专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017058463A1 TECHNOLOGIES FOR EXECUTE ONLY TRANSACTIONAL MEMORY 审中-公开
标题翻译：用于执行只有交易记忆的技术
公开(公告)号：WO2017058463A1
公开(公告)日：2017-04-06
申请号：PCT/US2016/050093
申请日：2016-09-02
申请人： INTEL CORPORATION
发明人： DURHAM, David M. , LEMAY, Michael , LONG, Men
IPC分类号： G06F12/10
CPC分类号： G06F12/1027 , G06F9/3005 , G06F12/1408 , G06F12/1475 , G06F2212/402 , G06F2212/50
摘要： Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.
摘要翻译：仅用于执行事务性存储器的技术包括具有处理器和存储器的计算设备。处理器包括指令转换后备缓冲器（iTLB）和数据转换后备缓冲器（dTLB）。响应于页面未命中，处理器确定页面物理地址是否在存储器的仅执行事务（XOT）范围内。如果在XOT范围内，处理器可以使用页面物理地址填充iTLB，并防止dTLB填充页面物理地址。响应于诸如中断的控制流的异步改变，处理器确定最后的iTLB转换是否在XOT范围内。如果在XOT范围内，处理器将清除或以其他方式保护处理器寄存器状态。处理器确保XOT范围在授权的入口点开始执行。描述和要求保护其他实施例。

2. 发明申请

WO2016160119A1 MEMORY SCANNING METHODS AND APPARATUS 审中-公开
标题翻译：内存扫描方法和设备
公开(公告)号：WO2016160119A1
公开(公告)日：2016-10-06
申请号：PCT/US2016/016355
申请日：2016-02-03
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , DURHAM, David M. , LONG, Men
IPC分类号： G06F21/56 , G06F12/10
CPC分类号： G06F21/567 , G06F12/0802 , G06F12/1009 , G06F21/564
摘要： Memory scanning methods and apparatus are disclosed. An example apparatus includes a walker to traverse a paging structure of an address translation system; a bit analyzer to determine whether a bit associated with an entry of the paging structure is indicative of the entry being recently accessed; an address identifier to, when the bit analyzer determines that the bit associated with the entry of the paging structure is indicative of the entry being recently accessed, determine an address associated with the entry; and an outputter to provide the determined address to a memory scanner.
摘要翻译：公开了存储器扫描方法和装置。示例性装置包括：行走者，用于遍历地址转换系统的寻呼结构; 位分析器，用于确定与所述寻呼结构的条目相关联的位是否指示最近访问的条目; 地址标识符，当位分析器确定与寻呼结构的条目相关联的位指示最近被访问的条目时，确定与条目相关联的地址; 以及输出器，用于将确定的地址提供给存储器扫描器。

3. 发明申请

WO2018063571A1 TECHNOLOGIES FOR OBJECT-ORIENTED MEMORY MANAGEMENT WITH EXTENDED SEGMENTATION 审中-公开
标题翻译：具有扩展分割的面向对象存储器管理技术
公开(公告)号：WO2018063571A1
公开(公告)日：2018-04-05
申请号：PCT/US2017/047541
申请日：2017-08-18
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , HUNTLEY, Barry E. , SAHITA, Ravi L.
IPC分类号： G06F13/16 , G06F12/02
CPC分类号： G06F21/53 , G06F9/5016 , G06F12/00 , G06F21/121 , G06F21/74 , G06F2221/033 , G06F2221/0713 , G06F2221/2113
摘要： Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
摘要翻译：具有存储器保护扩展的存储器管理技术包括具有带有一个或多个保护扩展的处理器的计算设备。处理器可以加载包括段基址，有效限制和有效地址的逻辑地址，并根据具有有效限制的逻辑地址作为掩码来生成线性地址。处理器可以切换到由任务状态段扩展描述的新任务。任务状态扩展可以指定低延迟分段模式。处理器可以禁止访问描述符特权级别低于处理器的当前特权级别的本地描述符表格中的描述符。计算设备可以使用处理器的安全区域支持来加载安全区域。安全区域可能会在处理器的用户权限级别加载非安全框和沙盒应用程序。描述并要求保护其他实施例。

