公开(公告)号：US20220207147A1

公开(公告)日：2022-06-30

申请号：US17134343

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Alaa Alameldeen ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F21/57 ,  G06F21/54 ,  G06F9/30

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a register hardening instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the register hardening instruction.

公开(公告)号：US12019563B2

公开(公告)日：2024-06-25

申请号：US17032883

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Scott Constable ,  Thomas Unterluggauer

IPC: G06F12/14 ,  G06F12/084 ,  G06F12/0864 ,  G06F12/0891

CPC classification number: G06F12/1433 ,  G06F12/084 ,  G06F12/0864 ,  G06F12/0891

Abstract: Systems, apparatuses and methods provide for technology that determines that first data associated with a first security domain is to be stored in a first permutated cache set, where the first permuted cache set is identified based on a permutation function that permutes at least one of a plurality of first cache indexes. The technology further determines that second data associated with a second security domain is to be stored in a second permutated cache set, where the second permuted cache set is identified based on the permutation function. The second permutated cache set may intersect the first permutated cache set at one data cache line to cause an eviction of first data associated with the first security domain from the one data cache line and bypass eviction of data associated with the first security domain from at least one other data cache line of the first permuted cache set.

公开(公告)号：US20220206818A1

公开(公告)日：2022-06-30

申请号：US17134334

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Alaa Alameldeen ,  Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F9/38 ,  G06F9/30 ,  G06F21/57

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a single instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the single instruction.

公开(公告)号：US20220083347A1

公开(公告)日：2022-03-17

申请号：US17019880

申请日：2020-09-14

Applicant: Intel Corporation

Inventor： Scott Constable ,  Bin Xing ,  Fangfei Liu ,  Thomas Unterluggauer ,  Krystof Zmudzinski

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprises receiving an instruction to resume operations of an enclave in a cloud computing environment and generating a pseud-random time delay before resuming operations of the enclave in the cloud computing environment.

公开(公告)号：US20230350814A1

公开(公告)日：2023-11-02

申请号：US18078762

申请日：2022-12-09

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Fangfei Liu ,  Carlos Rozas ,  Scott Constable ,  Gilles Pokam ,  Francis McKeen ,  Christopher Wilkerson ,  Erik Hallnor

IPC: G06F12/14 ,  G06F12/0815 ,  G06F12/121

CPC classification number: G06F12/1408 ,  G06F12/0815 ,  G06F12/121 ,  G06F2212/1052

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with another cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a primary cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the primary cache. The victim cache is accessed using an independently randomized mapping. Subsequently, a request to access the first line results in a search of the victim cache and the primary cache. Based on the search, the first line is evicted from the victim cache, and reinserted in the primary cache. In another embodiment, reinsertion of the first line in the primary cache includes the first line and a third line being swapped between the primary cache and the victim cache.

公开(公告)号：US20220207138A1

公开(公告)日：2022-06-30

申请号：US17134350

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Carlos Rozas ,  Fangfei Liu ,  Xiang Zou ,  Francis McKeen ,  Jason W. Brandt ,  Joseph Nuzman ,  Alaa Alameldeen ,  Abhishek Basak ,  Scott Constable ,  Thomas Unterluggauer ,  Asit Mallick ,  Matthew Fernandez

IPC: G06F21/55 ,  G06F21/54 ,  G06F9/30 ,  G06F9/38

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a decode circuitry and store circuitry coupled to the decode circuitry. The decode circuitry is to decode a store hardening instruction to mitigate vulnerability to a speculative execution attack. The store circuitry is to be hardened in response to the store hardening instruction.

公开(公告)号：US20220200783A1

公开(公告)日：2022-06-23

申请号：US17127786

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Alaa Alameldeen ,  Scott Constable ,  Fangfei Liu ,  Francis McKeen ,  Carlos Rozas ,  Anna Trikalinou

IPC: H04L9/00 ,  G06F21/72

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

公开(公告)号：US20210081332A1

公开(公告)日：2021-03-18

申请号：US17032883

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Scott Constable ,  Thomas Unterluggauer

IPC: G06F12/14 ,  G06F12/0891 ,  G06F12/0864 ,  G06F12/084

Abstract: Systems, apparatuses and methods provide for technology that determines that first data associated with a first security domain is to be stored in a first permutated cache set, where the first permuted cache set is identified based on a permutation function that permutes at least one of a plurality of first cache indexes. The technology further determines that second data associated with a second security domain is to be stored in a second permutated cache set, where the second permuted cache set is identified based on the permutation function. The second permutated cache set may intersect the first permutated cache set at one data cache line to cause an eviction of first data associated with the first security domain from the one data cache line and bypass eviction of data associated with the first security domain from at least one other data cache line of the first permuted cache set.

公开(公告)号：US12001346B2

公开(公告)日：2024-06-04

申请号：US17127786

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Thomas Unterluggauer ,  Alaa Alameldeen ,  Scott Constable ,  Fangfei Liu ,  Francis McKeen ,  Carlos Rozas ,  Anna Trikalinou

IPC: G06F12/10 ,  G06F12/121 ,  G06F12/14

CPC classification number: G06F12/14 ,  G06F12/121 ,  G06F2212/1052

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

公开(公告)号：US20220207154A1

公开(公告)日：2022-06-30

申请号：US17134333

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Richard Winterton ,  Mohammad Reza Haghighat ,  Asit Mallick ,  Alaa Alameldeen ,  Abhishek Basak ,  Jason W. Brandt ,  Michael Chynoweth ,  Carlos Rozas ,  Scott Constable ,  Martin Dixon ,  Matthew Fernandez ,  Fangfei Liu ,  Francis McKeen ,  Joseph Nuzman ,  Gilles Pokam ,  Thomas Unterluggauer ,  Xiang Zou

IPC: G06F21/60 ,  H04L9/08 ,  H04L9/30

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.