公开(公告)号：US20170091487A1

公开(公告)日：2017-03-30

申请号：US14866211

申请日：2015-09-25

Applicant: INTEL CORPORATION

Inventor： MICHAEL LEMAY

IPC: G06F21/72 ,  H04L9/32 ,  G06F9/455

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/79 ,  G06F2009/45583 ,  H04L9/3234 ,  H04L9/3242

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for secure memory page mapping in a virtual machine (VM) environment. The system may include a processor configured to execute a virtual machine monitor (VMM). The VMM may be configured to maintain a table of cryptographic keys and associate a token with one of the memory pages to be mapped from a guest linear address (GLA) to a guest physical address (GPA). The token may include a key identifier (key ID) associated with one of the cryptographic keys, and an authentication code based on the GLA, the GPA, and one of the cryptographic keys. The system may also include a page walk processor configured to validate the token to indicate that the memory page associated with the token is authorized to be mapped from the GLA to the GPA.

公开(公告)号：US20160378490A1

公开(公告)日：2016-12-29

申请号：US14752079

申请日：2015-06-26

Applicant: Intel Corporation

Inventor： MICHAEL LEMAY ,  DAVID M. DURHAM ,  BARRY E. HUNTLEY ,  VEDVYAS SHANBHOGUE ,  RAVI L. SAHITA ,  RAVI RAJWAR

IPC: G06F9/38 ,  G06F11/07

CPC classification number: G06F9/3802 ,  G06F9/3004 ,  G06F9/30076 ,  G06F9/30145 ,  G06F9/30167 ,  G06F9/30189 ,  G06F9/46 ,  G06F11/0745 ,  G06F11/0751

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for protecting confidential data with transactional processing in execute-only memory. The system may include a memory module configured to store an execute-only code page. The system may also include a transaction processor configured to enforce a transaction region associated with at least a portion of the code page. The system may further include a processor configured to execute a load instruction fetched from the code page, the load instruction configured to load at least a portion of the confidential data from an immediate operand of the load instruction if a transaction mode of the transaction region is enabled.

Abstract translation: 通常，本公开提供了用于在仅执行存储器中用事务处理保护机密数据的系统，设备，方法和计算机可读介质。 该系统可以包括被配置为存储仅执行代码页的存储器模块。 系统还可以包括配置成强制与代码页的至少一部分相关联的事务区域的事务处理器。 该系统还可以包括：处理器，其被配置为执行从代码页取出的加载指令，所述加载指令被配置为如果交易区域的交易模式是来自加载指令的即时操作数，则加载秘密数据的至少一部分 启用

公开(公告)号：US20210200673A1

公开(公告)日：2021-07-01

申请号：US16728800

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： DEEPAK GUPTA ,  MINGWEI ZHANG ,  RAVI SAHITA ,  VEDVYAS SHANBHOGUE ,  MICHAEL LEMAY ,  DAVID M. DURHAM

IPC: G06F12/02 ,  G06F12/0895 ,  G06F9/30

Abstract: An apparatus and method for memory management using compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request using a first linear address; and address translation circuitry to perform a first walk operation through a set of one or more address translation tables to translate the first linear address to a first physical address, the address translation circuitry to concurrently perform a second walk operation through a set of one or more linear address metadata tables to identify metadata associated with the linear address, and to use one or more portions of the metadata to validate access by the at least one instruction to the first physical address.

公开(公告)号：US20190102567A1

公开(公告)日：2019-04-04

申请号：US15721082

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： MICHAEL LEMAY ,  DAVID D. DURHAM ,  MINGWEI ZHANG ,  VEDVYAS SHANBHOGUE

IPC: G06F21/62 ,  G06F21/53 ,  G06F21/44 ,  G06F21/78

Abstract: Apparatuses for computing are disclosed herein. In embodiments, an apparatus may include one or more processors, a memory, and a compiler to be operated by the one or more processors to compile a computer program. The compiler may include one or more analyzers to parse and analyze source code of the computer program that generates pointers or de-references pointers. The compiler may also include a code generator coupled to the one or more analyzers to generate executable instructions for the source code of the computer program including insertion of additional encryption or decryption executable instructions into the computer program, based at least in part on a result of the analysis, to authenticate memory access operations of the source code.

公开(公告)号：US20190095796A1

公开(公告)日：2019-03-28

申请号：US15713573

申请日：2017-09-22

Applicant: INTEL CORPORATION

Inventor： LI CHEN ,  MICHAEL LEMAY ,  YE ZHUANG

IPC: G06N3/08 ,  G06F9/50

Abstract: Logic may determine a physical resource assignment via a neural network logic trained to determine an optimal policy for assignment of the physical resources in source code. Logic may generate training data to train a neural network by generating multiple instances of machine code for one or more source codes in accordance with different policies. Logic may generate different policies by adjusting, combining, mutating, and/or randomly changing a previous policy. Logic may execute and measure and/or statically determine measurements for each instance of a machine code associated with a source code to determine a reward associated with each state in the source code. Logic may apply weights and biases to the training data to approximate a value function. Logic may determine a gradient descent of the approximated value function and may backpropagate the output from the gradient descent to adjust the weights and biases to determine an optimal policy.

公开(公告)号：US20170249261A1

公开(公告)日：2017-08-31

申请号：US15175348

申请日：2016-06-07

Applicant: Intel Corporation

Inventor： DAVID M. DURHAM ,  RAVI L. SAHITA ,  GILBERT NEIGER ,  VEDVYAS SHANBHOGUE ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY ,  JOSEPH F. CIHULA ,  ARUMUGAM THIYAGARAJAH ,  ASIT K. MALLICK ,  BARRY E. HUNTLEY ,  DAVID A. KOUFATY ,  DEEPAK K. GUPTA ,  BAIJU V. PATEL

IPC: G06F12/14 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45533 ,  G06F12/1009 ,  G06F12/1027 ,  G06F21/78 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/656 ,  G06F2212/657

Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US20150378633A1

公开(公告)日：2015-12-31

申请号：US14320334

申请日：2014-06-30

Applicant: Intel Corporation

Inventor： RAVI L. SAHITA ,  VEDVYAS SHANBHOGUE ,  GILBERT NEIGER ,  JONATHAN EDWARDS ,  IDO OUZIEL ,  BARRY E. HUNTLEY ,  STANISLAV SHWARTSMAN ,  DAVID M. DURHAM ,  ANDREW V. ANDERSON ,  MICHAEL LEMAY

IPC: G06F3/06 ,  G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45558 ,  G06F9/3004 ,  G06F9/30076 ,  G06F12/1009 ,  G06F2009/45583 ,  G06F2212/657

Abstract: An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages.

Abstract translation: 一种细粒度记忆保护装置和方法。 例如，方法的一个实施例包括：使用虚拟地址执行第一查找操作以识别存储器页面的物理地址，所述存储器页面包括多个子页面; 确定是否为所述存储器页启用子页面许可; 如果启用子页面许可，则执行第二查找操作以确定与存储器页面的一个或多个子页面相关联的许可; 以及实现与一个或多个子页面相关联的许可。