公开(公告)号：WO2023048886A1

公开(公告)日：2023-03-30

申请号：PCT/US2022/041429

申请日：2022-08-24

Applicant: INTEL CORPORATION

Inventor： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi ,  KAKAIYA, Utkarsh ,  BASAK, Abhishek ,  ALBION, Lee ,  SCHMOLE, Filip ,  VAKHARWALA, Rupin ,  ABRAHAM, Vinit ,  MAKARAM, Raghunandan

IPC: G06F9/455 ,  G06F21/53

Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.

公开(公告)号：WO2017105749A1

公开(公告)日：2017-06-22

申请号：PCT/US2016/062467

申请日：2016-11-17

Applicant: INTEL CORPORATION

Inventor： BASAK, Abhishek ,  CHHABRA, Siddhartha ,  OH, Jungju ,  DURHAM, David M.

IPC: G06F12/0802

CPC classification number: G06F21/79 ,  G06F3/0623 ,  G06F3/0661 ,  G06F3/0673 ,  G06F7/724 ,  G06F12/0886 ,  G06F12/0891 ,  G06F12/124 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/60 ,  G06F2212/70 ,  H03M13/15 ,  H04L9/0637 ,  H04L9/3242 ,  H04N19/463 ,  H04N19/93

Abstract: Examples include techniques for compressing counter values included in cryptographic metadata. In some examples, a cache line to fill a cache included in on-die processor memory may be received. The cache arranged to store cryptographic metadata. The cache line includes a counter value generated by a counter. The counter value to serve as version information for a memory encryption scheme to write a data cache line to a memory location of an off-die memory. In some examples, the counter value is compressed based on whether the counter value includes a pattern that matches a given pattern and is then stored to the cache. In some examples, a compression aware and last recently used (LRU) scheme is used to determine whether to evict cryptographic metadata from the cache.

Abstract translation: 示例包括用于压缩包含在加密元数据中的计数器值的技术。 在一些示例中，可以接收用于填充芯片上处理器存储器中包括的高速缓存的高速缓存行。 缓存被设置为存储加密元数据。 高速缓存行包含由计数器生成的计数器值。 该计数器值用作存储器加密方案的版本信息，以将数据高速缓存行写入到脱模存储器的存储器位置。 在一些示例中，基于计数器值是否包括匹配给定模式的模式并随后将其存储到高速缓存中来压缩计数器值。 在一些示例中，使用压缩感知和上一次最近使用（LRU）方案来确定是否从缓存驱逐加密元数据。

公开(公告)号：WO2022066306A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/045468

申请日：2021-08-11

Applicant: INTEL CORPORATION

Inventor： LIU, Fangfei ,  ALAMELDEEN, Alaa ,  BASAK, Abhishek ,  CONSTABLE, Scott ,  MCKEEN, Francis ,  NUZMAN, Joseph ,  ROZAS, Carlos ,  UNTERLUGGAUER, Thomas ,  ZOU, Xiang

IPC: G06F21/55 ,  G06F21/52 ,  G06F9/48 ,  G06F9/50 ,  G06F9/30

Abstract: In one embodiment, a processor includes: a decode circuit to decode a load instruction that is to load an operand to a destination register, the decode circuit to generate at least one fencing micro-operation (µop) associated with the destination register; and a scheduler circuit coupled to the decode circuit. The scheduler circuit is to prevent speculative execution of one or more instructions that consume the operand in response to the at least one fencing µop. Other embodiments are described and claimed.

公开(公告)号：WO2021162792A1

公开(公告)日：2021-08-19

申请号：PCT/US2020/067072

申请日：2020-12-26

Applicant: INTEL CORPORATION

Inventor： DURHAM, David M. ,  LEMAY, Michael D. ,  SULTANA, Salmin ,  GREWAL, Karanvir S. ,  KOUNAVIS, Michael E. ,  DEUTSCH, Sergej ,  WEILER, Andrew James ,  BASAK, Abhishek ,  BAUM, Dan ,  GHOSH, Santosh

IPC: G06F21/78 ,  G06F21/72 ,  G06F12/14 ,  H04L9/06 ,  H04L9/08

Abstract: A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system running on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

公开(公告)号：WO2022139931A1

公开(公告)日：2022-06-30

申请号：PCT/US2021/052108

申请日：2021-09-25

Applicant: INTEL CORPORATION

Inventor： WINTERTON, Richard ,  HAGHIGHAT, Mohammad Reza ,  MALLICK, Asit ,  ALAMELDEEN, Alaa ,  BASAK, Abhishek ,  BRANDT, Jason W. ,  CHYNOWETH, Michael ,  ROZAS, Carlos ,  CONSTABLE, Scott ,  DIXON, Martin ,  FERNANDEZ, Matthew ,  LIU, Fangfei ,  MCKEEN, Francis ,  NUZMAN, Joseph ,  POKAM, Gilles ,  UNTERLUGGAUER, Thomas ,  ZOU, Xiang

IPC: G06F21/78 ,  G06F21/71 ,  H04L9/08

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.