4. 发明申请

WO2017112253A1 ATTESTABLE INFORMATION FLOW CONTROL IN COMPUTER SYSTEMS 审中-公开
标题翻译：计算机系统中可实现的信息流控制
公开(公告)号：WO2017112253A1
公开(公告)日：2017-06-29
申请号：PCT/US2016/063325
申请日：2016-11-22
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , ROBINSON, Scott
IPC分类号： G06F21/71 , G06F21/60
CPC分类号： H04L67/1097 , G06F21/6245
摘要： Solutions for controlling data exposure among computing entities are described. A data transfer agent (DTA) module includes a data payload portion to store information content conditionally transferable to at least one other DTA module, and a code portion containing instructions that operationally implement: a DTA connectivity link to the at least one other DTA module; an attestation module to obtain, via the DTA connectivity link, attestation from each of the at least one other DTA module indicating a data output connectivity configuration of that other DTA module; and a decision module to determine a degree of permissible interaction with each of the at least one other DTA module based the attestation and on decision criteria.
摘要翻译：描述了用于控制计算实体之间的数据暴露的解决方案。数据传输代理（DTA）模块包括用于存储有条件地可传送到至少一个其它DTA模块的信息内容的数据有效载荷部分，以及包含指令的代码部分，所述指令在操作上实现：到所述至少一个其他DTA模块的DTA连接性链路; 证明模块，用于经由DTA连接性链路从所述至少一个其他DTA模块中的每一个获得证明该另一DTA模块的数据输出连接性配置的证明; 以及决定模块，用于基于所述证明和决策标准来确定与所述至少一个其他DTA模块中的每一个的可允许交互的程度。

5. 发明申请

WO2014209269A1 A PROTECTED MEMORY VIEW FOR NESTED PAGE TABLE ACCESS BY VIRTUAL MACHINE GUESTS 审中-公开
标题翻译：用于虚拟机顾客的网页访问的保护存储器视图
公开(公告)号：WO2014209269A1
公开(公告)日：2014-12-31
申请号：PCT/US2013/047381
申请日：2013-06-24
申请人： INTEL CORPORATION , LEMAY, Michael , DURHAM, David M. , SAHITA, Ravi L. , ANDERSON, Andrew V.
发明人： LEMAY, Michael , DURHAM, David M. , SAHITA, Ravi L. , ANDERSON, Andrew V.
IPC分类号： G06F21/53
CPC分类号： G06F12/145 , G06F9/30076 , G06F9/45558 , G06F12/1009 , G06F12/1491 , G06F2009/45583 , G06F2212/1052 , G06F2212/151
摘要： Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure.
摘要翻译：通常，本公开提供了用于虚拟机（VM）环境中的受保护的存储器视图的系统，方法和计算机可读介质，其实现了受VMX根模式之外的可信访客软件的嵌套页表访问。该系统可以包括被配置为通过操作系统（OS）内核组件和由VM的来宾内的用户空间应用提供对嵌套页表结构的访问的编辑器模块，其中嵌套页表结构与受保护的内存视图。该系统还可以包括页面处理处理器，其被配置为通过维护嵌套页表结构中的安全信息来保护该访问。

6. 发明申请

WO2018063644A1 ENFORCING MEMORY OPERAND TYPES USING PROTECTION KEYS 审中-公开
标题翻译：使用保护键保护存储器类型
公开(公告)号：WO2018063644A1
公开(公告)日：2018-04-05
申请号：PCT/US2017/048928
申请日：2017-08-28
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , KOUFATY, David A. , SAHITA, Ravi L.
IPC分类号： G06F12/14
CPC分类号： G06F12/1466 , G06F12/1009 , G06F21/53 , G06F21/566 , G06F2212/1052 , G06F2221/034
摘要： Enforcing memory operand types using protection keys is generally described herein. A processor system to provide sandbox execution support for protection key rights attacks includes a processor core to execute a task associated with an untrusted application and execute the task using a designated page of a memory; and a memory management unit to designate the page of the memory to support execution of the untrusted application.
摘要翻译：本文一般描述使用保护密钥强制执行内存操作数类型。处理器系统为保护密钥权限攻击提供沙盒执行支持包括处理器核心，用于执行与不可信应用相关联的任务，并使用存储器的指定页面执行任务; 和一个内存管理单元来指定内存的页面以支持不可信应用程序的执行。

