Network communication has become ubiquitous in business and personal affairs alike. However, the massive volume of messages, emails, and files accessed and transmitted daily has proven to be fertile breeding grounds for malware, i.e., malicious data and code that can spread and cause damage to computer systems and data. Preventing the spread of malware and/or stopping malware from causing damage have been pressing issues for system administrators and users alike,
For many computer systems, some type of scanning and/or content filtering arrangements have proven to be effective in reducing and/or eliminating the threat posed by malware. Scanning and/or content filtering have also been employed to implement data security policies and/or business policies with regarded to the information exchanged. By way of example, scanning and/or content filtering have been employed to limit reading and/or writing access to certain files, to route documents to appropriate destinations, etc.
Scanning and/or content filtering, while being highly effective, suffers one drawback. Unfortunately, scanning and/or filtering data consumes a large amount of processing and memory resources on the part of the system that performs such scanning and/or filtering. This is because scanning/filtering may employ highly sophisticated pattern recognition and other intelligent algorithms, most of which are highly resource intensive. If the computer system that performs such scanning and/or filtering is also employed to perform other tasks, the overall system performance across suffers. Yet, end-to-end security can be assured only if every computer in the communication path is afforded protection via scanning and/or filtering.
Even if faster processors are employed, the operating system remains a bottleneck for performance since all computing tasks, including the scanning and/or filtering of data, are handled by the operating system. Scanning/filtering may be performed on separate logic, using for example a FPGA board (Field Programmable Gate Array board) to offload the computing tasks from the CPU. However, the multiple computing tasks executed on the CPU and the FPGAs still all access the system memory (e.g., DRAM memory) through the system's memory controller. If the system's memory controller is performing memory accesses for scanning/filtering tasks, the memory controller defers servicing memory access requests from other tasks. Accordingly, performance still suffers even if the CPU is, not overburdened with scanning/filtering tasks.
In view of the foregoing, there are desired improved systems and methods for managing memory accesses on a FPGA board, which allows tasks to be offloaded from the system's CPU and results in improved system performance.