公开(公告)号：US11650800B2

公开(公告)日：2023-05-16

申请号：US17133880

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Vincent Scarlata ,  Alpa Trivedi ,  Reshma Lal ,  Marcela S. Melara ,  Michael Steiner ,  Anjo Vahldiek-Oberwagner

IPC: G06F8/40

CPC classification number: G06F8/40

Abstract: Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.

公开(公告)号：US20230015537A1

公开(公告)日：2023-01-19

申请号：US17950826

申请日：2022-09-22

Applicant: Intel Corporation

Inventor： Anjo Lucas Vahldiek-Oberwagner ,  Ravi L. Sahita ,  Mona Vij ,  Rameshkumar Illikkal ,  Michael Steiner ,  Thomas Knauth ,  Dmitrii Kuvaiskii ,  Sudha Krishnakumar ,  Krystof C. Zmudzinski ,  Vincent Scarlata ,  Francis McKeen

IPC: G06F21/79 ,  G06F3/06 ,  G06F12/14 ,  H04L9/32 ,  H04L9/14

Abstract: Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

公开(公告)号：US20220206764A1

公开(公告)日：2022-06-30

申请号：US17133880

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Vincent Scarlata ,  Alpa Trivedi ,  Reshma Lal ,  Marcela S. Melara ,  Michael Steiner ,  Anjo Vahldiek-Oberwagner

IPC: G06F8/40

Abstract: Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.

公开(公告)号：US20220121470A1

公开(公告)日：2022-04-21

申请号：US17561676

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Paritosh Saxena ,  Anjo Lucas Vahldiek-Oberwagner ,  Mona Vij ,  Kshitij A. Doshi ,  Carlos H. Morales ,  Clair Bowman ,  Marcela S. Melara ,  Michael Steiner

IPC: G06F9/455 ,  H04L9/40

Abstract: In one embodiment, metadata associated with deployment of a container within an orchestration environment includes information indicating security preferences for deployment of the container within the orchestration environment, information indicating a level of communications between the container and other containers, and/or information indicating effects of execution of the container with respect to other containers. The metadata is used to select a particular node of a plurality of nodes within the orchestration environment on which to deploy the container based on the metadata.

公开(公告)号：US20230333824A1

公开(公告)日：2023-10-19

申请号：US18307257

申请日：2023-04-26

Applicant: Intel Corporation

Inventor： Vincent Scarlata ,  Alpa Trivedi ,  Reshma Lal ,  Marcela S. Melara ,  Michael Steiner ,  Anjo Vahldiek-Oberwagner

IPC: G06F8/40

CPC classification number: G06F8/40

Abstract: Attestation of operations by tool chains is described. An example of a storage medium includes instructions for receiving source code for processing of a secure workload of a tenant; selecting at least a first compute node to provide computation for the workload; processing the source code by an attestable tool chain to generate machine code for the first compute node, including performing one or more conversions of the source code by one or more convertors to generate converted code and generating an attestation associated with each code conversion, and receiving machine code for the first compute node and generating an attestation associated with the first compute node; and providing each of the attestations from the first stage and the second stage for verification.

公开(公告)号：US20190065406A1

公开(公告)日：2019-02-28

申请号：US16174337

申请日：2018-10-30

Applicant: Intel Corporation

Inventor： Michael Steiner ,  Thomas Knauth ,  Li Lei ,  Bin Xing ,  Mona Vij ,  Somnath Chakrabarti

IPC: G06F12/14 ,  H04L29/06

Abstract: In a method for protecting extra-enclave communications, a data processing system allocates a portion of random access memory (RAM) to a server application that is to execute at a low privilege level, and the data processing system creates an enclave comprising the portion of RAM allocated to the server application. The enclave protects the RAM in the enclave from access by software that executes at a high privilege level. The server application obtains a platform attestation report (PAR) for the enclave from the processor. The PAR includes attestation data from the processor attesting to integrity of the enclave. The server application also generates a public key certificate for the server application. The public key certificate comprises the attestation data. The server application utilizes the public key certificate to establish a transport layer security (TLS) communication channel with a client application outside of the enclave. Other embodiments are described and claimed.

公开(公告)号：US10922088B2

公开(公告)日：2021-02-16

申请号：US16024733

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Fangfei Liu ,  Bin Xing ,  Michael Steiner ,  Mona Vij ,  Carlos Rozas ,  Francis McKeen ,  Meltem Ozsoy ,  Matthew Fernandez ,  Krystof Zmudzinski ,  Mark Shanahan

IPC: G06F9/38 ,  G06F9/30 ,  G06F21/55

Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.