公开(公告)号：US12001346B2

公开(公告)日：2024-06-04

申请号：US17127786

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Alaa Alameldeen ,  Scott Constable ,  Fangfei Liu ,  Francis McKeen ,  Carlos Rozas ,  Anna Trikalinou

IPC: G06F12/10 ,  G06F12/121 ,  G06F12/14

CPC classification number: G06F12/14 ,  G06F12/121 ,  G06F2212/1052

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

公开(公告)号：US11921646B2

公开(公告)日：2024-03-05

申请号：US17842094

申请日：2022-06-16

Applicant: Intel Corporation

Inventor： David Koufaty ,  Rajesh Sankaran ,  Anna Trikalinou ,  Rupin Vakharwala

IPC: G06F12/14 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/16 ,  G06F13/42

CPC classification number: G06F12/1483 ,  G06F12/0862 ,  G06F12/1009 ,  G06F13/1668 ,  G06F13/4282 ,  G06F2212/1052 ,  G06F2212/305 ,  G06F2212/6028 ,  G06F2213/0026

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.

公开(公告)号：US11373013B2

公开(公告)日：2022-06-28

申请号：US16234871

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Luis Kida ,  Krystof Zmudzinski ,  Reshma Lal ,  Pradeep Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F21/78 ,  G06F21/44 ,  G06F21/85

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

公开(公告)号：US20210173794A1

公开(公告)日：2021-06-10

申请号：US17131974

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： David Koufaty ,  Anna Trikalinou ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Ramya Jayaram Masti

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1045

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table

公开(公告)号：US20200327072A1

公开(公告)日：2020-10-15

申请号：US16912251

申请日：2020-06-25

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  Anna Trikalinou

IPC: G06F12/14 ,  G06F12/1081 ,  G06F12/0882 ,  G06F21/79 ,  H04L9/06 ,  H04L9/32

Abstract: Methods and apparatus relating to secure-ATS (or secure Address Translation Services) using a version tree for replay protection are described. In an embodiment, memory stores data for a secured device. The stored data comprising information for one or more intermediate nodes and one or more leaf nodes. Logic circuitry allows/disallows access to contents of a memory region associated with a first leaf node from the one or more leaf nodes by a memory access request based at least in part on whether the memory access request is associated with a permission authenticated by the MAC of the first leaf node. Other embodiments are also disclosed and claimed.

公开(公告)号：US10474814B2

公开(公告)日：2019-11-12

申请号：US15278250

申请日：2016-09-28

Applicant: Intel Corporation

Inventor： Anna Trikalinou

IPC: G06F21/55 ,  G06F21/70

Abstract: In an embodiment, an apparatus includes: an interface circuit to receive thermal information from a system memory; a calculation circuit to determine a rate of thermal change of the system memory based on a current temperature of the system memory, a prior temperature of the system memory and a time duration; and a policy enforcement circuit, in response to a result of a comparison of the rate of thermal change to a threshold, to perform at least one protection measure on the system memory. Other embodiments are described and claimed.

公开(公告)号：US11755500B2

公开(公告)日：2023-09-12

申请号：US17134332

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak

IPC: G06F12/14 ,  G06F9/50 ,  G06F12/06

CPC classification number: G06F12/1408 ,  G06F9/5016 ,  G06F9/5083 ,  G06F12/063 ,  G06F12/1433

Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.

公开(公告)号：US11526451B2

公开(公告)日：2022-12-13

申请号：US17131974

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： David Koufaty ,  Anna Trikalinou ,  Utkarsh Y. Kakaiya ,  Ravi Sahita ,  Ramya Jayaram Masti

IPC: G06F12/14 ,  G06F12/1009 ,  G06F12/1045

Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.

公开(公告)号：US11354415B2

公开(公告)日：2022-06-07

申请号：US16457928

申请日：2019-06-29

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Daniel S. Lake ,  Sham M. Datta ,  Asher M. Altman ,  John K. Grooms

IPC: H04N7/16 ,  G06F7/04 ,  G06F21/57 ,  G06F12/14 ,  G06F21/79

Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.

公开(公告)号：US20210117340A1

公开(公告)日：2021-04-22

申请号：US17134332

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak

IPC: G06F12/14 ,  G06F12/06 ,  G06F9/50

Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.