-
公开(公告)号:US20220413883A1
公开(公告)日:2022-12-29
申请号:US17357999
申请日:2021-06-25
发明人: Sylvan CLEBSCH , Stavros VOLOS , Sean ALLEN , Antonio Nino DIAZ , John STARKS , Ken GORDON , Manuel COSTA
摘要: A system comprising a hosting service configured to perform: providing, to a trusted entity on a central processing unit, a command for a launch of a virtual machine (VM); assigning, to the VM, at least a portion of memory for the guest operating system; submitting, to the trusted entity, a request to measure an address space of the VM to provide a measurement digest of the address space of the guest operating system; including, in a configuration object, a policy provided by the user for the service logic, wherein the policy defines one or more rules for the service logic, wherein the one or more rules include at least one rule for which containers may run in the guest operating system; hashing the policy to provide a hash digest of the policy; submitting, to the trusted entity, the hash digest of the policy; and completing the launch of the VM.
-
公开(公告)号:US20210019893A1
公开(公告)日:2021-01-21
申请号:US16513296
申请日:2019-07-16
摘要: This document relates to performing video analytics on a cloud device that preserves privacy. One example uses data-oblivious algorithms to process input video data, where the data-oblivious algorithms can assist with preventing attackers from exploiting side-channels induced by data-dependent access patterns.
-
公开(公告)号:US20230020838A1
公开(公告)日:2023-01-19
申请号:US17374900
申请日:2021-07-13
发明人: Stavros VOLOS , Colin DOAK , Simon Douglas CHAMBERS , David RUGGLES , Richard NEAL , Cédric Alain Marie FOURNET , Kapil VASWANI , Balaji VEMBU
IPC分类号: G06F21/57 , G06F9/4401
摘要: In various examples there is a computing device comprising: a first microcontroller comprising a first immutable bootloader and first mutable firmware. The first immutable bootloader uses a unique device secret burnt into hardware of the computing device in order to generate an attestation of the first mutable firmware. The computing device has a second microcontroller. There is second mutable firmware at the second microcontroller. There is a second immutable bootloader at the second microcontroller which sends a measurement of the second mutable firmware to the first immutable bootloader whenever the second microcontroller restarts, such that the first microcontroller is able to include the measurement in the attestation.
-
公开(公告)号:US20220222348A1
公开(公告)日:2022-07-14
申请号:US17148548
申请日:2021-01-13
摘要: In various examples there is a method of enabling an attestable update of a firmware layer that provides a unique identity of a computing device. The method comprises using an immutable firmware layer to access a unique device secret. The immutable layer is used to derive a hardware device identity (HDI) from the unique device secret. The immutable layer is used to derive a compound device identity (CDI) from a measurement of the firmware layer and the unique device secret. The CDI and HDI are made available to the firmware layer. The firmware layer is used to issue a local certificate to endorse a device identity key, derived from the CDI, the local certificate signed by a key derived from the HDI.
-
公开(公告)号:US20240160795A1
公开(公告)日:2024-05-16
申请号:US18419359
申请日:2024-01-22
发明人: Stavros VOLOS , David Thomas CHISNALL , Saurabh Mohan KULKARNI , Kapil VASWANI , Manuel COSTA , Samuel Alexander WEBSTER , Cédric Alain Marie FOURNET , Richard OSBORNE , Daniel John Pelham WILKINSON , Graham Bernard CUNNINGHAM
CPC分类号: G06F21/85 , G06F21/602 , H04L9/30 , H04L9/3265
摘要: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.
-
公开(公告)号:US20230342121A1
公开(公告)日:2023-10-26
申请号:US18005246
申请日:2021-07-13
发明人: Daniel John Pelham WILKINSON , Richard OSBORNE , Graham Bernard CUNNINGHAM , Kenneth GORDON , Samuel Alexander WEBSTER , Stavros VOLOS , Kapil VASWANI , Balaji VEMBU , Cédric Alain Marie FOURNET
IPC分类号: G06F8/41
CPC分类号: G06F8/41
摘要: A processing system comprising one or more chips, each comprising a plurality of tiles is described. Each tile comprises a respective processing unit and memory, the memory storing a codelet. The processing system has at least one encryption unit configured to encrypt and decrypt data transferred between the tiles and a trusted computing entity via an external computing device. The codelets are configured to instruct the tiles to transfer the encrypted data by reading from and writing to a plurality of memory regions at the external memory such that a plurality of streams of encrypted data are formed, each stream using an individual one of the memory regions at the external computing device.
-
公开(公告)号:US20240086542A1
公开(公告)日:2024-03-14
申请号:US18508208
申请日:2023-11-13
发明人: Stavros VOLOS , Colin DOAK , Simon Douglas CHAMBERS , David RUGGLES , Richard NEAL , Cedric Alain Marie FOURNET , Kapil VASWANI , Balaji VEMBU
IPC分类号: G06F21/57 , G06F9/4401
CPC分类号: G06F21/572 , G06F9/4405 , G06F2221/033
摘要: In various examples there is a computing device comprising: a first microcontroller comprising a first immutable bootloader and first mutable firmware. The first immutable bootloader uses a unique device secret burnt into hardware of the computing device in order to generate an attestation of the first mutable firmware. The computing device has a second microcontroller. There is second mutable firmware at the second microcontroller. There is a second immutable bootloader at the second microcontroller which sends a measurement of the second mutable firmware to the first immutable bootloader whenever the second microcontroller restarts, such that the first microcontroller is able to include the measurement in the attestation.
-
公开(公告)号:US20240045997A1
公开(公告)日:2024-02-08
申请号:US18377689
申请日:2023-10-06
发明人: Stavros VOLOS , Kapil Vaswani
IPC分类号: G06F21/73 , G06F9/4401 , G06F21/80
CPC分类号: G06F21/73 , G06F9/4413 , G06F21/805
摘要: A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.
-
公开(公告)号:US20210342492A1
公开(公告)日:2021-11-04
申请号:US17374942
申请日:2021-07-13
发明人: Stavros VOLOS , David Thomas CHISNALL , Saurabh Mohan KULKARNI , Kapil VASWANI , Manuel COSTA , Samuel Alexander WEBSTER , Cédric Alain Marie FOURNET , Richard OSBORNE , Daniel John Pelham WILKINSON , Graham Bernard CUNNINGHAM
摘要: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.015 秒)
