The invention relates to the protection of data stored in a computer, and more particularly to data which has been imported from an outside source.
Shared memory may be used to communicate between two or more concurrently running jobs or threads. One program creates a memory segment which other processes may access.
Shared memory may be exploited for leaking data. xe2x80x9cLeaking dataxe2x80x9d as used herein means transferring data out of a system in which it is desired to have the data secured. A data leak may occur if a process writes information to a shared memory location and another process accesses the information from that location.
It is known to lock shared memory, usually to avoid processes accessing data out of sequence to ensure use of only updated shared data. Access to shared memory space is prohibited during use by a first process and thereafter unlocked to allow processes sharing the space access to updated data. Memory locking as known in the art is not a solution to data leakage. Accordingly, where data security is important, there is a need to limit data leakage from shared memory.
The invention discloses a shared memory blocking method particularly applicable to a system in which protected data is transmitted to a recipient computer. An illustrative embodiment of the invention comprises reserving a memory page for a requesting application, committing a memory page to the requesting application""s address space, which call may be made by the process providing the page reserve call or by a subsequent process, and providing security checks to complete the requests. The security checks may include determining whether the process is secured by consulting a secured process list and determining whether the page is shared by consulting a shared memory list.
Further disclosed are a shared memory blocking system, secured data transmission system, computer readable-medium programmed to block shared memory and computer configured to block shared memory.