公开(公告)号：US11010310B2

公开(公告)日：2021-05-18

申请号：US16777067

申请日：2020-01-30

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra ,  Michael E. Kounavis ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Joseph F. Cihula ,  Saeedeh Komijani

IPC: G06F12/14 ,  G06F21/64 ,  G06F21/79

Abstract: Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.

公开(公告)号：US11010067B2

公开(公告)日：2021-05-18

申请号：US16236117

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： David M. Durham

IPC: G06F3/06 ,  G06F12/0802 ,  H04L9/08

Abstract: Embodiments for defending against speculative side-channel analysis on a computer system are disclosed. In embodiments, a processor includes a decoder, a cache, address translation circuitry, a cache controller, and a memory controller. The decoder decodes an instruction. The instruction specifies a first address associated with a data object, the first address having a first memory tag. The address translation circuitry translates the first address to a second address, the second address to identify a memory location of the data object. The comparator compares the first memory tag and a second memory tag associated with the second address. The cache controller detects a cache miss associated with the memory location. The memory controller, in response to the comparator detecting a match between the first memory tag and the second memory tag and the cache controller detecting the cache miss, loads the data object from the memory location into the cache.

公开(公告)号：US20210117341A1

公开(公告)日：2021-04-22

申请号：US17134349

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Karanvir S. Grewal

IPC: G06F12/14 ,  G06F21/60 ,  G06F12/0842

Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises requesting a cache line from memory responsive to a memory access instruction, wherein the cache line comprises a first slot encrypted according to first context information and a second slot encrypted according to second context information; decrypting the first slot of the cache line into plaintext based on the first context information; and storing the decrypted first slot of the cache line and a tag in a first cache, wherein the tag comprises the first context information.

公开(公告)号：US10860709B2

公开(公告)日：2020-12-08

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael Lemay ,  David M. Durham ,  Michael E. Kounavis ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Josh Triplett ,  Gilbert Neiger ,  Karanvir Grewal ,  Baiju V. Patel ,  Ye Zhuang ,  Jr-Shian Tsai ,  Vadim Sukhomlinov ,  Ravi Sahita ,  Mingwei Zhang ,  James C. Farwell ,  Amitabh Das ,  Krishna Bhuyan

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US10855815B2

公开(公告)日：2020-12-01

申请号：US16674346

申请日：2019-11-05

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David M. Durham ,  Karanvir Grewal ,  Wenjie Xiong ,  Sergej Deutsch

IPC: H03M7/30 ,  H04L29/06 ,  H04L29/12 ,  H04W12/06

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

公开(公告)号：US10853270B2

公开(公告)日：2020-12-01

申请号：US16717374

申请日：2019-12-17

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US20200278937A1

公开(公告)日：2020-09-03

申请号：US16777067

申请日：2020-01-30

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra ,  Michael E. Kounavis ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Joseph F. Cihula ,  Saeedeh Komijani

IPC: G06F12/14 ,  G06F21/64 ,  G06F21/79

Abstract: Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.

公开(公告)号：US10761928B2

公开(公告)日：2020-09-01

申请号：US16368430

申请日：2019-03-28

Applicant: Intel Corporation

Inventor： Sergej Deutsch ,  Wei Wu ,  David M. Durham ,  Karanvir Grewal

IPC: G06F11/10 ,  H04L9/32 ,  H04L9/08 ,  G06F21/00

Abstract: In one example a computer implemented method comprises generating an error correction code for a memory line, the memory line comprising a first plurality of data blocks, wherein the error correction code comprises a first plurality of parity bits and a second plurality of parity bits, applying a domain-specific function to the second plurality of parity bits to generate a modified block of parity bits, generating a metadata block corresponding to the memory line, wherein the metadata block comprises the error correction code for the memory line and at least a portion of the modified block of parity bits, encoding the first plurality of data blocks and the metadata block to generate a first encoded data set, and providing the encoded data set and the encoded metadata block for storage on a memory module. Other examples may be described.

公开(公告)号：US10757227B2

公开(公告)日：2020-08-25

申请号：US16674363

申请日：2019-11-05

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David M. Durham ,  Karanvir Grewal ,  Wenjie Xiong ,  Sergej Deutsch

IPC: H03M7/30 ,  H04L29/06 ,  H04L29/12 ,  H04W12/06

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

公开(公告)号：US20200259632A1

公开(公告)日：2020-08-13

申请号：US16733685

申请日：2020-01-03

Applicant: Intel Corporation

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: H04L9/06 ,  G06F21/60 ,  G06F21/85 ,  G09C1/00 ,  G06F12/14

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.