US 12,147,528 B2
Coherence-based attack detection
Irina Calciu, Palo Alto, CA (US); Andreas Nowatzyk, San Jose, CA (US); and Pratap Subrahmanyam, Saratoga, CA (US)
Assigned to VMware LLC, Palo Alto, CA (US)
Filed by VMware, Inc., Palo Alto, CA (US)
Filed on Jul. 22, 2021, as Appl. No. 17/383,342.
Prior Publication US 2023/0022096 A1, Jan. 26, 2023
Int. Cl. G06F 21/52 (2013.01); G06F 9/455 (2018.01); G06F 12/0815 (2016.01); G06F 12/0891 (2016.01); G06F 21/55 (2013.01)
CPC G06F 21/52 (2013.01) [G06F 9/45558 (2013.01); G06F 12/0815 (2013.01); G06F 12/0891 (2013.01); G06F 21/556 (2013.01); G06F 2009/45587 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of detecting a security threat in a computer system while an application program is executed on a processor of the computer system, the method comprising:
moving all data pages of the application program that are stored in a local memory of the processor into a local memory of a device that is connected to the processor via a coherence interconnect;
during execution of the application program by the processor, monitoring the coherence interconnect by the device, for requests to access cache lines of the data pages, and storing by the device, addresses of the accessed cache lines in a buffer; and
determining by the processor whether a security threat exists based on contents of the buffer.