-
公开(公告)号:US20190196977A1
公开(公告)日:2019-06-27
申请号:US16288844
申请日:2019-02-28
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , Siddhartha Chhabra , Sergej Deutsch , David Michael Durham
CPC classification number: G06F12/10 , G06F3/0604 , G06F3/065 , G06F3/0673 , G06F11/1076 , G06F21/602 , G06F2212/657
Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.
-
公开(公告)号:US20190050283A1
公开(公告)日:2019-02-14
申请号:US16047638
申请日:2018-07-27
Applicant: Intel Corporation
Inventor: David Durham , Siddhartha Chhabra , Kai Cong , Ron Gabor
Abstract: An embodiment of a semiconductor package apparatus may include technology to determine if an access request (e.g., a read or write request) to a memory location would result in an integrity failure and, if so determined, read previous data from the memory location, set an indicator to indicate the integrity failure, and store the previous data together with the indicator and previous authentication information. Other embodiments are disclosed and claimed.
-
公开(公告)号:US20190042799A1
公开(公告)日:2019-02-07
申请号:US16024257
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: David M. Durham , Micahel Lemay , Siddhartha Chhabra , Kai Cong
Abstract: A system may use memory tagging for side-channel defense, memory safety, and sandboxing to reduce the likelihood of successful attacks. The system may include memory tagging circuitry to address existing and potential hardware and software architectures security vulnerabilities. The memory tagging circuitry may prevent memory pointers from being overwritten, prevent memory pointer manipulation (e.g., by adding values), and increase the granularity of memory tagging to include byte-level tagging in cache. The memory tagging circuitry may sandbox untrusted code by tagging portions of memory to indicate when the tagged portions of memory include contain a protected pointer. The memory tagging circuitry provides security features while enabling CPUs to continue using and benefiting from speculatively performing operations. By co-locating all tagging information at a cacheline granularity with its associated data, the processor has all the information needed to perform access control decisions immediately and non-speculatively, while maintaining high performance and cache coherency.
-
公开(公告)号:US20180357093A1
公开(公告)日:2018-12-13
申请号:US16108395
申请日:2018-08-22
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , David M. Durham
CPC classification number: G06F9/45558 , G06F12/109 , G06F12/1408 , G06F12/145 , G06F21/53 , G06F21/602 , G06F21/6281 , G06F2009/45583 , G06F2009/45587 , G06F2212/1052 , G06F2221/2141 , G06F2221/2149
Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
-
公开(公告)号:US10725849B2
公开(公告)日:2020-07-28
申请号:US16047638
申请日:2018-07-27
Applicant: Intel Corporation
Inventor: David Durham , Siddhartha Chhabra , Kai Cong , Ron Gabor
Abstract: An embodiment of a semiconductor package apparatus may include technology to determine if an access request (e.g., a read or write request) to a memory location would result in an integrity failure and, if so determined, read previous data from the memory location, set an indicator to indicate the integrity failure, and store the previous data together with the indicator and previous authentication information. Other embodiments are disclosed and claimed.
-
Patent Agency Ranking
公开(公告)号:US11003584B2
公开(公告)日:2021-05-11
申请号:US16288844
申请日:2019-02-28
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , Siddhartha Chhabra , Sergej Deutsch , David Michael Durham
Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.
-
公开(公告)号:US10545883B2
公开(公告)日:2020-01-28
申请号:US15720799
申请日:2017-09-29
Applicant: Intel Corporation
Inventor: David M. Durham , Kai Cong , Vedvyas Shanbhogue , Barry E. Huntley , Jason W. Brandt , Siddhartha Chhabra , Ravi L. Sahita
IPC: G06F9/455 , G06F12/14 , G06F12/1009
Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.
-
公开(公告)号:US11630920B2
公开(公告)日:2023-04-18
申请号:US16024257
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: David M. Durham , Michael Lemay , Siddhartha Chhabra , Kai Cong
IPC: G06F21/72 , G06F21/73 , G06F21/64 , G06F21/53 , G06F12/0895 , H04L9/06 , H04L9/00 , H04L9/32 , G06F21/75
Abstract: A system may use memory tagging for side-channel defense, memory safety, and sandboxing to reduce the likelihood of successful attacks. The system may include memory tagging circuitry to address existing and potential hardware and software architectures security vulnerabilities. The memory tagging circuitry may prevent memory pointers from being overwritten, prevent memory pointer manipulation (e.g., by adding values), and increase the granularity of memory tagging to include byte-level tagging in cache. The memory tagging circuitry may sandbox untrusted code by tagging portions of memory to indicate when the tagged portions of memory include contain a protected pointer. The memory tagging circuitry provides security features while enabling CPUs to continue using and benefiting from speculatively performing operations. By co-locating all tagging information at a cacheline granularity with its associated data, the processor has all the information needed to perform access control decisions immediately and non-speculatively, while maintaining high performance and cache coherency.
-
公开(公告)号:US11194902B2
公开(公告)日:2021-12-07
申请号:US16234085
申请日:2018-12-27
Applicant: INTEL CORPORATION
Inventor: Li Chen , Kai Cong , Salmin Sultana
Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.
-
公开(公告)号:US10691482B2
公开(公告)日:2020-06-23
申请号:US16108395
申请日:2018-08-22
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , David M. Durham
Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.026 seconds)
