公开(公告)号：US11314861B2

公开(公告)日：2022-04-26

申请号：US16584373

申请日：2019-09-26

Applicant: INTEL CORPORATION

Inventor： Ke Sun ,  Kekai Hu ,  Henrique de Medeiros Kawakami ,  Rodrigo Branco

IPC: G06F21/55 ,  G06F21/75 ,  H01B1/08 ,  H01B1/22

Abstract: The present disclosure is directed to systems and methods of selectively implementing SCA mitigation elements on a per-thread basis to mitigate the effects of side channel attacks. Processor core circuits initiate a plurality of processor threads. Each of a plurality of SCA mitigation features include one or more SCA mitigation elements. SCA mitigation control circuitry associates a register circuit with each respective one of the plurality of processor threads initiated by the processor core circuits. The SCA mitigation control circuitry selectively ENABLES/DISABLES one or more SCA mitigation elements for each of the plurality of processor threads. The ENABLEMENT/DISABLEMENT of each of the SCA mitigation elements may be autonomously adjusted by the SCA mitigation control circuitry and/or manually adjusted via one or more user inputs provided to the SCA mitigation control circuitry.

公开(公告)号：US20190050230A1

公开(公告)日：2019-02-14

申请号：US16023564

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Rodrigo Branco ,  Kekai Hu ,  Ke Sun ,  Henrique Kawakami

IPC: G06F9/38 ,  G06F21/55

Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side-channel based attack, such as one or more classes of an attack commonly known as Spectre. Novel instruction prefixes, and in certain embodiments one or more corresponding instruction prefix parameters, may be provided to enforce a serialized order of execution for particular instructions without serializing an entire instruction flow, thereby improving performance and mitigation reliability over existing solutions. In addition, improved mitigation of such attacks is provided by randomizing both the execution branch history as well as the source address of each vulnerable indirect branch, thereby eliminating the conditions required for such attacks.

公开(公告)号：US20230342156A1

公开(公告)日：2023-10-26

申请号：US18138591

申请日：2023-04-24

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Deepak K. Gupta ,  Rodrigo Branco ,  Joseph Nuzman ,  Robert S. Chappell ,  Sergiu Ghetie ,  Wojciech Powiertowski ,  Jared W. Stark, IV ,  Ariel Sabba ,  Scott J. Cape ,  Hisham Shafi ,  Lihu Rappoport ,  Yair Berger ,  Scott P. Bobholz ,  Gilad Holzstein ,  Sagar V. Dalvi ,  Yogesh Bijlani

IPC: G06F9/38 ,  G06F9/30

CPC classification number: G06F9/3844 ,  G06F9/30101

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

公开(公告)号：US11635965B2

公开(公告)日：2023-04-25

申请号：US16177028

申请日：2018-10-31

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Deepak K. Gupta ,  Rodrigo Branco ,  Joseph Nuzman ,  Robert S. Chappell ,  Sergiu D. Ghetie ,  Wojciech Powiertowski ,  Jared W. Stark, IV ,  Ariel Sabba ,  Scott J. Cape ,  Hisham Shafi ,  Lihu Rappoport ,  Yair Berger ,  Scott P. Bobholz ,  Gilad Holzstein ,  Sagar V. Dalvi ,  Yogesh Bijlani

IPC: G06F9/38 ,  G06F9/30

Abstract: Methods and apparatuses relating to mitigations for speculative execution side channels are described. Speculative execution hardware and environments that utilize the mitigations are also described. For example, three indirect branch control mechanisms and their associated hardware are discussed herein: (i) indirect branch restricted speculation (IBRS) to restrict speculation of indirect branches, (ii) single thread indirect branch predictors (STIBP) to prevent indirect branch predictions from being controlled by a sibling thread, and (iii) indirect branch predictor barrier (IBPB) to prevent indirect branch predictions after the barrier from being controlled by software executed before the barrier.

