公开(公告)号：US20240330436A1

公开(公告)日：2024-10-03

申请号：US18735120

申请日：2024-06-05

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device can determine that a host device comprises a first TEE established by a central processing unit (CPU) of the host device, where CPU executes a first computer program in the first TEE. The auxiliary device can receive data of the first TEE using a trusted communication link between the first TEE and a second TEE established by the DPU, and execute a second computer program in the second TEE to monitor execution of the first computer program.

公开(公告)号：US12032680B2

公开(公告)日：2024-07-09

申请号：US17709815

申请日：2022-03-31

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device may establish an auxiliary TEE in the auxiliary device and establish a trusted communication link between the auxiliary TEE and the TEE (i.e., primary TEE). The primary TEE may execute a target program using the primary devices of a host device (e.g., CPU) and the auxiliary TEE may execute a security program using the auxiliary device (e.g., DPU). In one example, the primary and auxiliary TEEs may be established for a cloud consumer and the auxiliary TEE may execute a security service that can monitor data of the primary TEE even though the data is inaccessible to all other software executing external to the primary TEE (e.g., inaccessible to host operating system and hypervisor).

公开(公告)号：US20230297666A1

公开(公告)日：2023-09-21

申请号：US17709815

申请日：2022-03-31

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Rami Ailabouni ,  Ahmad Saleh ,  Ariel Levanon ,  Thanh Nguyen ,  Mark Overby

IPC: G06F21/53 ,  G06F21/60

CPC classification number: G06F21/53 ,  G06F21/606 ,  G06F2221/033

Abstract: The technology disclosed herein enables an auxiliary device to run a service that can access and analyze data of a Trusted Execution Environment (TEE). The auxiliary device may establish an auxiliary TEE in the auxiliary device and establish a trusted communication link between the auxiliary TEE and the TEE (i.e., primary TEE). The primary TEE may execute a target program using the primary devices of a host device (e.g., CPU) and the auxiliary TEE may execute a security program using the auxiliary device (e.g., DPU). In one example, the primary and auxiliary TEEs may be established for a cloud consumer and the auxiliary TEE may execute a security service that can monitor data of the primary TEE even though the data is inaccessible to all other software executing external to the primary TEE (e.g., inaccessible to host operating system and hypervisor).