-
公开(公告)号:US20190138719A1
公开(公告)日:2019-05-09
申请号:US16234140
申请日:2018-12-27
Applicant: Salmin Sultana , Li Chen , Abhishek Basak , Jason Martin , Justin Gottschlich
Inventor: Salmin Sultana , Li Chen , Abhishek Basak , Jason Martin , Justin Gottschlich
Abstract: Methods, apparatus, systems and articles of manufacture for detecting a side channel attack are disclosed. An example apparatus includes a histogram generator to generate a histogram representing cache access activities. A histogram analyzer is to determine at least one statistic based on the histogram. A machine learning model processor is to apply a machine learning model to the at least one statistic to attempt to identify a side channel attack. A multiple hypothesis tester to perform multiple hypothesis testing to determine a probability of the cache access activities being benign. An anomaly detection orchestrator is to, in response to the machine learning model processor identifying that the at least one statistic is indicative of the side channel attack and the probability not satisfying a similarity threshold, cause the performance of a responsive action to mitigate the side channel attack.
-
2.发明申请公开(公告)号:US20190130101A1
公开(公告)日:2019-05-02
申请号:US16234144
申请日:2018-12-27
Applicant: Li Chen , Abhishek Basak , Salmin Sultana , Justin Gottschlich
Inventor: Li Chen , Abhishek Basak , Salmin Sultana , Justin Gottschlich
Abstract: Methods, apparatus, systems and articles of manufacture for detecting a side channel attack using hardware performance counters are disclosed. An example apparatus includes a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time. A machine learning model processor is to apply a machine learning model to predict a third value corresponding to the second time. An error vector generator is to generate an error vector representing a difference between the second value and the third value. An error vector analyzer is to determine a probability of the error vector indicating an anomaly. An anomaly detection orchestrator is to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate the side channel anomaly.
-
Patent Agency Ranking
公开(公告)号:US20190130096A1
公开(公告)日:2019-05-02
申请号:US16234085
申请日:2018-12-27
Applicant: Li Chen , Kai Cong , Salmin Sultana
Inventor: Li Chen , Kai Cong , Salmin Sultana
Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.
-
公开(公告)号:US20210150040A1
公开(公告)日:2021-05-20
申请号:US17134405
申请日:2020-12-26
Applicant: David M. Durham , Karanvir S. Grewal , Michael D. LeMay , Salmin Sultana
Inventor: David M. Durham , Karanvir S. Grewal , Michael D. LeMay , Salmin Sultana
Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.
-
5.发明申请公开(公告)号:US20190228155A1
公开(公告)日:2019-07-25
申请号:US16370849
申请日:2019-03-29
Applicant: Abhishek Basak , Li Chen , Salmin Sultana , Anna Trikalinou , Erdem Aktas , Saeedeh Komijani
Inventor: Abhishek Basak , Li Chen , Salmin Sultana , Anna Trikalinou , Erdem Aktas , Saeedeh Komijani
IPC: G06F21/56 , G06F12/1027 , G06F21/55 , G06N20/00
Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.
-
公开(公告)号:US10248424B2
公开(公告)日:2019-04-02
申请号:US15283370
申请日:2016-10-01
Applicant: Salmin Sultana , Stanislav Bratanov , David M. Durham , Beeman C. Strong
Inventor: Salmin Sultana , Stanislav Bratanov , David M. Durham , Beeman C. Strong
Abstract: One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.
-
公开(公告)号:US20180095764A1
公开(公告)日:2018-04-05
申请号:US15283370
申请日:2016-10-01
Applicant: SALMIN SULTANA , STANISLAV BRATANOV , DAVID M. DURHAM , BEEMAN C. STRONG
Inventor: SALMIN SULTANA , STANISLAV BRATANOV , DAVID M. DURHAM , BEEMAN C. STRONG
CPC classification number: G06F9/3806 , G06F9/3016 , G06F11/3636 , G06F11/3648
Abstract: One embodiment provides an apparatus. The apparatus includes collector circuitry to capture processor trace (PT) data from a PT driver. The PT data includes a first target instruction pointer (TIP) packet including a first runtime target address of an indirect branch instruction of an executing target application. The apparatus further includes decoder circuitry to extract the first TIP packet from the PT data and to decode the first TIP packet to yield the first runtime target address. The apparatus further includes control flow validator circuitry to determine whether a control flow transfer to the first runtime target address corresponds to a control flow violation based, at least in part, on a control flow graph (CFG). The CFG including a plurality of nodes, each node including a start address of a first basic block, an end address of the first basic block and a next possible address of a second basic block or a not found tag.
-
-
-
-
-
-
Search Results
7
records
(took 0.013 seconds)
