-
公开(公告)号:EP4020236A1
公开(公告)日:2022-06-29
申请号:EP21197112.2
申请日:2021-09-16
申请人: Intel Corporation
发明人: SHANBHOGUE, Vedvyas , SAHITA, Ravi , VIJ, Mona , ILLIKKAL, Rameshkumar , GOH, Teck Joo , KURIATA, Andrzej , XIA, Haidong , VAHLDIEK-OBERWAGNER, Anjo Lucas
IPC分类号: G06F12/14 , G06F21/53 , G06F21/60 , G06F21/79 , G06F12/1009 , G06F12/109
摘要: Example methods and systems are directed to isolating memory in trusted execution environments (TEEs). In function-as-a-service (FaaS) environments, a client makes use of a function executing within a TEE on a FaaS server. To minimize the trusted code base (TCB) for each function, each function may be placed in a separate TEE. However, this causes the overhead of creating a TEE to be incurred for each function. As discussed herein, multiple functions may be placed in a single TEE without compromising the data integrity of each function. For example, by using a different extended page table (EPT) for each function, the virtual address spaces of the functions are kept separate and map to different, non-overlapping physical address spaces. Partial overlap may be permitted to allow functions to share some data while protecting other data. Memory for each function may be encrypted using a different encryption key.
-
公开(公告)号:EP3877854A1
公开(公告)日:2021-09-15
申请号:EP19882848.5
申请日:2019-04-16
申请人: INTEL Corporation
发明人: HAGHIGHAT, Mohammad R. , DOSHI, Kshitij , HERDRICH, Andrew J. , MOHAN, Anup , IYER, Ravishankar R. , SUN, Mingqiu , BHUYAN, Krishna , GOH, Teck Joo , KUMAR, Mohan J. , PRINKE, Michael , LEMAY, Michael , PELED, Leeor , TSAI, Jr-Shian , DURHAM, David M. , CHAMBERLAIN, Jeffrey D. , SUKHOMLINOV, Vadim A. , DAHLEN, Eric J. , BAGHSORKHI, Sara , SANE, Harshad , MELIK-ADAMYAN, Areg , SAHITA, Ravi , BABOKIN, Dmitry Yurievich , STEINER, Ian M. , BACHMUTSKY, Alexander , RAO, Anil , ZHANG, Mingwei , JAIN, Nilesh K. , FIROOZSHAHIAN, Amin , PATEL, Baiju V. , HUANG, Wenyong , RAGHURAM, Yeluri
-
公开(公告)号:EP4020276A1
公开(公告)日:2022-06-29
申请号:EP21208882.7
申请日:2021-11-17
申请人: INTEL Corporation
发明人: VAHLDIEK-OBERWAGNER, Anjo Lucas , SAHITA, Ravi , VIJ, Mona , LEE, Dayeol , XIA, Haidong , ILLIKKAL, Rameshkumar , ORTIZ, Samuel , DOSHI, Kshitij A. , CHERFAOUI, Mourad , KURIATA, Andrzej , GOH, Teck Joo
摘要: In function-as-a-service (FaaS) environments, a client makes use of a function executing within a trusted execution environment (TEE) on a FaaS server. Multiple tenants of the FaaS platform may provide functions to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions to be executed within any number of TEEs on the FaaS platform and accessed via the gateway. Additionally, each tenant may provide code and data for a single surrogate attester TEE. The client devices of the tenant use the surrogate attester TEE to attest each of the other TEEs of the tenant and establish trust with the functions in those TEEs. Once the functions have been attested, the client devices have confidence that the other TEEs of the tenant are running on the same platform as the gateway.
-
公开(公告)号:EP4020197A1
公开(公告)日:2022-06-29
申请号:EP21209950.1
申请日:2021-11-23
申请人: INTEL Corporation
发明人: ILLIKKAL, Rameshkumar , GOH, Teck Joo , SHU, Wenhui , KURIATA, Andrzej , CUI, Long , CHEN, Jinshi , DODAN, Mihai-Daniel
摘要: Methods, apparatus, systems, and articles of manufacture for loading of a container image are disclosed. An example apparatus includes a prioritizer to determine a priority level at which a container is to be executed. A container controller is to determine a first expected location for a first set of layers of the container, the container controller to determine a second expected location for a second set of layers of the container, the first expected location and the second expected location determined based on the determined priority level, the second set of layers separated from the first set of layers in an image by a landmark. A container loader is to mount the first set of layers from the first expected location. A container executor is to initiate execution of the container based on the mounted first set of layers.
-
-
-
搜索结果
4 条记录 (耗时 0.009 秒)
