-
公开(公告)号:US20170090966A1
公开(公告)日:2017-03-30
申请号:US14867761
申请日:2015-09-28
申请人: Intel Corporation
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/4557 , G06F2009/45575
摘要: A processor comprises a register to store a first pointer to a context data structure specifying a virtual machine context, the context data structure comprising a first field to store a second pointer to a plurality of realm switch control structures (RSCSs), and an execution unit comprising a logic circuit to execute a virtual machine (VM) according to the virtual machine context, wherein the VM comprises a guest operating system (OS) comprising a plurality of kernel components, and wherein each RSCS of the plurality of RSCSs specifies a respective component context associated with a respective kernel component of the plurality of kernel components, and execute a first kernel component of the plurality of kernel components using a first component context specified by a first RSCS of the plurality of RSCSs.
-
公开(公告)号:US20200159673A1
公开(公告)日:2020-05-21
申请号:US16686379
申请日:2019-11-18
申请人: Intel Corporation
发明人: RAVI L. SAHITA , GILBERT NEIGER , VEDVYAS SHANBHOGUE , DAVID M. DURHAM , ANDREW V. ANDERSON , DAVID A. KOUFATY , ASIT K. MALLICK , ARUMUGAM THIYAGARAJAH , BARRY E. HUNTLEY , DEEPAK K. GUPTA , MICHAEL LEMAY , JOSEPH F. CIHULA , BAIJU V. PATEL
IPC分类号: G06F12/14 , G06F9/455 , G06F12/1009 , G06F12/1027
摘要: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
-
3.发明申请公开(公告)号:US20160378490A1
公开(公告)日:2016-12-29
申请号:US14752079
申请日:2015-06-26
申请人: Intel Corporation
发明人: MICHAEL LEMAY , DAVID M. DURHAM , BARRY E. HUNTLEY , VEDVYAS SHANBHOGUE , RAVI L. SAHITA , RAVI RAJWAR
CPC分类号: G06F9/3802 , G06F9/3004 , G06F9/30076 , G06F9/30145 , G06F9/30167 , G06F9/30189 , G06F9/46 , G06F11/0745 , G06F11/0751
摘要: Generally, this disclosure provides systems, devices, methods and computer readable media for protecting confidential data with transactional processing in execute-only memory. The system may include a memory module configured to store an execute-only code page. The system may also include a transaction processor configured to enforce a transaction region associated with at least a portion of the code page. The system may further include a processor configured to execute a load instruction fetched from the code page, the load instruction configured to load at least a portion of the confidential data from an immediate operand of the load instruction if a transaction mode of the transaction region is enabled.
摘要翻译: 通常,本公开提供了用于在仅执行存储器中用事务处理保护机密数据的系统,设备,方法和计算机可读介质。 该系统可以包括被配置为存储仅执行代码页的存储器模块。 系统还可以包括配置成强制与代码页的至少一部分相关联的事务区域的事务处理器。 该系统还可以包括:处理器,其被配置为执行从代码页取出的加载指令,所述加载指令被配置为如果交易区域的交易模式是来自加载指令的即时操作数,则加载秘密数据的至少一部分 启用
-
公开(公告)号:US20190005386A1
公开(公告)日:2019-01-03
申请号:US15640470
申请日:2017-07-01
申请人: INTEL CORPORATION
发明人: LI CHEN , RAVI L. SAHITA
摘要: Various embodiments are generally directed to techniques for training deep neural networks, such as with an iterative approach, for instance. Some embodiments are particularly directed to a deep neural network (DNN) training system that generates a hardened DNN by iteratively training DNNs with images that were misclassified by previous iterations of the DNN. One or more embodiments, for example, may include logic to generate an adversarial image that is misclassified by a first DNN that was previously trained with a set of sample images. In some embodiments, the logic may determine a second training set that includes the adversarial image that was misclassified by the first DNN and the first training set of one or more sample images. The second training set may be used to train a second DNN. In various embodiments, the above process may be repeated for a predetermined number of iterations to produce a hardened DNN.
-
公开(公告)号:US20180004947A1
公开(公告)日:2018-01-04
申请号:US15201444
申请日:2016-07-02
申请人: Intel Corporation
发明人: XIAONING LI , RAVI L. SAHITA , VEDVYAS SHANBHOGUE
CPC分类号: G06F21/566 , G06F21/52 , G06F2221/033
摘要: One embodiment provides a system. The system includes a processor comprising at least one processing unit; a memory; and control transfer (CT) logic. The CT logic is to determine whether a next instruction is a control transfer termination (CTT) when a prior instruction is a control transfer instruction (CTI). The CT logic is to determine whether the CTT is an external CTT, if the next instruction is the CTT; determine whether the prior instruction is an external CTI, if the CTT is the external CTT; and notify an external CTT fault, if the prior instruction is not the external CTI.
