公开(公告)号：US20220335127A1

公开(公告)日：2022-10-20

申请号：US17739930

申请日：2022-05-09

Applicant: Intel Corporation

Inventor： Paul Carlson ,  Rahuldeva Ghosh ,  Baiju Patel ,  Zhong Chen

IPC: G06F21/56 ,  G06F12/0802 ,  G06N20/00 ,  G06F3/06 ,  G06F21/62 ,  G06F21/75

Abstract: The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.

公开(公告)号：US20220335117A1

公开(公告)日：2022-10-20

申请号：US17856574

申请日：2022-07-01

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Baiju Patel ,  Barry E. Huntley ,  Ravi L. Sahita ,  Hormuzd M. Khosravi

IPC: G06F21/44 ,  G06F9/30

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

公开(公告)号：US20220198027A1

公开(公告)日：2022-06-23

申请号：US17133627

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Baiju Patel

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/79 ,  G06F15/78

Abstract: Methods and apparatus relating to a Converged Cryptographic Engine (CCE) for storage encryption are described. In an embodiment, decode circuitry decodes an instruction to determine whether Converged Cryptographic Engine (CCE) circuitry is enabled. Execution circuitry executes the instruction to program a plurality of keys in response to the CCE circuitry being enabled. The CCE circuitry performs all encryption and all decryption of data to be transferred between a memory and a storage device based at least in part on at least one of the plurality of keys. Other embodiments are also disclosed and claimed.

公开(公告)号：US20220100864A1

公开(公告)日：2022-03-31

申请号：US17547739

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20220100863A1

公开(公告)日：2022-03-31

申请号：US17546243

申请日：2021-12-09

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/14 ,  H04L9/32 ,  H04L9/08

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20200226263A1

公开(公告)日：2020-07-16

申请号：US16832138

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20200159675A1

公开(公告)日：2020-05-21

申请号：US16717374

申请日：2019-12-17

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  H04L29/06 ,  G06F21/55 ,  G06F21/72

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US10649911B2

公开(公告)日：2020-05-12

申请号：US15940490

申请日：2018-03-29

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

Abstract: Embodiment of this disclosure provide techniques to support full memory paging between different trust domains (TDs) in compute system without losing any of the security properties, such as tamper resistant/detection and confidentiality, on a per TD basis. In one embodiment, a processing device including a memory controller and a memory paging circuit operatively coupled to the memory controller is provided. The memory paging circuit is to evict a memory page associated with a trust domain (TD) executed by the processing device. A binding of the memory page to a first memory location of the TD is removed. A transportable page that includes encrypted contents of the memory page is created. Thereupon, the memory page is provided to a second memory location.

公开(公告)号：US20190220601A1

公开(公告)日：2019-07-18

申请号：US16362218

申请日：2019-03-22

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Ioannis T. Schoinas ,  Yu-Yuan Chen ,  Raghunandan Makaram ,  David J. Harriman ,  Baiju Patel ,  Ronald Perez ,  Matthew E. Hoekstra ,  Reshma Lal

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/72 ,  G06F21/85

CPC classification number: G06F21/57 ,  G06F9/505 ,  G06F21/72 ,  G06F21/85 ,  G06F2221/034

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

公开(公告)号：US20190042466A1

公开(公告)日：2019-02-07

申请号：US15940490

申请日：2018-03-29

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/0891 ,  G06F12/14

Abstract: Embodiment of this disclosure provide techniques to support full memory paging between different trust domains (TDs) in compute system without losing any of the security properties, such as tamper resistant/detection and confidentiality, on a per TD basis. In one embodiment, a processing device including a memory controller and a memory paging circuit operatively coupled to the memory controller is provided. The memory paging circuit is to evict a memory page associated with a trust domain (TD) executed by the processing device. A binding of the memory page to a first memory location of the TD is removed. A transportable page that includes encrypted contents of the memory page is created. Thereupon, the memory page is provided to a second memory location.