公开(公告)号：US20220197660A1

公开(公告)日：2022-06-23

申请号：US17128816

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Ke Sun ,  Rodrigo Branco ,  Kekai Hu

IPC: G06F9/38 ,  G06F9/32

Abstract: An embodiment of an integrated circuit may comprise a branch predictor to predict whether a conditional branch is taken for one or more instructions, the branch predictor including circuitry to identify a loop branch instruction in the one or more instructions, and provide a branch prediction for the loop branch instruction based on a context of the loop branch instruction. Other embodiments are disclosed and claimed.

公开(公告)号：US20200019403A1

公开(公告)日：2020-01-16

申请号：US16582701

申请日：2019-09-25

Applicant: Intel Corporation

Inventor： Rodrigo Branco

IPC: G06F9/30 ,  G06F9/32 ,  G06F9/52

Abstract: There is disclosed in one example a microprocessor, including: a decoder; an execution unit; an instruction set flag vector; and logic to decode an instruction, read a binary disable flag for the instruction within the instruction set flag vector, and execute the instruction within the execution unit only if the disable flag for the instruction is not set.

公开(公告)号：US20190042740A1

公开(公告)日：2019-02-07

申请号：US16121590

申请日：2018-09-04

Applicant: Intel Corporation

Inventor： Brent Sherman ,  Rodrigo Branco ,  Geoffrey Scott Sidney Strongin

IPC: G06F21/55 ,  G06F21/56

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to help with the identification of a no-operation (NOP) sled attack identify. The system can be configured to receive an instruction, increment a value in a total instruction counter, increment a value in a branch instruction counter when the instruction is a branch instruction, increment a value in a memory instruction counter when the instruction is a memory instruction, create a ratio based on the value in the total instruction counter and the value in the branch instruction counter or the value in the memory instruction counter, and trigger an alert when the ratio satisfies a threshold. The ratio can indicate the presence of a NOP sled attack and the alert can be an interrupt that stops execution of the NOP sled.

公开(公告)号：US11243766B2

公开(公告)日：2022-02-08

申请号：US16582701

申请日：2019-09-25

Applicant: Intel Corporation

Inventor： Rodrigo Branco

IPC: G06F9/455 ,  G06F1/3293 ,  G06F9/30 ,  G06F9/32 ,  G06F9/52

Abstract: There is disclosed in one example a microprocessor, including: a decoder; an execution unit; an instruction set flag vector; and logic to decode an instruction, read a binary disable flag for the instruction within the instruction set flag vector, and execute the instruction within the execution unit only if the disable flag for the instruction is not set.

公开(公告)号：US20210357231A1

公开(公告)日：2021-11-18

申请号：US17387240

申请日：2021-07-28

Applicant: Intel Corporation

Inventor： Rodrigo Branco ,  Kekai Hu ,  Ke Sun ,  Henrique Kawakami

IPC: G06F9/38 ,  G06F21/55 ,  G06F9/30

Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side-channel based attack, such as one or more classes of an attack commonly known as Spectre. Novel instruction prefixes, and in certain embodiments one or more corresponding instruction prefix parameters, may be provided to enforce a serialized order of execution for particular instructions without serializing an entire instruction flow, thereby improving performance and mitigation reliability over existing solutions. In addition, improved mitigation of such attacks is provided by randomizing both the execution branch history as well as the source address of each vulnerable indirect branch, thereby eliminating the conditions required for such attacks.

公开(公告)号：US10963561B2

公开(公告)日：2021-03-30

申请号：US16121590

申请日：2018-09-04

Applicant: Intel Corporation

Inventor： Brent Sherman ,  Rodrigo Branco ,  Geoffrey Scott Sidney Strongin

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/56 ,  G06F21/52

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to help with the identification of a no-operation (NOP) sled attack identify. The system can be configured to receive an instruction, increment a value in a total instruction counter, increment a value in a branch instruction counter when the instruction is a branch instruction, increment a value in a memory instruction counter when the instruction is a memory instruction, create a ratio based on the value in the total instruction counter and the value in the branch instruction counter or the value in the memory instruction counter, and trigger an alert when the ratio satisfies a threshold. The ratio can indicate the presence of a NOP sled attack and the alert can be an interrupt that stops execution of the NOP sled.