-
公开(公告)号:US20210109684A1
公开(公告)日:2021-04-15
申请号:US17131731
申请日:2020-12-22
申请人: Intel Corporation
IPC分类号: G06F3/06 , G06F9/30 , G06F21/52 , G06F9/38 , G06F12/1009 , G06F12/109 , G06F12/1027 , G06F12/1081 , G06F12/1045 , G06F12/14 , G06F12/1036
摘要: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
-
公开(公告)号:US20170315926A1
公开(公告)日:2017-11-02
申请号:US15652028
申请日:2017-07-17
申请人: INTEL CORPORATION
IPC分类号: G06F12/1009 , G06F12/1027 , G06F21/00 , G06F9/455 , G06F12/14
CPC分类号: G06F12/1009 , G06F9/45533 , G06F9/45558 , G06F12/1027 , G06F12/1483 , G06F21/00 , G06F21/53 , G06F2009/45583 , G06F2009/45587 , G06F2212/1024 , G06F2212/1052 , G06F2212/151 , G06F2212/651 , G06F2212/657 , G06F2212/68 , G06F2221/2141
摘要: Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor.
-
8.发明申请公开(公告)号:US20160381050A1
公开(公告)日:2016-12-29
申请号:US14752221
申请日:2015-06-26
申请人: INTEL CORPORATION
CPC分类号: G06F3/0673 , G06F3/0622 , G06F3/0629 , G06F9/30054 , G06F9/30101 , G06F9/30134 , G06F9/30145 , G06F9/3806 , G06F9/3861 , G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/1063 , G06F12/1081 , G06F12/109 , G06F12/1491 , G06F21/52 , G06F2212/1052 , G06F2212/151 , G06F2212/651 , G06F2212/657
摘要: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
摘要翻译: 方面的处理器包括解码指令的解码单元。 处理器还包括与解码单元耦合的执行单元。 执行单元响应于该指令,是确定由于指令而尝试改变影子栈的影子堆栈指针将导致阴影堆栈指针超过允许的范围。 响应于确定对阴影堆栈指针的尝试改变将导致阴影堆栈指针超过允许的范围,执行单元也将采取异常。 公开了其他处理器,方法,系统和指令。
-
公开(公告)号:US20160378678A1
公开(公告)日:2016-12-29
申请号:US14750982
申请日:2015-06-25
申请人: Intel Corporation
CPC分类号: G06F12/1009 , G06F9/45533 , G06F9/45558 , G06F12/1027 , G06F12/1483 , G06F21/00 , G06F21/53 , G06F2009/45583 , G06F2009/45587 , G06F2212/1024 , G06F2212/1052 , G06F2212/151 , G06F2212/651 , G06F2212/657 , G06F2212/68 , G06F2221/2141
摘要: Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor.
摘要翻译: 通常,本公开提供了用于页表编辑控制器的系统,方法和计算机可读介质,其被配置为通过操纵扩展页表来控制虚拟机(VM)客户软件对访客页表的访问。 该系统可以包括翻译后备缓冲器(TLB),以维护将一个或多个客户线性地址(GLA)锁定到一个或多个允许的访客物理地址(GPA)的策略; 页面处理器,用于根据访客页表更新TLB; 以及页表编辑控制(PTEC)模块,用于:识别将与所述策略相关联的GLA映射到第一GPA的所述访客页表的条目; 验证映射是否符合策略; 并且基于验证,应用于VM访客和页面移动处理器的受限辅助功能,将访客页面表放入多个受限访问状态之一。
-
公开(公告)号:US20230376252A1
公开(公告)日:2023-11-23
申请号:US18200544
申请日:2023-05-22
申请人: Intel Corporation
IPC分类号: G06F3/06 , G06F9/30 , G06F21/52 , G06F9/38 , G06F12/1009 , G06F12/109 , G06F12/1027 , G06F12/1081 , G06F12/1045 , G06F12/14 , G06F12/1036
CPC分类号: G06F3/0673 , G06F9/30145 , G06F3/0622 , G06F3/0629 , G06F21/52 , G06F9/3861 , G06F9/30054 , G06F9/3806 , G06F9/30134 , G06F12/1009 , G06F9/30101 , G06F12/109 , G06F12/1027 , G06F12/1081 , G06F12/1063 , G06F12/1491 , G06F12/1036 , G06F2212/651 , G06F2212/1052 , G06F2212/151 , G06F2212/657
摘要: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.017 秒)
