公开(公告)号：US08819455B2

公开(公告)日：2014-08-26

申请号：US13646105

申请日：2012-10-05

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G06F12/1408 ,  G06F21/71

摘要： A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended.

摘要翻译： 处理器包括为存储器区域提供重放和保密性保护的存储器加密引擎。 存储器加密引擎沿着计数器树结构执行低架构并行化的树行走。 存储器加密引擎在接收到对受保护的存储器区域的传入读取请求时，执行依赖性检查操作以识别传入的读取请求与进程内请求之间的依赖关系，并且当进程内请求是读取请求时，去除依赖关系 目前尚未暂停。

公开(公告)号：US20140208109A1

公开(公告)日：2014-07-24

申请号：US13976935

申请日：2011-12-28

申请人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

发明人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

IPC分类号： H04L29/06

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/78 ,  G06F21/79 ,  H04L9/0643 ,  H04L2209/12

摘要： A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength.

摘要翻译： 一种方法和系统，为存储在存储器中的敏感信息提供有效，可扩展且低成本的保密性，完整性和重放保护解决方案，并防止攻击者观察和/或修改系统的状态。 在本发明的一个实施例中，系统通过经由XTS调整加密模式对其存储器内容具有强大的硬件保护，其中基于“全局和本地计数器”导出调整。 该方案提供了通过允许多个计数器级别为任何大小的存储器提供芯片区域高效的重放保护，并有助于使用小型计数器来导出XTS加密中使用的“调​​整”，而不会牺牲加密强度。

公开(公告)号：US09053346B2

公开(公告)日：2015-06-09

申请号：US13976930

申请日：2011-12-28

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

IPC分类号： G06F12/00 ,  G06F21/64 ,  G06F12/14 ,  G06F21/00 ,  G06F21/77

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/77

摘要： A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads.

摘要翻译： 一种提供低开销加密方案的方法和系统，其通过去除加密树的各个级别之间的关键读后依赖关系来提供内存机密性，完整性和重放保护。 在本发明的一个实施例中，子节点的密码处理可以与母节点的密码处理流水线化。 由本发明提供的这种并行化导致密码流水线的有效利用，能够显着降低性能开销。

公开(公告)号：US20080163375A1

公开(公告)日：2008-07-03

申请号：US11647896

申请日：2006-12-28

申请人： Uday R. Savagaonkar ,  David M. Durham

发明人： Uday R. Savagaonkar ,  David M. Durham

IPC分类号： H04L9/32

CPC分类号： G06F21/64

摘要： Methods and apparatuses enable embedding integrity manifest information into a program in volatile memory. Instead of having fixed integrity manifest information that cannot be changed after compilation, a file of a format supporting relocatable file sections can store the integrity manifest information for a program. The integrity manifest information can be modified in-line, while the file is loaded in volatile memory, and the information stored to disk for later re-use. The program and its associated file can include a modifiable integrity manifest indicator that provides the location and size of the integrity manifest, and can be changed as appropriate. The indicator can be passed to a service processor to indicate the integrity manifest to the service processor.

摘要翻译： 方法和装置能够将完整性清单信息嵌入到易失性存储器中的程序中。 编译后无法修改无法修改的完整性清单信息，而是支持可重定位文件段的格式的文件可以存储程序的完整性清单信息。 完整性清单信息可以在线修改，同时将文件加载到易失性存储器中，并将信息存储到磁盘以供以后重新使用。 该程序及其关联的文件可以包括可修改的完整性清单指示符，其提供完整性清单的位置和大小，并且可以适当地改变。 指示符可以被传递到服务处理器以指示服务处理器的完整性清单。

公开(公告)号：US08286238B2

公开(公告)日：2012-10-09

申请号：US11540373

申请日：2006-09-29

申请人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

发明人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

IPC分类号： H04L29/06

CPC分类号： G06F8/656

摘要： Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.

摘要翻译： 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中，包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁，并且不会暂停程序的执行。

公开(公告)号：US20090172341A1

公开(公告)日：2009-07-02

申请号：US11967458

申请日：2007-12-31

申请人： David M. Durham ,  Uday R. Savagaonkar ,  Ravi Sahita

发明人： David M. Durham ,  Uday R. Savagaonkar ,  Ravi Sahita

IPC分类号： G06F12/10

CPC分类号： G06F12/1009 ,  G06F9/461 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/145 ,  G06F2212/651

摘要： Embodiments of an invention for using a memory address translation structure to manage protected micro-contexts are disclosed. In one embodiment, an apparatus includes an interface and memory management logic. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, and determination logic. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage.

