-
11.发明申请APPLICATION EXECUTION ENCLAVE MEMORY PAGE CACHE MANAGEMENT METHOD AND APPARATUS 有权应用程序执行内容存储页缓存管理方法和设备公开(公告)号:US20170068455A1
公开(公告)日:2017-03-09
申请号:US14849222
申请日:2015-09-09
Applicant: Intel Corporation
Inventor: Bin Xing , Mark W. Shanahan , Bo Zhang
CPC classification number: G06F12/1441 , G06F21/10 , G06F21/125 , G06F21/53
Abstract: Apparatuses, methods and storage medium associated with application execution enclave cache management, are disclosed herein. In embodiments, an apparatus may include one or more processors with supports for application execution enclaves; cache memory coupled with the one or more processors to be organized into a plurality of cache pages; and an exception handler to be operated by the one or more processors to handle cache page fault exceptions, wherein to handle cache page fault exceptions includes to handle a cache page fault triggered to request additional allocation of one or more cache pages to an execution enclave of an application. Other embodiments may be described and/or claimed.
Abstract translation: 本文公开了与应用执行包层缓存管理相关联的设备,方法和存储介质。 在实施例中,设备可以包括具有用于应用执行包层的支持的一个或多个处理器; 与所述一个或多个处理器耦合的高速缓冲存储器将被组织成多个高速缓存页面; 以及由所述一个或多个处理器操作以处理高速缓存页错误异常的异常处理程序,其中处理高速缓存页错误异常包括处理触发的高速缓存页错误以请求对一个或多个高速缓存页的附加分配到执行空间 一个应用程序。 可以描述和/或要求保护其他实施例。
-
公开(公告)号:US20220405403A1
公开(公告)日:2022-12-22
申请号:US17820628
申请日:2022-08-18
Applicant: Intel Corporation
Inventor: Soham Jayesh Desai , Siddhartha Chhabra , Bin Xing , Pradeep M. Pappachan , Reshma Lal
IPC: G06F21/60 , H04L9/40 , G06F21/57 , G06F13/28 , H04L9/32 , G06F21/62 , G06F21/85 , G09C1/00 , G06F13/20
Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
-
公开(公告)号:US10970390B2
公开(公告)日:2021-04-06
申请号:US15897406
申请日:2018-02-15
Applicant: Intel Corporation
Inventor: Francis McKeen , Bin Xing , Krystof Zmudzinski , Carlos Rozas , Mona Vij
Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, an address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping stored in the address translation data structure.
-
公开(公告)号:US10922088B2
公开(公告)日:2021-02-16
申请号:US16024733
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: Fangfei Liu , Bin Xing , Michael Steiner , Mona Vij , Carlos Rozas , Francis McKeen , Meltem Ozsoy , Matthew Fernandez , Krystof Zmudzinski , Mark Shanahan
Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.
-
公开(公告)号:US10552620B2
公开(公告)日:2020-02-04
申请号:US15628006
申请日:2017-06-20
Applicant: Intel Corporation
Inventor: Soham Jayesh Desai , Siddhartha Chhabra , Bin Xing , Pradeep M. Pappachan , Reshma Lal
IPC: G06F21/00 , G06F21/60 , H04L29/06 , G06F21/57 , G06F13/28 , H04L9/32 , G06F21/62 , G06F21/85 , G09C1/00 , G06F13/20 , H04L9/06 , G06F21/51
Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US10331564B2
公开(公告)日:2019-06-25
申请号:US15825730
申请日:2017-11-29
Applicant: Intel Corporation
Inventor: Gideon Gerzon , Pradeep Pappachan , Reshma Lal , Siddhartha Chhabra , Bin Xing
IPC: G06T7/00 , H04L9/32 , G06F13/28 , H04L29/06 , G06F12/0831 , G06F12/1081
Abstract: Technologies for secure I/O with MIPI camera devices include a computing device having a camera controller coupled to a camera and a channel identifier filter. The channel identifier filter detects DMA transactions issued by the camera controller and related to the camera. The channel identifier filter determines whether a DMA transaction includes a secure channel identifier or a non-secure channel identifier. If the DMA transaction includes the non-secure channel identifier, the channel identifier filter allows the DMA transaction. If the DMA transaction includes the secure channel identifier, the channel identifier filter determines whether the DMA transaction is targeted to a memory address in a protected memory range associated with the secure channel identifier. If so, the channel identifier filter allows the DMA transaction. If not, the channel identifier filter blocks the DMA transaction. Other embodiments are described and claimed.
