公开(公告)号：US11755500B2

公开(公告)日：2023-09-12

申请号：US17134332

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak

IPC: G06F12/14 ,  G06F9/50 ,  G06F12/06

CPC classification number: G06F12/1408 ,  G06F9/5016 ,  G06F9/5083 ,  G06F12/063 ,  G06F12/1433

Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.

公开(公告)号：US20210117340A1

公开(公告)日：2021-04-22

申请号：US17134332

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Abhishek Basak

IPC: G06F12/14 ,  G06F12/06 ,  G06F9/50

Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.

公开(公告)号：US20210110031A1

公开(公告)日：2021-04-15

申请号：US17132010

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Abhishek Basak ,  Erdem Aktas

IPC: G06F21/54 ,  G06F21/55 ,  G06F21/79 ,  G06F12/0882 ,  G06F12/0862 ,  G06F12/14

Abstract: An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.

公开(公告)号：US10761996B2

公开(公告)日：2020-09-01

申请号：US16147191

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Ravi Sahita ,  Rajesh Sankaran ,  Siddhartha Chhabra ,  Abhishek Basak ,  Krystof Zmudzinski ,  Rupin Vakharwala

IPC: G06F12/00 ,  G06F12/1009 ,  G06F12/14 ,  G06F9/30 ,  G06F9/455 ,  G06F21/57 ,  G06F21/53

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

公开(公告)号：US10536264B2

公开(公告)日：2020-01-14

申请号：US15392324

申请日：2016-12-28

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R Sastry ,  Jesse R. Walker ,  Ravi L. Sahita ,  Abhishek Basak ,  Vedvyas Shanbhogue ,  David M. Durham

IPC: H04L9/06 ,  G06F21/72 ,  G06F21/44

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.

公开(公告)号：US10360374B2

公开(公告)日：2019-07-23

申请号：US15605573

申请日：2017-05-25

Applicant: INTEL CORPORATION

Inventor： Abhishek Basak ,  Ravi L. Sahita ,  Vedvyas Shanbhogue

IPC: G06F21/00 ,  G06F21/52 ,  G06F12/06

Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.

公开(公告)号：US10025956B2

公开(公告)日：2018-07-17

申请号：US14975588

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Abhishek Basak ,  Siddhartha Chhabra ,  Jungju Oh ,  David M. Durham

IPC: G06F21/79 ,  G06F3/06 ,  G06F12/0891 ,  G06F12/123 ,  G06F12/14 ,  H04L9/06

Abstract: Examples include techniques for compressing counter values included in cryptographic metadata. In some examples, a cache line to fill a cache included in on-die processor memory may be received. The cache arranged to store cryptographic metadata. The cache line includes a counter value generated by a counter. The counter value to serve as version information for a memory encryption scheme to write a data cache line to a memory location of an off-die memory. In some examples, the counter value is compressed based on whether the counter value includes a pattern that matches a given pattern and is then stored to the cache. In some examples, a compression aware and last recently used (LRU) scheme is used to determine whether to evict cryptographic metadata from the cache.

公开(公告)号：US11625275B2

公开(公告)日：2023-04-11

申请号：US17109742

申请日：2020-12-02

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F9/445 ,  G06F9/50 ,  G06F9/455 ,  G06F21/62 ,  G06F12/1009 ,  G06F9/46 ,  G06F13/28 ,  G06F21/85 ,  G06F21/78 ,  G06F21/53 ,  G06F21/57 ,  H04L9/32 ,  H04W12/30 ,  H04W12/48 ,  H04L69/16

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US20230027329A1

公开(公告)日：2023-01-26

申请号：US17791000

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Salmin Sultana ,  Karanvir S. Grewal ,  Michael E. Kounavis ,  Sergej Deutsch ,  Andrew James Weiler ,  Abhishek Basak ,  Dan Baum ,  Santosh Ghosh

IPC: G06F21/60 ,  G06F21/79 ,  G06F21/54

Abstract: A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

公开(公告)号：US11494523B2

公开(公告)日：2022-11-08

申请号：US16993469

申请日：2020-08-14

Applicant: Intel Corporation

Inventor： Abhishek Basak ,  Pradeep Pappachan ,  Siddhartha Chhabra ,  Alpa Narendra Trivedi ,  Erdem Aktas ,  Ravi Sahita

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F21/79 ,  G06F21/60 ,  G06F21/31 ,  G06F12/1081 ,  G06F12/14 ,  G06F21/57

Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.