-
11.发明授权公开(公告)号:US10515217B2
公开(公告)日:2019-12-24
申请号:US15719956
申请日:2017-09-29
申请人: Intel Corporation
发明人: Mingwei Zhang , Salmin Sultana , Ravi L. Sahita
摘要: Technologies for control flow validation a computing device having a processor with real-time instruction tracing support. The processor generates trace data indicative of control flow of a protected application. The computing device identifies an indirect branch target based on the trace data and determines whether the indirect branch target is included in the same module as a previous indirect branch target. If the indirect branch target and the previous indirect branch target are not included in the same module, the computing device determines whether an inter-module transfer policy is satisfied. If satisfied, the indirect branch target is stored as the previous indirect branch target and the protected application continues to execute. If the policy is not satisfied, the computing device generates an exception. The policy may be satisfied, for example, if the indirect branch target is an exported function. Other embodiments are described and claimed.
-
公开(公告)号:US20190129867A1
公开(公告)日:2019-05-02
申请号:US16229857
申请日:2018-12-21
申请人: Intel Corporation
发明人: Mingwei Zhang , Ravi Sahita , David A. Koufaty
IPC分类号: G06F12/14 , G06F12/1027 , G06F12/1009 , H04L9/08 , G06F21/78
摘要: In embodiments, an apparatus for computing includes a protection key register (PKR) having 2N bits, where N is an integer, to store a plurality of permission entries corresponding to protected memory domains, and a protected memory domain controller, coupled to the PKR. In embodiments, the memory domain controller is to: obtain protection key (PK) bits from a page table entry for a target page address; obtain one or more additional PK bits from a target linear memory address; and combine the PK bits and the additional PK bits to form a PK domain number to index into the plurality of permission entries in the PKR to obtain a permission entry for a protected memory domain.
-
公开(公告)号:US20240095340A1
公开(公告)日:2024-03-21
申请号:US18526279
申请日:2023-12-01
申请人: Intel Corporation
发明人: Mingwei Zhang , Mingqiu Sun , Ravi L. Sahita , Chunhui Zhang , Xiaoning Li
CPC分类号: G06F21/53 , G06F8/441 , G06F9/3836 , G06F21/126 , G06F2221/2143
摘要: Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.
-
公开(公告)号:US11922220B2
公开(公告)日:2024-03-05
申请号:US17255588
申请日:2019-04-16
申请人: Intel Corporation
发明人: Mohammad R. Haghighat , Kshitij Doshi , Andrew J. Herdrich , Anup Mohan , Ravishankar R. Iyer , Mingqiu Sun , Krishna Bhuyan , Teck Joo Goh , Mohan J. Kumar , Michael Prinke , Michael Lemay , Leeor Peled , Jr-Shian Tsai , David M. Durham , Jeffrey D. Chamberlain , Vadim A. Sukhomlinov , Eric J. Dahlen , Sara Baghsorkhi , Harshad Sane , Areg Melik-Adamyan , Ravi Sahita , Dmitry Yurievich Babokin , Ian M. Steiner , Alexander Bachmutsky , Anil Rao , Mingwei Zhang , Nilesh K. Jain , Amin Firoozshahian , Baiju V. Patel , Wenyong Huang , Yeluri Raghuram
CPC分类号: G06F9/5061 , G06F9/52 , G06F11/302 , G06F11/3495 , G06F21/53 , G06F21/604 , G06F21/56 , G06F2209/521 , G06F2221/033 , G06N20/00
摘要: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution. Furthermore, the computing system enables customers to pay only when their code gets executed with a granular billing down to millisecond increments.
-
公开(公告)号:US20220121737A1
公开(公告)日:2022-04-21
申请号:US17367106
申请日:2021-07-02
申请人: Intel Corporation
发明人: Mingwei Zhang , Mingqiu Sun , Ravi L. Sahita , Chunhui Zhang , Xiaoning Li
摘要: Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.
