-
公开(公告)号:US20190042477A1
公开(公告)日:2019-02-07
申请号:US16023661
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Abhishek Basak , David M. Durham
IPC: G06F12/14 , G06F12/0831 , G06F13/28 , G06F21/78 , G06F21/60
Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
-
公开(公告)号:US20190042453A1
公开(公告)日:2019-02-07
申请号:US16024072
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: Abhishek Basak , Arun Kanuparthi , Nagaraju N. Kodalapura , Jason M. Fung
IPC: G06F12/0891
Abstract: A system may include a processor and a memory, the processor having at least one cache. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line may include several bits for storing information, including at least a “shared” bit to indicate whether the cache line is shared between different processes being executed by the processor. The example cache may also include shared cache line detection and eviction logic. During normal operation, the cache logic may monitor for a context switch (i.e., determine if the processor is switching from executing instructions for a first process to executing instructions for a second process). Upon a context switch, the cache logic may evict the shared cache lines (e.g., the cache lines with a shared bit of 1). Due to the nature of cache-timing side-channel attacks, this eviction of shared cache lines may prevent attackers utilizing such attacks from gleaning meaningful information.
-
公开(公告)号:US20180183574A1
公开(公告)日:2018-06-28
申请号:US15392324
申请日:2016-12-28
Applicant: Intel Corporation
Inventor: Santosh Ghosh , Manoj R. Sastry , Jesse R. Walker , Ravi L. Sahita , Abhishek Basak , Vedvyas Shanbhogue , David M. Durham
Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.
-
公开(公告)号:US12248561B2
公开(公告)日:2025-03-11
申请号:US17485421
申请日:2021-09-25
Applicant: Intel Corporation
Inventor: Vedvyas Shanbhogue , Ravi Sahita , Utkarsh Y KAKAIYA , Abhishek Basak , Lee Albion , Filip Schmole , Rupin Vakharwala , Vinit M Abraham , Raghunandan Makaram
Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.
-
公开(公告)号:US12032486B2
公开(公告)日:2024-07-09
申请号:US17560360
申请日:2021-12-23
Applicant: Intel Corporation
Inventor: Abhishek Basak , Santosh Ghosh , Michael D. LeMay , David M. Durham
IPC: G06F12/1027 , G06F9/38
CPC classification number: G06F12/1027 , G06F9/3818 , G06F2212/68
Abstract: In one embodiment, a processor includes circuitry to decode an instruction referencing an encoded data pointer that includes a set of plaintext linear address bits and a set of encrypted linear address bits. The processor also includes circuitry to perform a speculative lookup in a translation lookaside buffer (TLB) using the plaintext linear address bits to obtain physical address, buffer a set of architectural predictor state values based on the speculative TLB lookup, and speculatively execute the instruction using the physical address obtained from the speculative TLB lookup. The processor also includes circuitry to determine whether the speculative TLB lookup was correct and update a set of architectural predictor state values of the core using the buffered architectural predictor state values based on a determination that the speculative TLB lookup was correct.
-
Patent Agency Ranking
公开(公告)号:US20230205562A1
公开(公告)日:2023-06-29
申请号:US17560251
申请日:2021-12-23
Applicant: Intel Corporation
Inventor: Abhishek Basak , Vedvyas Shanbhogue , Rajesh Sankaran , Rupin Vakharwala , Utkarsh Y. Kakaiya , Eric Geisler , Ravi Sahita
CPC classification number: G06F9/45558 , G06F13/4221 , G06F2009/45587 , G06F2009/45583 , G06F2009/45579 , G06F2213/0026
Abstract: Systems, methods, and apparatuses for implementing input/output extensions for trust domains are described. In one example, a hardware processor includes a hardware processor core comprising a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain with a region of protected memory, and input/output memory management unit (IOMMU) circuitry coupled between the hardware processor core and an input/output device, wherein the IOMMU circuitry is to, for a request from the input/output device for a direct memory access of a protected memory of a trust domain, allow the direct memory access in response to a field in the request being set to indicate the input/output device is in a trusted computing base of the trust domain.
-
公开(公告)号:US11593529B2
公开(公告)日:2023-02-28
申请号:US16687561
申请日:2019-11-18
Applicant: Intel Corporation
Inventor: Vedvyas Shanbhogue , Utkarsh Y. Kakaiya , Ravi Sahita , Abhishek Basak , Pradeep Pappachan , Erdem Aktas
Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.
-
公开(公告)号:US11567878B2
公开(公告)日:2023-01-31
申请号:US17132010
申请日:2020-12-23
Applicant: Intel Corporation
Inventor: Abhishek Basak , Erdem Aktas
Abstract: An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.
-
公开(公告)号:US20220207154A1
公开(公告)日:2022-06-30
申请号:US17134333
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Richard Winterton , Mohammad Reza Haghighat , Asit Mallick , Alaa Alameldeen , Abhishek Basak , Jason W. Brandt , Michael Chynoweth , Carlos Rozas , Scott Constable , Martin Dixon , Matthew Fernandez , Fangfei Liu , Francis McKeen , Joseph Nuzman , Gilles Pokam , Thomas Unterluggauer , Xiang Zou
Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.
-
公开(公告)号:US20220207148A1
公开(公告)日:2022-06-30
申请号:US17134345
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Carlos Rozas , Fangfei Liu , Xiang Zou , Francis McKeen , Jason W. Brandt , Joseph Nuzman , Alaa Alameldeen , Abhishek Basak , Scott Constable , Thomas Unterluggauer , Asit Mallick , Matthew Fernandez
Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.
-
-
-
-
-
-
-
-
-
Search Results
59
records
(took 0.033 seconds)