公开(公告)号：WO2022139850A1

公开(公告)日：2022-06-30

申请号：PCT/US2020/067076

申请日：2020-12-26

Applicant: INTEL CORPORATION

Inventor： BASAK, Abhishek ,  DEUTSCH, Sergej ,  DURHAM, David M. ,  GREWAL, Karanvir S. ,  LEMAY, Michael D. ,  TRIKALINOU, Anna ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC: G06F21/72 ,  G06F21/78 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.

公开(公告)号：WO2020005450A1

公开(公告)日：2020-01-02

申请号：PCT/US2019/034442

申请日：2019-05-29

Applicant: INTEL CORPORATION

Inventor： BASAK, Abhishek ,  CHEN, Li ,  SAHITA, Ravi

IPC: G06F12/14 ,  G06F12/0891 ,  G06F21/55

Abstract: A system may include a processor and a memory, the processor having at least one cache as well as memory access monitoring logic. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line includes several bits for storing information. During normal operation, the memory access monitoring logic may monitor for a memory access pattern indicative of a side-channel attack (e.g., an abnormally large number of recent CLFLUSH instructions). Upon detecting a possible side-channel attack, the memory access monitoring logic may implement one of several mitigation policies, such as, for example, restricting execution of CLFLUSH operations. Due to the nature of cache-timing side-channel attacks, this prevention of CLFLUSH may prevent attackers utilizing such attacks from gleaning meaningful information.

公开(公告)号：EP4405814A1

公开(公告)日：2024-07-31

申请号：EP22873394.5

申请日：2022-08-24

Applicant: Intel Corporation

Inventor： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi ,  KAKAIYA, Utkarsh ,  BASAK, Abhishek ,  ALBION, Lee ,  SCHMOLE, Filip ,  VAKHARWALA, Rupin ,  MATHEW ABRAHAM, Vinit ,  MAKARAM, Raghunandan

IPC: G06F9/455 ,  G06F21/53

CPC classification number: G06F13/4027 ,  G06F21/71 ,  G06F21/79 ,  G06F9/45558 ,  G06F2009/4558720130101 ,  G06F2009/4557920130101

公开(公告)号：EP3391226A1

公开(公告)日：2018-10-24

申请号：EP16876314.2

申请日：2016-11-17

Applicant: Intel Corporation

Inventor： BASAK, Abhishek ,  CHHABRA, Siddhartha ,  OH, Jungju ,  DURHAM, David M.

IPC: G06F12/0802

CPC classification number: G06F21/79 ,  G06F3/0623 ,  G06F3/0661 ,  G06F3/0673 ,  G06F7/724 ,  G06F12/0886 ,  G06F12/0891 ,  G06F12/124 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/60 ,  G06F2212/70 ,  H03M13/15 ,  H04L9/0637 ,  H04L9/3242 ,  H04N19/463 ,  H04N19/93

Abstract: Examples include techniques for compressing counter values included in cryptographic metadata. In some examples, a cache line to fill a cache included in on-die processor memory may be received. The cache arranged to store cryptographic metadata. The cache line includes a counter value generated by a counter. The counter value to serve as version information for a memory encryption scheme to write a data cache line to a memory location of an off-die memory. In some examples, the counter value is compressed based on whether the counter value includes a pattern that matches a given pattern and is then stored to the cache. In some examples, a compression aware and last recently used (LRU) scheme is used to determine whether to evict cryptographic metadata from the cache.

公开(公告)号：EP4445283A1

公开(公告)日：2024-10-16

申请号：EP22904879.8

申请日：2022-10-31

Applicant: INTEL Corporation

Inventor： BASAK, Abhishek ,  SULTANA, Salmin ,  GHOSH, Santosh ,  LEMAY, Michael D. ,  GREWAL, Karanvir S. ,  DURHAM, David M.

IPC: G06F21/72 ,  G06F9/38 ,  G06F9/30