公开(公告)号：US20190042476A1

公开(公告)日：2019-02-07

申请号：US16023576

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Rajat Agarwal ,  Baiju Patel ,  Kirk Yap

IPC: G06F12/14 ,  G06F21/78 ,  G06F21/64 ,  G06F21/60 ,  H04L9/32 ,  G06F9/455

Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

公开(公告)号：US10091216B2

公开(公告)日：2018-10-02

申请号：US15081992

申请日：2016-03-28

Applicant: Intel Corporation

Inventor： Gal Chanoch ,  Eran Birk ,  Baiju Patel ,  Steven Grobman ,  Tobias Kohlenberg ,  Rajeev Gopalakrishna

IPC: H04L29/06 ,  G06F21/54

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

公开(公告)号：US09990206B2

公开(公告)日：2018-06-05

申请号：US13843164

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Hong Wang ,  John Shen ,  Edward Grochowski ,  Richard Hankins ,  Gautham Chinya ,  Bryant Bigbee ,  Shivnandan Kaushik ,  Xiang Chris Zou ,  Per Hammarlund ,  Scott Dion Rodgers ,  Xinmin Tian ,  Anil Aggawal ,  Prashant Sethi ,  Baiju Patel ,  James Held

IPC: G06F9/46 ,  G06F9/38 ,  G06F9/30 ,  G06F9/48

CPC classification number: G06F9/3867 ,  G06F9/30003 ,  G06F9/30043 ,  G06F9/3005 ,  G06F9/3009 ,  G06F9/30145 ,  G06F9/3017 ,  G06F9/30174 ,  G06F9/3851 ,  G06F9/4843 ,  G06F9/4881

Abstract: In an embodiment, a method is provided. The method includes managing user-level threads on a first instruction sequencer in response to executing user-level instructions on a second instruction sequencer that is under control of an application level program. A first user-level thread is run on the second instruction sequencer and contains one or more user level instructions. A first user level instruction has at least 1) a field that makes reference to one or more instruction sequencers or 2) implicitly references with a pointer to code that specifically addresses one or more instruction sequencers when the code is executed.

公开(公告)号：US20180101484A1

公开(公告)日：2018-04-12

申请号：US15727810

申请日：2017-10-09

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  H04L29/06 ,  G06F21/72 ,  G06F21/55

CPC classification number: G06F12/1408 ,  G06F21/556 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/1433

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US09811479B2

公开(公告)日：2017-11-07

申请号：US15257544

申请日：2016-09-06

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F21/72 ,  G06F21/55 ,  G06F12/14 ,  H04L29/06

CPC classification number: G06F12/1408 ,  G06F21/556 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/1433

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US09436847B2

公开(公告)日：2016-09-06

申请号：US14498540

申请日：2014-09-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F21/72 ,  G06F21/55

CPC classification number: G06F12/1408 ,  G06F21/556 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/1433

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

Abstract translation: 计算设备包括用于保护由处理器用于执行存储器访问（例如，读/写/执行）操作的间接地址（例如，指针）的技术。 计算设备使用元数据和加密算法对间接地址进行编码。 元数据可以存储在间接地址的未使用部分中。

公开(公告)号：US20150070368A1

公开(公告)日：2015-03-12

申请号：US14541933

申请日：2014-11-14

Applicant: Intel Corporation

Inventor： Hong Wang ,  John Shen ,  Hong Jiang ,  Richard Hankins ,  Per Hammarlund ,  Dion Rodgers ,  Gautham Chinya ,  Baiju Patel ,  Shiv Kaushik ,  Bryant Bigbee ,  Gad Sheaffer ,  Yoav Talgam ,  Yuval Yosef ,  James P. Held

IPC: G06F9/30 ,  G06T1/20

CPC classification number: G06F9/30145 ,  G06F9/30 ,  G06F9/30181 ,  G06F9/3877 ,  G06F9/3879 ,  G06T1/20

Abstract: In one embodiment, the present invention includes a method for directly communicating between an accelerator and an instruction sequencer coupled thereto, where the accelerator is a heterogeneous resource with respect to the instruction sequencer. An interface may be used to provide the communication between these resources. Via such a communication mechanism a user-level application may directly communicate with the accelerator without operating system support. Further, the instruction sequencer and the accelerator may perform operations in parallel. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明包括一种用于在加速器和与其耦合的指令定序器之间直接通信的方法，其中加速器是相对于指令定序器的异构资源。 可以使用接口来提供这些资源之间的通信。 通过这种通信机制，用户级应用可以直接与加速器进行通信，而无需操作系统支持。 此外，指令定序器和加速器可以并行地执行操作。 描述和要求保护其他实施例。

公开(公告)号：US12177343B2

公开(公告)日：2024-12-24

申请号：US17358952

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Siddhartha Chhabra ,  Prashant Dewan ,  Ofir Shwartz

IPC: H04L9/08

Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.

公开(公告)号：US11825000B2

公开(公告)日：2023-11-21

申请号：US17742774

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

CPC classification number: H04L9/3278 ,  H04L9/0869 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3268

Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.

公开(公告)号：US20220335127A1

公开(公告)日：2022-10-20

申请号：US17739930

申请日：2022-05-09

Applicant: Intel Corporation

Inventor： Paul Carlson ,  Rahuldeva Ghosh ,  Baiju Patel ,  Zhong Chen

IPC: G06F21/56 ,  G06F12/0802 ,  G06N20/00 ,  G06F3/06 ,  G06F21/62 ,  G06F21/75

Abstract: The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.