7. 发明申请

WO2017112335A1 TECHNIQUES FOR DETECTING MALWARE WITH MINIMAL PERFORMANCE DEGRADATION 审中-公开
标题翻译：用最小性能降解来检测恶意软件的技术
公开(公告)号：WO2017112335A1
公开(公告)日：2017-06-29
申请号：PCT/US2016/063762
申请日：2016-11-25
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , DURHAM, David M.
IPC分类号： G06F21/56
CPC分类号： G06F21/566 , G06F21/567 , G06F2221/032 , H04L63/1416 , H04L63/145
摘要： Various embodiments are generally directed to techniques for detecting malware in a manner that mitigates the consumption of processing and/or storage resources of a processing device. An apparatus may include a first processor component of a processing device to generate entries in a chronological order within a first page modification log maintained within a first storage divided into multiple pages, each entry to indicate a write access made by the first processor component to a page of the multiple pages; a retrieval component of a graphics controller of the processing device to recurringly retrieve indications from the first page modification log of at least one recently written page of the multiple pages; and a scan component of the graphics controller to recurringly scan the at least one recently written page to detect malware within the at least one recently written page.
摘要翻译：各种实施例通常针对用于以减轻处理设备的处理和/或存储资源的消耗的方式来检测恶意软件的技术。一种装置可以包括处理设备的第一处理器组件，以在被划分成多个页面的第一存储器内维护的第一页面修改日志内按照时间顺序生成条目，每个条目指示第一处理器组件对多页的页面; 所述处理设备的图形控制器的检索组件重复检索来自所述多个页面中的至少一个最近写入的页面的所述第一页面修改日志的指示; 以及所述图形控制器的扫描组件重复扫描所述至少一个最近写入的页面以检测所述至少一个最近写入的页面内的恶意软件。

8. 发明申请

WO2014209900A1 SELECTIVE SHARING OF USER INFORMATION BASED ON CONTEXTUAL RELATIONSHIP INFORMATION, SUCH AS TO CROWD-SOURCE GIFTS OF INTEREST TO A RECIPIENT 审中-公开
标题翻译：基于相关关系信息的用户信息的选择性共享，如对受益人的兴趣爱好的礼物
公开(公告)号：WO2014209900A1
公开(公告)日：2014-12-31
申请号：PCT/US2014/043698
申请日：2014-06-23
申请人： INTEL CORPORATION , WOUHAYBI, Rita H. , COPPERNOLL, Timothy G. , SIA, Jose K. Jr. , BECKWITH, Richard T. , BEZAITIS, Maria , ROBINSON, Scott H. , PHEGADE, Vinay , LEMAY, Michael
发明人： WOUHAYBI, Rita H. , COPPERNOLL, Timothy G. , SIA, Jose K. Jr. , BECKWITH, Richard T. , BEZAITIS, Maria , ROBINSON, Scott H. , PHEGADE, Vinay , LEMAY, Michael
IPC分类号： G06Q50/30
CPC分类号： G06Q30/0635 , G06F17/30598 , G06F17/30867 , G06Q30/0214 , G06Q30/0601 , G06Q30/0631 , G06Q30/0641 , G07C13/00
摘要： Selective/controlled disclosure of user information to private workspaces of other users/invitees based on context/contextual relations, and a shared workspace or market to collaborate amongst the other users (e.g., to crowd-source gifts of interest to the recipient). Contextual disclosure may be based on common context or commonality under a set of conditions, such as a topic, which may include known topics of relationships amongst the users and/or undiscovered contexts. As an example, items of interest to each user are identified and clustered, keywords are assigned to the clusters indicative of topics/subjects of interests to the respective users, recipient keywords are compared to keywords of an invitee to identify common keywords as shared interests, and items of interest to the recipient that relate to the common keywords are disclosed to the invitee as a personalized wish-list. Keyword weighting and/or keyword/item level privacy designations may be provided to further control disclosure.
摘要翻译：基于上下文/上下文关系向其他用户/受邀者的私有工作空间选择/控制地披露用户信息，以及共享工作空间或市场以在其他用户之间进行协作（例如，将收件人感兴趣的馈赠给接收者）。上下文公开可以基于一组条件下的通用上下文或通用性，例如主题，其可以包括用户之间的关系的已知主题和/或未发现的上下文。作为示例，识别和聚集每个用户感兴趣的项目，将关键字分配给指示相应用户的主题/主题的集群，将收件人关键字与受邀者的关键字进行比较，以将共同关键字识别为共享兴趣，并且与所述公共关键字相关的所述收件人感兴趣的项目作为个性化愿望列表被公开给被邀请者。可以提供关键字加权和/或关键字/项目级别隐私指定以进一步控制公开。

