公开(公告)号：EP4145267A1

公开(公告)日：2023-03-08

申请号：EP22202941.5

申请日：2021-09-16

申请人： Intel Corporation

发明人： SAHITA, Ravi ,  MCKEEN, Francis ,  VIJ, Mona ,  SCARLATA, Vincent ,  ZMUDZINSKI, Krystof ,  ILLIKKAL, Rameshkumar ,  KRISHNAKUMAR, Sudha ,  STEINER, Michael ,  KNAUTH, Thomas ,  KUVAISKII, Dmitrii ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F3/06 ,  G06F21/53 ,  H04L9/08 ,  G06F9/455

摘要： Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

公开(公告)号：EP4202677A1

公开(公告)日：2023-06-28

申请号：EP22202213.9

申请日：2022-10-18

申请人： INTEL Corporation

发明人： BOWMAN, Clair ,  VIJ, Mona ,  DOSHI, Kshitij Arun ,  SAXENA, Paritosh ,  STEINER, Michael ,  MORALES, Carlos ,  MELARA, Marcela ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F9/50 ,  G06F8/60 ,  G06F9/455 ,  H04L9/40

摘要： In one embodiment, metadata associated with deployment of a container within an orchestration environment includes information indicating security preferences for deployment of the container within the orchestration environment, information indicating a level of communications between the container and other containers, and/or information indicating effects of execution of the container with respect to other containers. The metadata is used to select a particular node of a plurality of nodes within the orchestration environment on which to deploy the container based on the metadata.

公开(公告)号：EP4020236A1

公开(公告)日：2022-06-29

申请号：EP21197112.2

申请日：2021-09-16

申请人： Intel Corporation

发明人： SHANBHOGUE, Vedvyas ,  SAHITA, Ravi ,  VIJ, Mona ,  ILLIKKAL, Rameshkumar ,  GOH, Teck Joo ,  KURIATA, Andrzej ,  XIA, Haidong ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F12/14 ,  G06F21/53 ,  G06F21/60 ,  G06F21/79 ,  G06F12/1009 ,  G06F12/109

摘要： Example methods and systems are directed to isolating memory in trusted execution environments (TEEs). In function-as-a-service (FaaS) environments, a client makes use of a function executing within a TEE on a FaaS server. To minimize the trusted code base (TCB) for each function, each function may be placed in a separate TEE. However, this causes the overhead of creating a TEE to be incurred for each function. As discussed herein, multiple functions may be placed in a single TEE without compromising the data integrity of each function. For example, by using a different extended page table (EPT) for each function, the virtual address spaces of the functions are kept separate and map to different, non-overlapping physical address spaces. Partial overlap may be permitted to allow functions to share some data while protecting other data. Memory for each function may be encrypted using a different encryption key.

公开(公告)号：EP4459485A1

公开(公告)日：2024-11-06

申请号：EP23216237.0

申请日：2023-12-13

申请人： INTEL Corporation

发明人： MELARA, Marcela S. ,  VAVALA, Bruno ,  STEINER, Michael ,  SCARLATA, Vincent ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F21/51 ,  G06F21/57 ,  G06F21/64

摘要： A method and apparatus for multi-dimensional attestations for a software application. A multi-dimensional attestation is generated for at least one component of the software application. The multi-dimensional attestation includes a signed attestation for the at least one component and an attestation reference to at least one other related component. A verifier obtains multi-dimensional attestations for the components of the software application and obtains the signed attestation for the related components of the software application based on the attestation reference and verifies integrity of at least part of the software application based on the obtained signed attestations. The multi-dimensional attestation for a given component of a software application can link attestations across spatial and temporal dimensions including other microservice(s) that communicates directly with the subject microservice, imported code dependencies on which the subject microservice is dependent, and/or the underlying software layer of the subject microservice.

公开(公告)号：EP4020276A1

公开(公告)日：2022-06-29

申请号：EP21208882.7

申请日：2021-11-17

申请人： INTEL Corporation

发明人： VAHLDIEK-OBERWAGNER, Anjo Lucas ,  SAHITA, Ravi ,  VIJ, Mona ,  LEE, Dayeol ,  XIA, Haidong ,  ILLIKKAL, Rameshkumar ,  ORTIZ, Samuel ,  DOSHI, Kshitij A. ,  CHERFAOUI, Mourad ,  KURIATA, Andrzej ,  GOH, Teck Joo

IPC分类号： G06F21/53 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32

摘要： In function-as-a-service (FaaS) environments, a client makes use of a function executing within a trusted execution environment (TEE) on a FaaS server. Multiple tenants of the FaaS platform may provide functions to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions to be executed within any number of TEEs on the FaaS platform and accessed via the gateway. Additionally, each tenant may provide code and data for a single surrogate attester TEE. The client devices of the tenant use the surrogate attester TEE to attest each of the other TEEs of the tenant and establish trust with the functions in those TEEs. Once the functions have been attested, the client devices have confidence that the other TEEs of the tenant are running on the same platform as the gateway.

公开(公告)号：EP4020156A1

公开(公告)日：2022-06-29

申请号：EP21197114.8

申请日：2021-09-16

申请人： INTEL Corporation

发明人： SAHITA, Ravi ,  MCKEEN, Francis ,  VIJ, Mona ,  SCARLATA, Vincent ,  ZMUDZINSKI, Krystof ,  ILLIKKAL, Rameshkumar ,  KRISHNAKUMAR, Sudha ,  STEINER, Michael ,  KNAUTH, Thomas ,  KUVAISKII, Dmitrii ,  VAHLDIEK-OBERWAGNER, Anjo Lucas

IPC分类号： G06F3/06 ,  G06F21/53 ,  H04L9/08 ,  G06F9/455

摘要： Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.