公开(公告)号：US20220092223A1

公开(公告)日：2022-03-24

申请号：US17515092

申请日：2021-10-29

Applicant: Intel Corporation

Inventor： Luis Kida ,  Krystof Zmudzinski ,  Reshma Lal ,  Pradeep Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F21/78 ,  G06F21/44 ,  G06F21/85

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

公开(公告)号：US11188643B2

公开(公告)日：2021-11-30

申请号：US16234144

申请日：2018-12-27

Applicant: Intel Corporation

Inventor： Li Chen ,  Abhishek Basak ,  Salmin Sultana ,  Justin Gottschlich

IPC: G06F21/55 ,  G06N20/00 ,  G06N3/08 ,  G06F21/53

Abstract: Methods, apparatus, systems and articles of manufacture for detecting a side channel attack using hardware performance counters are disclosed. An example apparatus includes a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time. A machine learning model processor is to apply a machine learning model to predict a third value corresponding to the second time. An error vector generator is to generate an error vector representing a difference between the second value and the third value. An error vector analyzer is to determine a probability of the error vector indicating an anomaly. An anomaly detection orchestrator is to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate the side channel anomaly.

公开(公告)号：US20210200552A1

公开(公告)日：2021-07-01

申请号：US16728815

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： FANGFEI LIU ,  CARLOS ROZAS ,  THOMAS UNTERLUGGAUER ,  FRANCIS MCKEEN ,  ALAA ALAMELDEEN ,  Abhishek Basak ,  XIANG ZOU ,  RON GABOR ,  JIYONG YU

IPC: G06F9/38

Abstract: An apparatus and method for non-speculative resource deallocation. For example, one embodiment of a processor comprises: front-end circuitry comprising branch prediction circuitry to indicate a speculative instruction path and a fetch unit to fetch instructions from a memory or instruction cache in accordance with the speculative instruction path; an in-order queue coupled to the front end circuitry, the in-order queue to store instructions of the speculative instruction path provided from the front end circuitry; an out-of-order cluster comprising first instruction processing resources including allocation circuitry to allocate execution resources to be used to execute the instructions of the speculative instruction path and an instruction dispatcher to perform out-of-order dispatching of the instructions for execution; back-end circuitry comprising a plurality of functional units to execute the instructions of the speculative instruction path, the plurality of functional units to perform out-of-order execution of the instructions; and in-order resource deallocation circuitry to deallocate the first instruction processing resources in program order.

公开(公告)号：US20210073145A1

公开(公告)日：2021-03-11

申请号：US17022029

申请日：2020-09-15

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Abhishek Basak ,  David M. Durham

IPC: G06F12/14 ,  G06F12/0831 ,  G06F21/78 ,  G06F21/60 ,  G06F13/28 ,  G06F21/85

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

公开(公告)号：US10783089B2

公开(公告)日：2020-09-22

申请号：US16023661

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Abhishek Basak ,  David M. Durham

IPC: G06F21/85 ,  G06F12/14 ,  G06F12/0831 ,  G06F21/78 ,  G06F21/60 ,  G06F13/28

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

公开(公告)号：US20200272474A1

公开(公告)日：2020-08-27

申请号：US16443593

申请日：2019-06-17

Applicant: Intel Corporation

Inventor： Ron Gabor ,  Alaa Alameldeen ,  Abhishek Basak ,  Fangfei Liu ,  Francis McKeen ,  Joseph Nuzman ,  Carlos Rozas ,  Igor Yanover ,  Xiang Zou

IPC: G06F9/38 ,  G06F9/30 ,  G06F12/1027 ,  G06F21/57

Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.

公开(公告)号：US20190311123A1

公开(公告)日：2019-10-10

申请号：US16444053

申请日：2019-06-18

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan ,  Luis Kida ,  Krystof Zmudzinski ,  Siddhartha Chhabra ,  Abhishek Basak ,  Alpa Narendra Trivedi ,  Anna Trikalinou ,  David M. Lee ,  Vedvyas Shanbhogue ,  Utkarsh Y. Kakaiya

IPC: G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  H04L9/08 ,  G06F9/455

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

公开(公告)号：US20190227827A1

公开(公告)日：2019-07-25

申请号：US16369295

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F9/455 ,  G06F21/62 ,  G06F9/50 ,  G06F9/46 ,  G06F13/28 ,  G06F12/1009

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US20190138755A1

公开(公告)日：2019-05-09

申请号：US16234871

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Luis Kida ,  Krystof Zmudzinski ,  Reshma Lal ,  Pradeep Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F21/78 ,  G06F21/44

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.