9. 发明申请

WO2020096639A1 FUNCTION AS A SERVICE (FAAS) SYSTEM ENHANCEMENTS 审中-公开
公开(公告)号：WO2020096639A1
公开(公告)日：2020-05-14
申请号：PCT/US2019/027659
申请日：2019-04-16
申请人： INTEL CORPORATION
发明人： HAGHIGHAT, Mohammad R. , DOSHI, Kshitij , HERDRICH, Andrew J. , MOHAN, Anup , IYER, Ravishankar R. , SUN, Mingqiu , BHUYAN, Krishna , GOH, Teck Joo , KUMAR, Mohan J. , PRINKE, Michael , LEMAY, Michael , PELED, Leeor , TSAI, Jr-Shian , DURHAM, David M. , CHAMBERLAIN, Jeffrey D. , SUKHOMLINOV, Vadim A. , DAHLEN, Eric J. , BAGHSORKHI, Sara , SANE, Harshad , MELIK-ADAMYAN, Areg , SAHITA, Ravi , BABOKIN, Dmitry Yurievich , STEINER, Ian M. , BACHMUTSKY, Alexander , RAO, Anil , ZHANG, Mingwei , JAIN, Nilesh K. , FIROOZSHAHIAN, Amin , PATEL, Baiju V. , HUANG, Wenyong , RAGHURAM, Yeluri
IPC分类号： G06F9/50 , G06F11/30
摘要： Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution. Furthermore, the computing system enables customers to pay only when their code gets executed with a granular billing down to millisecond increments.

10. 发明申请

WO2018005388A1 REGULATING CONTROL TRANSFERS FOR EXECUTE-ONLY CODE EXECUTION 审中-公开
标题翻译：调控执行专用代码执行的控制权转移
公开(公告)号：WO2018005388A1
公开(公告)日：2018-01-04
申请号：PCT/US2017/039338
申请日：2017-06-26
申请人： INTEL CORPORATION
发明人： LEMAY, Michael , SAHITA, Ravi L. , DURHAM, David M. , RODGERS, Scott Dion , SHANBHOGUE, Vedvyas
IPC分类号： G06F12/14
CPC分类号： G06F21/566 , G06F21/53 , G06F21/554 , G06F2221/033 , G06F2221/2143
摘要： In one embodiment, an apparatus comprises a processor configured to: detect a first control transfer operation; determine that a destination of the first control transfer operation is within code stored in execute-only memory; generate a fault if the destination of the first control transfer operation is an invalid entry point into the code stored in execute-only memory; detect a second control transfer operation while executing the code stored in execute-only memory; and abort execution of the code stored in execute-only memory if the second control transfer operation is detected at an invalid exit point in the code.
摘要翻译：在一个实施例中，一种装置包括处理器，该处理器被配置为：检测第一控制转移操作; 确定第一控制转移操作的目的地在存储在只执行存储器中的代码内; 如果第一控制转移操作的目的地是存储在只执行存储器中的代码的无效入口点，则产生故障; 在执行存储在只执行存储器中的代码的同时检测第二控制转移操作; 并且如果在代码中的无效出口点检测到第二控制转移操作，则放弃执行存储器中存储的代码的执行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式