摘要翻译： 公开了使用存储器地址转换结构来管理受保护的微上下文的发明的实施例。 在一个实施例中，一种装置包括接口和存储器管理逻辑。 该接口是执行一个事务来从内存中获取信息。 存储器管理逻辑将非翻译地址转换为存储器地址。 存储器管理逻辑包括存储位置，一系列转换级和确定逻辑。 存储位置是存储用于第一翻译阶段的数据结构的地址。 每个翻译阶段包括翻译逻辑，以基于未翻译地址的一部分在数据结构中找到条目。 每个条目是存储用于第一翻译阶段的不同数据结构的地址，用于连续翻译阶段的数据结构的地址或物理地址。 确定逻辑是确定条目是否存储用于第一翻译阶段的不同数据结构的地址。

公开(公告)号：US20080083030A1

公开(公告)日：2008-04-03

申请号：US11540373

申请日：2006-09-29

申请人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

发明人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

IPC分类号： G06F12/14

CPC分类号： G06F8/656

摘要： Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.

摘要翻译： 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中，包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁，并且不会暂停程序的执行。

公开(公告)号：US08560806B2

公开(公告)日：2013-10-15

申请号：US11967458

申请日：2007-12-31

申请人： David M. Durham ,  Uday R. Savagaonkar ,  Ravi Sahita

发明人： David M. Durham ,  Uday R. Savagaonkar ,  Ravi Sahita

IPC分类号： G06F12/10 ,  G06F9/46

CPC分类号： G06F12/1009 ,  G06F9/461 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/145 ,  G06F2212/651

摘要： Embodiments of an invention for using a memory address translation structure to manage protected micro-contexts are disclosed. In one embodiment, an apparatus includes an interface and memory management logic. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, and determination logic. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address. Each entry is to store an address of a different data structure for the first translation stage, an address of a data structure for a successive translation stage, or the physical address. The determination logic is to determine whether an entry is storing an address of a different data structure for the first translation stage.

摘要翻译： 公开了使用存储器地址转换结构来管理受保护的微上下文的发明的实施例。 在一个实施例中，一种装置包括接口和存储器管理逻辑。 该接口是执行一个事务来从内存中获取信息。 存储器管理逻辑将非翻译地址转换为存储器地址。 存储器管理逻辑包括存储位置，一系列转换级和确定逻辑。 存储位置是存储用于第一翻译阶段的数据结构的地址。 每个翻译阶段包括翻译逻辑，以基于未翻译地址的一部分在数据结构中找到条目。 每个条目是存储用于第一翻译阶段的不同数据结构的地址，用于连续翻译阶段的数据结构的地址或物理地址。 确定逻辑是确定条目是否存储用于第一翻译阶段的不同数据结构的地址。

公开(公告)号：US20090172346A1

公开(公告)日：2009-07-02

申请号：US11967500

申请日：2007-12-31

申请人： Ravi Sahita ,  Uday R. Savagaonkar ,  David M. Durham ,  Andrew V. Anderson ,  Ulhas Warrier

发明人： Ravi Sahita ,  Uday R. Savagaonkar ,  David M. Durham ,  Andrew V. Anderson ,  Ulhas Warrier

IPC分类号： G06F9/26

CPC分类号： G06F12/145 ,  G06F9/5077

摘要： Embodiments of apparatuses, articles, methods, and systems for intra-partitioning components within an execution environment, and transitioning between partitions using a page table pointer target list are generally described herein. Other embodiments may be described and claimed.

摘要翻译： 这里一般地描述使用页表指针目标列表在执行环境内进行分区内组件的设备，物品，方法和系统的实施例以及在分区之间的转换。 可以描述和要求保护其他实施例。

公开(公告)号：US20180189464A1

公开(公告)日：2018-07-05

申请号：US15395399

申请日：2016-12-30

申请人： Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Karanvir S. Grewal ,  David M. Durham

发明人： Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Karanvir S. Grewal ,  David M. Durham

IPC分类号： G06F21/12

CPC分类号： G06F21/126 ,  G06F2221/0735

摘要： A trusted time service is provided that can detect resets of a real-time clock and re-initialize the real-time clock with the correct time. The trusted time service provides a secure communication channel from an application requesting a timestamp to the real-time clock, so that malicious code (such as a compromised operating system) cannot intercept a timestamp as it is communicated from the real-time clock to the application. The trusted time service synchronizes wall-clock time with a trusted time server, as well as protects against replay attacks, where a valid data transmission (such as transmission of a valid timestamp) is maliciously or fraudulently repeated or delayed.