decoder for the memory array to decode ECC values that are based on data values and respective addresses for the data values; wherein the apparatus is to detect and correct an error in an address value based on an ECC value, address value, and datamore » value stored in the memory. « less
Full Text Available
Logical memory address regions

Patent Farmahini-Farahani, Amin; Roberts, David A.

Systems, apparatuses, and methods for implementing logical memory address regions in a computing system. The physical memory address space of a computing system may be partitioned into a plurality of logical memory address regions. Each logical memory address region may be dynamically configured at run-time to meet changing application needs of the system. Each logical memory address region may also be configured separately from the other logical memory address regions. Each logical memory address region may have associated parameters that identify region start address, region size, cell-level mode, physical-to-device mapping scheme, address masks, access permissions, wear-leveling data, encryption settings, andmore » « less
Full Text Available
Memory controller that forces prefetches in response to a present row address change timing constraint

Patent Ranjan, Ashish; Kozhikkottu, Vivek

An apparatus having a memory controller is described. The memory controller includes prefetch circuitry to prefetch, from a memory, data having a same row address in response to the memory controller's servicing of its request stream being stalled because of a timing constraint that prevents a change in row address. The memory controller also includes a cache to cache the prefetched data. The memory controller also includes circuitry to compare addresses of read requests in the memory controller's request stream against respective addresses of the prefetched data in the cache and to service those of the requests in the memorymore » « less
Full Text Available
Per-page control of physical address space distribution among memory modules

Patent Jayasena, Nuwan S.; Kim, Hyojong; Kim, Hyesoon

Systems, apparatuses, and methods for implementing per-page control of physical address space distribution among memory modules are disclosed. A computing system includes a plurality of processing units coupled to a plurality of memory modules. A determination is made as to which physical address space distribution granularity to implement for physical memory pages allocated for a first data structure. The determination can be made on a per-data-structure basis (e.g., file, page, block, etc.) or on a per-application-basis. A physical address space distribution granularity is encoded as a property of each physical memory page allocated for the first data structure, and physicalmore » « less
Full Text Available

Similar Records

Title: Content-addressable memory based enforcement of configurable policies

Abstract

Citation Formats

System for protecting unauthorized memory accesses by comparing base memory address with mask bits and having attribute bits for identifying access operational mode and type patent, April 1996

Apparatus for live bus insertion of add-on devices patent, June 1996

Content addressable memory device patent, February 2004

Integrated circuit device with electronically accessible device identifier patent, May 2007

Processor based system and method for virus detection patent-application, January 2005

CAM memory architecture and a method of forming and operating a device according to a CAM memory architecture patent-application, June 2005

Attack Prevention Techniques patent-application, December 2009

Integrating cache coherence protocols for heterogeneous multiprocessor system. Part 2 journal, September 2004

Packet classification on multiple fields journal, October 1999

A hardware-based memory acquisition procedure for digital investigations journal, February 2004

Mock attack cybersecurity training system and methods patent, January 2017

Context-aware training systems, apparatuses, and methods patent, January 2017

Software network behavior analysis and identification system patent, October 2016

Systems and methods of analyzing a software component patent, July 2016

Systems and methods of analyzing a software component patent, May 2016

Systems and methods of analyzing a software component patent, March 2016

Trust verification of a computing platform using a peripheral device patent, February 2015

System for protecting unauthorized memory accesses by comparing base memory address with mask bits and having attribute bits for identifying access operational mode and type
patent, April 1996

Apparatus for live bus insertion of add-on devices
patent, June 1996

Content addressable memory device
patent, February 2004

Integrated circuit device with electronically accessible device identifier
patent, May 2007

Processor based system and method for virus detection
patent-application, January 2005

CAM memory architecture and a method of forming and operating a device according to a CAM memory architecture
patent-application, June 2005

Attack Prevention Techniques
patent-application, December 2009

Integrating cache coherence protocols for heterogeneous multiprocessor system. Part 2
journal, September 2004

Packet classification on multiple fields
journal, October 1999

A hardware-based memory acquisition procedure for digital investigations
journal, February 2004

Mock attack cybersecurity training system and methods
patent, January 2017

Context-aware training systems, apparatuses, and methods
patent, January 2017

Software network behavior analysis and identification system
patent, October 2016

Systems and methods of analyzing a software component
patent, July 2016

Systems and methods of analyzing a software component
patent, May 2016

Systems and methods of analyzing a software component
patent, March 2016

Trust verification of a computing platform using a peripheral device
patent, February 2015