-
公开(公告)号:US20190044973A1
公开(公告)日:2019-02-07
申请号:US16023941
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: Sergej Deutsch , David Durham , Karanvir Grewal , Rajat Agarwal
Abstract: The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.
-
公开(公告)号:US20180357093A1
公开(公告)日:2018-12-13
申请号:US16108395
申请日:2018-08-22
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , David M. Durham
CPC classification number: G06F9/45558 , G06F12/109 , G06F12/1408 , G06F12/145 , G06F21/53 , G06F21/602 , G06F21/6281 , G06F2009/45583 , G06F2009/45587 , G06F2212/1052 , G06F2221/2141 , G06F2221/2149
Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
-
13.发明申请公开(公告)号:US20250094275A1
公开(公告)日:2025-03-20
申请号:US18808871
申请日:2024-08-19
Applicant: Intel Corporation
Inventor: Sergej Deutsch , David M. Durham , Karanvir Grewal , Rajat Agarwal
Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
-
公开(公告)号:US20250004879A1
公开(公告)日:2025-01-02
申请号:US18346034
申请日:2023-06-30
Applicant: Intel Corporation
Inventor: David M. Durham , Sergej Deutsch , Salmin Sultana , Karanvir Grewal
Abstract: Techniques for error correction with memory safety and compartmentalization are described. In an embodiment, an apparatus includes a processor to provide a first set of data bits and a first tag in connection with a store operation, and an error correcting code (ECC) generation circuit to generate a first set of ECC bits based on a first set of data bits and a first tag.
-
15.发明公开公开(公告)号:US20240053904A1
公开(公告)日:2024-02-15
申请号:US17944352
申请日:2022-09-14
Applicant: Intel Corporation
Inventor: Sergej Deutsch , David M. Durham , Karanvir Grewal , Rajat Agarwal
IPC: G06F3/06
CPC classification number: G06F3/0622 , G06F3/0673 , G06F3/0629
Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
-
Patent Agency Ranking
公开(公告)号:US10691482B2
公开(公告)日:2020-06-23
申请号:US16108395
申请日:2018-08-22
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , David M. Durham
Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
-
17.发明公开公开(公告)号:US20240220357A1
公开(公告)日:2024-07-04
申请号:US18147521
申请日:2022-12-28
Applicant: Intel Corporation
Inventor: David M. Durham , Sergej Deutsch , Karanvir Grewal
CPC classification number: G06F11/1044 , H04L9/0816
Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
-
公开(公告)号:US11562063B2
公开(公告)日:2023-01-24
申请号:US17114246
申请日:2020-12-07
Applicant: INTEL CORPORATION
Inventor: Michael Lemay , David M. Durham , Michael E. Kounavis , Barry E. Huntley , Vedvyas Shanbhogue , Jason W. Brandt , Josh Triplett , Gilbert Neiger , Karanvir Grewal , Baiju Patel , Ye Zhuang , Jr-Shian Tsai , Vadim Sukhomlinov , Ravi Sahita , Mingwei Zhang , James C. Farwell , Amitabh Das , Krishna Bhuyan
Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
-
19.发明申请公开(公告)号:US20220114112A1
公开(公告)日:2022-04-14
申请号:US17559258
申请日:2021-12-22
Applicant: Intel Corporation
Inventor: Sergej Deutsch , Karanvir Grewal , David M. Durham , Rajat Agarwal
IPC: G06F12/14 , G06F12/0853 , G06F11/10 , G06F11/07
Abstract: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.
-
公开(公告)号:US11003584B2
公开(公告)日:2021-05-11
申请号:US16288844
申请日:2019-02-28
Applicant: Intel Corporation
Inventor: Kai Cong , Karanvir Grewal , Siddhartha Chhabra , Sergej Deutsch , David Michael Durham
Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
33
records
(took 0.016 seconds)
