公开(公告)号：US20170288874A1

公开(公告)日：2017-10-05

申请号：US15087144

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： ALPA T. NARENDRA TRIVEDI ,  SIDDHARTHA CHHABRA ,  DAVID M. DURHAM

IPC: H04L9/32 ,  G06F9/455 ,  G06F21/57 ,  H04L29/06

Abstract: This disclosure is directed to cryptographic protection for trusted operating systems. In general, a device may comprise for example, at least processing circuitry and memory circuitry. The device may be virtualized in that the processing circuitry may load virtual machines (VMs) and a virtual machine manager (VMM) into the memory circuitry during operation. At least one of the VMs may operate as a trusted execution environment (TEE) including a trusted operating system (TOS). The processing circuitry may comprise encryption circuitry to cryptographically protect the TOS. For example, the VMM may determine a first memory range in which the TOS will be loaded and store data regarding the first memory range in a register within the encryption circuitry. The register configures the encryption circuitry to cryptographically protect the TOS.

公开(公告)号：US20180095899A1

公开(公告)日：2018-04-05

申请号：US15283339

申请日：2016-10-01

Applicant: Intel Corporation

Inventor： DAVID E. DURHAM ,  SIDDHARTHA CHHABRA ,  SERGE J. DEUTSCH ,  MICHAEL E. KOUNAVIS ,  ALPA T. NARENDRA TRIVEDI

IPC: G06F12/14 ,  G06F12/128 ,  G06F12/0831

CPC classification number: G06F12/1408 ,  G06F12/0831 ,  G06F12/12 ,  G06F12/128 ,  G06F12/1475 ,  G06F2212/1052 ,  G06F2212/621

Abstract: Embodiments of apparatus, method, and storage medium associated with MCCG memory integrity for securing/protecting memory content/data of VM or enclave are described herein. In some embodiments, an apparatus may include one or more encryption engines to encrypt a unit of data to be stored in a memory in response to a write operation from a VM or an enclave of an application, prior to storing the unit of data into the memory in an encrypted form; wherein to encrypt the unit of data, the one or more encryption engines are to encrypt the unit of data using at least a key domain selector associated with the VM or enclave, and a tweak based on a color within a color group associated with the VM or enclave. Other embodiments may be described and/or claimed.

公开(公告)号：US20150278512A1

公开(公告)日：2015-10-01

申请号：US14228994

申请日：2014-03-28

Applicant: Intel Corporation

Inventor： PRASHANT DEWAN ,  UTTAM K. SENGUPTA ,  SIDDHARTHA CHHABRA ,  DAVID M. DURHAM ,  XIAOZHU KANG ,  UDAY R. SAVAGAONKAR ,  ALPA T. NARENDRA TRIVEDI

IPC: G06F21/53 ,  H04L9/32 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45504 ,  G06F9/45558 ,  G06F9/5011 ,  G06F9/5072 ,  G06F21/554 ,  G06F21/84 ,  G06F2009/45587 ,  G06F2213/0038 ,  H04L9/3247

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.

Abstract translation: 通常，本公开提供了用于基于虚拟化的块内工作负载隔离的系统，设备，方法和计算机可读介质。 该系统可以包括用于创建安全虚拟化环境或沙箱的虚拟机管理器（VMM）模块。 该系统还可以包括处理器块，用于将数据加载到沙箱的第一区域中，并且基于该数据生成工作负载包。 工作负载包存储在沙箱的第二个区域。 系统还可以包括用于从工作负载包获取和执行指令的操作块。

公开(公告)号：US20180336342A1

公开(公告)日：2018-11-22

申请号：US15600666

申请日：2017-05-19

Applicant: INTEL CORPORATION

Inventor： ALPA T. NARENDRA TRIVEDI ,  SIDDHARTHA CHHABRA

IPC: G06F21/53 ,  G06F21/78 ,  G06F21/72 ,  G06F21/62

Abstract: Techniques for secure-chip memory for trusted execution environments are described. A processor may include a memory configured to interface with a trusted execution environment. The processor may be configured to indicate to a trusted execution environment that the memory supports dedicated access to the trusted execution environment. The processor may receive an instruction from the trusted execution environment. The processor may enforce an access control policy of an interface plugin to limit access of the memory by the trusted execution environment to a partition of the memory associated with the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US20180181337A1

公开(公告)日：2018-06-28

申请号：US15390359

申请日：2016-12-23

Applicant: INTEL CORPORATION

Inventor： DAVID M. DURHAM ,  SERGEJ DEUTSCH ,  SAEEDEH KOMIJANI ,  ALPA T. NARENDRA TRIVEDI ,  SIDDHARTHA CHHABRA

IPC: G06F3/06

CPC classification number: G06F9/30047 ,  G06F21/79 ,  H03M7/30 ,  H03M7/6064

Abstract: Techniques and computing devices for compression memory coloring are described. In one embodiment, for example, an apparatus may include at least one memory, at least on processor, and logic for compression memory coloring, at least a portion of the logic comprised in hardware coupled to the at least one memory and the at least one processor, the logic to determine whether data to be written to memory is compressible, generate a compressed data element responsive to determining data is compressible, the data element comprising a compression indicator, a color, and compressed data, and write the compressed data element to memory. Other embodiments are described and claimed.