公开(公告)号：US20220207194A1

公开(公告)日：2022-06-30

申请号：US17134346

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha CHHABRA ,  Abhishek BASAK

IPC: G06F21/85 ,  G06F21/60 ,  G06F21/57 ,  G06F7/58

Abstract: Detailed herein are embodiments utilizing a cryptographically authenticated address bus (CAAB) protection that uses an intelligent memory design to prevent attacks on the address bus without detection and eliminate the memory bus as an observability surface for an attacker to do access pattern analysis. Embodiments detailed herein describe an intelligent memory module which has cryptographic capabilities. In some embodiments, a memory controller and an intelligent memory module exchange a key and using this key, the address (on the address bus) is encrypted and integrity protected using authenticated counter mode encryption. The memory controller on receiving a read or a write request encrypts the address (e.g., using pre-generated encrypted counters to minimize cryptographic overheads). A message authentication code (MAC) also gets generated along with the encrypted address to be able to detect modification to the encrypted address.

公开(公告)号：US20210089466A1

公开(公告)日：2021-03-25

申请号：US16986169

申请日：2020-08-05

Applicant: INTEL CORPORATION

Inventor： Vedvyas SHANBHOGUE ,  Ravi SAHITA ,  Rajesh SANKARAN ,  Siddhartha CHHABRA ,  Abhishek BASAK ,  Krystof ZMUDZINSKI ,  Rupin VAKHARWALA

IPC: G06F12/1009 ,  G06F12/14 ,  G06F9/30 ,  G06F9/455 ,  G06F21/57 ,  G06F21/53

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.