公开(公告)号：US09767272B2

公开(公告)日：2017-09-19

申请号：US14518507

申请日：2014-10-20

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi L. Sahita ,  Yuriy Bulygin ,  Xiaoning Li ,  Jason W. Brandt

IPC: G06F21/00 ,  G06F21/52

CPC classification number: G06F21/52

Abstract: In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.

公开(公告)号：US09747442B2

公开(公告)日：2017-08-29

申请号：US14936266

申请日：2015-11-09

Applicant: Intel Corporation

Inventor： Xiaoning Li ,  William Wager ,  Nathan Bixler

IPC: G06F21/55 ,  G06F21/56 ,  G06F21/84 ,  G06F21/52 ,  G06T1/20 ,  G06T1/60

CPC classification number: G06F21/56 ,  G06F21/52 ,  G06F21/55 ,  G06F21/84 ,  G06F2221/034 ,  G06T1/20 ,  G06T1/60 ,  G06T2200/28

Abstract: Systems and techniques for preventing malicious instruction execution are described herein. A first instance of an instruction for a graphics processing unit (GPU) may be received. The instruction may be placed in a target list. A notification that the instruction caused a problem with the GPU may be received. The instruction may be moved from the target list to a black list in response to the notification. A second instance of the instruction may be received. The second instance of the instruction may be prevented from executing on the GPU in response to the instruction being on the black list.

公开(公告)号：US20170185400A1

公开(公告)日：2017-06-29

申请号：US14998367

申请日：2015-12-23

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Jason W. Brandt ,  Ravi L. Sahita ,  Xiaoning Li

IPC: G06F9/30 ,  G06F9/38

CPC classification number: G06F9/3005 ,  G06F9/30054 ,  G06F9/30145 ,  G06F9/3857 ,  G06F9/3861 ,  G06F9/3865 ,  G06F9/3867 ,  G06F21/554

Abstract: A processor includes an execution unit and a processing logic operatively coupled to the execution unit, the processing logic to: enter a first execution state and transition to a second execution state responsive to executing a control transfer instruction. Responsive to executing a target instruction of the control transfer instruction, the processing logic further transitions to the first execution state responsive to the target instruction being a control transfer termination instruction of a mode identical to a mode of the processing logic following the execution of the control transfer instruction; and raises an execution exception responsive to the target instruction being a control transfer termination instruction of a mode different than the mode of the processing logic following the execution of the control transfer instruction.

公开(公告)号：US20160063246A1

公开(公告)日：2016-03-03

申请号：US14936266

申请日：2015-11-09

Applicant: Intel Corporation

Inventor： Xiaoning Li ,  William Wager ,  Nathan Bixler

IPC: G06F21/56 ,  G06T1/60 ,  G06T1/20

CPC classification number: G06F21/56 ,  G06F21/52 ,  G06F21/55 ,  G06F21/84 ,  G06F2221/034 ,  G06T1/20 ,  G06T1/60 ,  G06T2200/28

Abstract: Systems and techniques for preventing malicious instruction execution are described herein. A first instance of an instruction for a graphics processing unit (GPU) may be received. The instruction may be placed in a target list. A notification that the instruction caused a problem with the GPU may be received. The instruction may be moved from the target list to a black list in response to the notification. A second instance of the instruction may be received. The second instance of the instruction may be prevented from executing on the GPU in response to the instruction being on the black list.

Abstract translation: 这里描述了用于防止恶意指令执行的系统和技术。 可以接收用于图形处理单元（GPU）的指令的第一实例。 该指令可以放在目标列表中。 可以接收到指令引起GPU的问题的通知。 响应于该通知，指令可以从目标列表移动到黑名单。 可以接收该指令的第二个实例。 可以防止指令的第二实例响应于黑名单上的指令而在GPU上执行。

公开(公告)号：US09239801B2

公开(公告)日：2016-01-19

申请号：US13910333

申请日：2013-06-05

Applicant: Intel Corporation

Inventor： Baiju V. Patel ,  Xiaoning Li ,  H P. Anvin ,  Asit K. Mallick ,  Gilbert Neiger ,  James B. Crossland ,  Toby Opferman ,  Atul A. Khare ,  Jason W. Brandt ,  James S. Coke ,  Brian L. Vajda

IPC: G06F12/14 ,  G06F9/30 ,  G06F9/45

CPC classification number: G06F12/145 ,  G06F8/434 ,  G06F9/30105 ,  G06F9/30134 ,  G06F21/52

Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.

Abstract translation: 示例处理系统可以包括：下堆叠绑定寄存器，被配置为存储第一存储器地址，第一存储器地址标识经由堆栈段可寻址的存储器的下限; 上堆叠绑定寄存器，其被配置为存储第二存储器地址，所述第二存储器地址通过所述堆栈段识别所述存储器可寻址的上限; 并且通过将经由所述堆栈段访问的存储器地址与所述第一存储器地址和所述第二存储器地址中的至少一个进行比较来配置用于检测未授权堆栈枢转的堆栈边界检查逻辑。

公开(公告)号：US09176838B2

公开(公告)日：2015-11-03

申请号：US13656406

申请日：2012-10-19

Applicant: Intel Corporation

Inventor： Xiaoning Li ,  Karanvir S. Grewal ,  Geoffrey H. Cooper ,  John R. Guzik

IPC: G06F11/30 ,  G06F21/00 ,  H04L29/06

CPC classification number: H04L9/3273 ,  G06F11/30 ,  G06F21/00 ,  H04L63/0227 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/166 ,  H04L2209/24

Abstract: Technologies are provided in example embodiments for analyzing an encrypted network flow. The technologies include monitoring the encrypted network flow between a first node and a second node, the network flow initiated from the first node; duplicating the encrypted network flow to form a copy of the encrypted network flow; decrypting the copy of the encrypted network flow using a shared secret, the shared secret associated with the first node and the second node; and scanning the network flow copy for targeted data.

Abstract translation: 在用于分析加密网络流的示例实施例中提供了技术。 所述技术包括监视第一节点和第二节点之间的加密网络流，所述网络流从所述第一节点发起; 复制加密网络流以形成加密网络流的副本; 使用共享密钥解密加密网络流的副本，与第一节点和第二节点相关联的共享秘密; 并扫描目标数据的网络流拷贝。