SECURING DATA DIRECT I/O FOR A SECURE ACCELERATOR INTERFACE

    公开(公告)号:US20190042477A1

    公开(公告)日:2019-02-07

    申请号:US16023661

    申请日:2018-06-29

    Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

    TECHNOLOGIES FOR PROTECTING VIRTUAL MACHINE MEMORY

    公开(公告)号:US20180373647A1

    公开(公告)日:2018-12-27

    申请号:US15633259

    申请日:2017-06-26

    Abstract: Technologies for protecting virtual machine memory of a compute device include a virtual machine (VM) instantiated on the compute device, a virtual machine monitor (VMM) established on the compute device to control operation of the VM, a secured memory, and a memory manager. The memory manager receives a memory access request that includes a virtual linear address (LA) from the VM and performs a translation of the LA to a translated host physical address (HPA) of the compute device using one or more page tables associated with the VM and VMM. The memory manager determines whether a secured translation mapping of LA-to-HPA that corresponds to the LA is locked. If the mapping is locked, the memory manager verifies the translation based on a comparison of the translated HPA to a HPA translated using the secured translation mapping and, if verified, performs the memory access request using the translated HPA.

    TECHNOLOGIES FOR MULTI-FACTOR SECURITY ANALYSIS AND RUNTIME CONTROL
    76.
    发明申请
    TECHNOLOGIES FOR MULTI-FACTOR SECURITY ANALYSIS AND RUNTIME CONTROL 审中-公开
    多因素安全分析与运行控制技术

    公开(公告)号:US20160364566A1

    公开(公告)日:2016-12-15

    申请号:US15166952

    申请日:2016-05-27

    Abstract: Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

    Abstract translation: 用于由计算设备进行客户端Web应用运行时控制和多因素安全性分析的技术包括从web服务器接收与基于浏览器的应用相关联的应用代码。 计算设备收集由计算设备的至少一个传感器生成的实时数据,并且根据所收集的实时数据和应用代码执行基于浏览器的应用的多因素安全性评估。 此外,计算设备响应于执行多因素安全评估而建立与基于浏览器的应用相关联的客户端级Web应用运行时安全性策略,并且实施客户端级Web应用运行时安全策略。

    METHOD AND APPARATUS FOR SECURE NETWORK ENCLAVES

    公开(公告)号:US20160261570A1

    公开(公告)日:2016-09-08

    申请号:US15085114

    申请日:2016-03-30

    CPC classification number: H04L63/061 H04L9/083 H04L9/321 H04L9/3247

    Abstract: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.

Patent Agency Ranking