-
17.发明申请公开(公告)号:US20190042766A1
公开(公告)日:2019-02-07
申请号:US16113013
申请日:2018-08-27
Applicant: Intel Corporation
Inventor: Pradeep M. Pappachan , Siddhartha Chhabra , Bin Xing , Reshma Lal , Baruch Chaikin
Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.
-
公开(公告)号:US20190042431A1
公开(公告)日:2019-02-07
申请号:US15825730
申请日:2017-11-29
Applicant: Intel Corporation
Inventor: Gideon Gerzon , Pradeep Pappachan , Reshma Lal , Siddhartha Chhabra , Bin Xing
IPC: G06F12/0831 , H04L9/32 , G06F13/28 , H04L29/06 , G06F12/1081
CPC classification number: G06F12/0835 , G06F12/1081 , G06F13/28 , G06T7/00 , H04L9/3242 , H04L63/126
Abstract: Technologies for secure I/O with MIPI camera devices include a computing device having a camera controller coupled to a camera and a channel identifier filter. The channel identifier filter detects DMA transactions issued by the camera controller and related to the camera. The channel identifier filter determines whether a DMA transaction includes a secure channel identifier or a non-secure channel identifier. If the DMA transaction includes the non-secure channel identifier, the channel identifier filter allows the DMA transaction. If the DMA transaction includes the secure channel identifier, the channel identifier filter determines whether the DMA transaction is targeted to a memory address in a protected memory range associated with the secure channel identifier. If so, the channel identifier filter allows the DMA transaction. If not, the channel identifier filter blocks the DMA transaction. Other embodiments are described and claimed.
-
公开(公告)号:US10073977B2
公开(公告)日:2018-09-11
申请号:US14974874
申请日:2015-12-18
Applicant: Intel Corporation
Inventor: Pradeep M. Pappachan , Reshma Lal , Bin Xing , Steven B. McGowan , Siddhartha Chhabra , Reouven Elbaz
CPC classification number: G06F21/602 , G06F13/28 , G06F16/2365 , G06F21/606 , G06F21/64 , G06F2221/031
Abstract: Technologies for authenticity assurance for I/O data include a computing device with a cryptographic engine and one or more I/O controllers. A metadata producer of the computing device performs an authenticated encryption operation on I/O data to generate encrypted I/O data and an authentication tag. The metadata producer stores the encrypted I/O data in a DMA buffer and the authentication tag in an authentication tag queue. A metadata consumer decrypts the encrypted I/O data from the DMA buffer and determines whether the encrypted I/O data is authentic using the authentication tag from the authentication tag queue. For input, the metadata producer may be embodied as the cryptographic engine and the metadata consumer may be embodied as a trusted software component. For output, the metadata producer may be embodied as the trusted software component and the metadata consumer may be embodied as the cryptographic engine. Other embodiments are described and claimed.
-
公开(公告)号:US20180113811A1
公开(公告)日:2018-04-26
申请号:US15332841
申请日:2016-10-24
Applicant: INTEL CORPORATION
Inventor: Bin Xing
IPC: G06F12/1009 , G06F12/128
CPC classification number: G06F12/1009 , G06F12/08 , G06F12/109 , G06F12/128 , G06F12/145 , G06F21/00 , G06F2212/1052 , G06F2212/657 , G06F2212/684 , G06F2212/69 , G06F2212/70
Abstract: An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.
-
-
-
-
-
-
-
-
-
Search Results
68
records
(took 0.027 seconds)