-
公开(公告)号:US20210263779A1
公开(公告)日:2021-08-26
申请号:US17255588
申请日:2019-04-16
申请人: Intel Corporation
发明人: Mohammad R. Haghighat , Kshitij Doshi , Andrew J. Herdrich , Anup Mohan , Ravishankar R. Iyer , Mingqiu Sun , Krishna Bhuyan , Teck Joo Goh , Mohan J. Kumar , Michael Prinke , Michael Lemay , Leeor Peled , Jr-Shian Tsai , David M. Durham , Jeffrey D. Chamberlain , Vadim A. Sukhomlinov , Eric J. Dahlen , Sara Baghsorkhi , Harshad Sane , Areg Melik-Adamyan , Ravi Sahita , Dmitry Yurievich Babokin , Ian M. Steiner , Alexander Bachmutsky , Anil Rao , Mingwei Zhang , Nilesh K. Jain , Amin Firoozshahian , Baiju V. Patel , Wenyong Huang , Yeluri Raghuram
摘要: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution. Furthermore, the computing system enables customers to pay only when their code gets executed with a granular billing down to millisecond increments.
-
公开(公告)号:US20200175166A1
公开(公告)日:2020-06-04
申请号:US16780218
申请日:2020-02-03
申请人: Intel Corporation
发明人: Mingwei Zhang , Xiaoning Li , Ravi L. Sahita , Aravind Subramanian , Abhay S. Kanhere , Chih-Yuan Yang , Yi Gai
摘要: A malicious object detection system for use in managed runtime environments includes a check circuit to receive call information generated by an application, such as an Android application. A machine learning circuit coupled to the check circuit applies a machine learning model to assess the information and/or data included in the call and detect the presence of a malicious object, such as malware or a virus, in the application generating the call. The machine learning model may include a global machine learning model distributed across a number of devices, a local machine learning model based on use patterns of a particular device, or combinations thereof. A graphical user interface management circuit halts execution of applications containing malicious objects and generates a user perceptible output.
-
18.发明申请公开(公告)号:US20190102550A1
公开(公告)日:2019-04-04
申请号:US15719956
申请日:2017-09-29
申请人: Intel Corporation
发明人: Mingwei Zhang , Salmin Sultana , Ravi L. Sahita
IPC分类号: G06F21/56
CPC分类号: G06F21/566 , G06F2221/033
摘要: Technologies for control flow validation a computing device having a processor with real-time instruction tracing support. The processor generates trace data indicative of control flow of a protected application. The computing device identifies an indirect branch target based on the trace data and determines whether the indirect branch target is included in the same module as a previous indirect branch target. If the indirect branch target and the previous indirect branch target are not included in the same module, the computing device determines whether an inter-module transfer policy is satisfied. If satisfied, the indirect branch target is stored as the previous indirect branch target and the protected application continues to execute. If the policy is not satisfied, the computing device generates an exception. The policy may be satisfied, for example, if the indirect branch target is an exported function. Other embodiments are described and claimed.
-
公开(公告)号:US11568051B2
公开(公告)日:2023-01-31
申请号:US16780218
申请日:2020-02-03
申请人: Intel Corporation
发明人: Mingwei Zhang , Xiaoning Li , Ravi L. Sahita , Aravind Subramanian , Abhay S. Kanhere , Chih-Yuan Yang , Yi Gai
摘要: A malicious object detection system for use in managed runtime environments includes a check circuit to receive call information generated by an application, such as an Android application. A machine learning circuit coupled to the check circuit applies a machine learning model to assess the information and/or data included in the call and detect the presence of a malicious object, such as malware or a virus, in the application generating the call. The machine learning model may include a global machine learning model distributed across a number of devices, a local machine learning model based on use patterns of a particular device, or combinations thereof. A graphical user interface management circuit halts execution of applications containing malicious objects and generates a user perceptible output.
-
公开(公告)号:US11366895B2
公开(公告)日:2022-06-21
申请号:US16145635
申请日:2018-09-28
申请人: Intel Corporation
发明人: Ravi Sahita , Mingwei Zhang
IPC分类号: G06F21/54 , G06F12/0877 , G06F21/56 , G06F9/455
摘要: Embodiments include side channel defender circuitry to protect shared code pages in executable only memory (XOM) from side-channel exploits. The side channel defender circuitry receives system calls and determines whether code pages include executable code, whether the code pages include writeable code, and whether the code pages include instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM. If the code pages contain executable code that is writeable or executable code that includes instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM the side channel defender circuitry, the side channel defender circuitry aborts the system call.
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.018 秒)
