公开(公告)号：US20190138719A1

公开(公告)日：2019-05-09

申请号：US16234140

申请日：2018-12-27

申请人： Salmin Sultana ,  Li Chen ,  Abhishek Basak ,  Jason Martin ,  Justin Gottschlich

发明人： Salmin Sultana ,  Li Chen ,  Abhishek Basak ,  Jason Martin ,  Justin Gottschlich

IPC分类号： G06F21/55 ,  G06N20/00

摘要： Methods, apparatus, systems and articles of manufacture for detecting a side channel attack are disclosed. An example apparatus includes a histogram generator to generate a histogram representing cache access activities. A histogram analyzer is to determine at least one statistic based on the histogram. A machine learning model processor is to apply a machine learning model to the at least one statistic to attempt to identify a side channel attack. A multiple hypothesis tester to perform multiple hypothesis testing to determine a probability of the cache access activities being benign. An anomaly detection orchestrator is to, in response to the machine learning model processor identifying that the at least one statistic is indicative of the side channel attack and the probability not satisfying a similarity threshold, cause the performance of a responsive action to mitigate the side channel attack.

公开(公告)号：US20190130101A1

公开(公告)日：2019-05-02

申请号：US16234144

申请日：2018-12-27

申请人： Li Chen ,  Abhishek Basak ,  Salmin Sultana ,  Justin Gottschlich

发明人： Li Chen ,  Abhishek Basak ,  Salmin Sultana ,  Justin Gottschlich

IPC分类号： G06F21/55 ,  G06N20/00 ,  G06N3/08

摘要： Methods, apparatus, systems and articles of manufacture for detecting a side channel attack using hardware performance counters are disclosed. An example apparatus includes a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time. A machine learning model processor is to apply a machine learning model to predict a third value corresponding to the second time. An error vector generator is to generate an error vector representing a difference between the second value and the third value. An error vector analyzer is to determine a probability of the error vector indicating an anomaly. An anomaly detection orchestrator is to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate the side channel anomaly.

公开(公告)号：US20190130096A1

公开(公告)日：2019-05-02

申请号：US16234085

申请日：2018-12-27

申请人： Li Chen ,  Kai Cong ,  Salmin Sultana

发明人： Li Chen ,  Kai Cong ,  Salmin Sultana

IPC分类号： G06F21/55 ,  G06N20/00

摘要： The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.

公开(公告)号：US20210150040A1

公开(公告)日：2021-05-20

申请号：US17134405

申请日：2020-12-26

申请人： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana

发明人： David M. Durham ,  Karanvir S. Grewal ,  Michael D. LeMay ,  Salmin Sultana

IPC分类号： G06F21/60 ,  G06F21/79 ,  G06F21/54 ,  G06F9/30 ,  G06F9/50

摘要： A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.

公开(公告)号：US20190228155A1

公开(公告)日：2019-07-25

申请号：US16370849

申请日：2019-03-29

申请人： Abhishek Basak ,  Li Chen ,  Salmin Sultana ,  Anna Trikalinou ,  Erdem Aktas ,  Saeedeh Komijani

发明人： Abhishek Basak ,  Li Chen ,  Salmin Sultana ,  Anna Trikalinou ,  Erdem Aktas ,  Saeedeh Komijani

IPC分类号： G06F21/56 ,  G06F12/1027 ,  G06F21/55 ,  G06N20/00

摘要： Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.

公开(公告)号：US10248424B2

公开(公告)日：2019-04-02

申请号：US15283370

申请日：2016-10-01

申请人： Salmin Sultana ,  Stanislav Bratanov ,  David M. Durham ,  Beeman C. Strong

发明人： Salmin Sultana ,  Stanislav Bratanov ,  David M. Durham ,  Beeman C. Strong

IPC分类号： G06F9/44 ,  G06F9/38 ,  G06F11/36 ,  G06F9/30

摘要： One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.

公开(公告)号：US20180095764A1

公开(公告)日：2018-04-05

申请号：US15283370

申请日：2016-10-01

申请人： SALMIN SULTANA ,  STANISLAV BRATANOV ,  DAVID M. DURHAM ,  BEEMAN C. STRONG

发明人： SALMIN SULTANA ,  STANISLAV BRATANOV ,  DAVID M. DURHAM ,  BEEMAN C. STRONG

IPC分类号： G06F9/38 ,  G06F11/36 ,  G06F9/30

CPC分类号： G06F9/3806 ,  G06F9/3016 ,  G06F11/3636 ,  G06F11/3648

摘要： One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.