Patents by Inventor Carlos Rozas
Carlos Rozas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230350814Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with another cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a primary cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the primary cache. The victim cache is accessed using an independently randomized mapping. Subsequently, a request to access the first line results in a search of the victim cache and the primary cache. Based on the search, the first line is evicted from the victim cache, and reinserted in the primary cache. In another embodiment, reinsertion of the first line in the primary cache includes the first line and a third line being swapped between the primary cache and the victim cache.Type: ApplicationFiled: December 9, 2022Publication date: November 2, 2023Applicant: Intel CorporationInventors: Thomas Unterluggauer, Fangfei Liu, Carlos Rozas, Scott Constable, Gilles Pokam, Francis McKeen, Christopher Wilkerson, Erik Hallnor
-
Patent number: 11797309Abstract: An apparatus and method for tracking speculative execution flow and detecting potential vulnerabilities.Type: GrantFiled: December 27, 2019Date of Patent: October 24, 2023Assignee: Intel CorporationInventors: Carlos Rozas, Francis McKeen, Pasquale Cocchini, Meltem Ozsoy, Matthew Fernandez
-
Patent number: 11681533Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.Type: GrantFiled: June 17, 2019Date of Patent: June 20, 2023Assignee: Intel CorporationInventors: Ron Gabor, Alaa Alameldeen, Abhishek Basak, Fangfei Liu, Francis McKeen, Joseph Nuzman, Carlos Rozas, Igor Yanover, Xiang Zou
-
Patent number: 11651112Abstract: An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable circuitry to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable circuitry, the per-tenant FHE keys utilized to encrypt tenant data provided to an FHE-capable compute kernel of the FHE-capable circuitry; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.Type: GrantFiled: April 4, 2022Date of Patent: May 16, 2023Assignee: INTEL CORPORATIONInventors: Alpa Trivedi, Carlos Rozas
-
Publication number: 20220222203Abstract: An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable circuitry to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable circuitry, the per-tenant FHE keys utilized to encrypt tenant data provided to an FHE-capable compute kernel of the FHE-capable circuitry; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.Type: ApplicationFiled: April 4, 2022Publication date: July 14, 2022Applicant: Intel CorporationInventors: Alpa Trivedi, Carlos Rozas
-
Publication number: 20220207147Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a register hardening instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the register hardening instruction.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Carlos Rozas, Fangfei Liu, Xiang Zou, Francis McKeen, Jason W. Brandt, Joseph Nuzman, Alaa Alameldeen, Abhishek Basak, Scott Constable, Thomas Unterluggauer, Asit Mallick, Matthew Fernandez
-
Publication number: 20220206818Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a single instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the single instruction.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Alaa Alameldeen, Carlos Rozas, Fangfei Liu, Xiang Zou, Francis McKeen, Jason W. Brandt, Joseph Nuzman, Abhishek Basak, Scott Constable, Thomas Unterluggauer, Asit Mallick, Matthew Fernandez
-
Publication number: 20220207138Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a decode circuitry and store circuitry coupled to the decode circuitry. The decode circuitry is to decode a store hardening instruction to mitigate vulnerability to a speculative execution attack. The store circuitry is to be hardened in response to the store hardening instruction.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Carlos Rozas, Fangfei Liu, Xiang Zou, Francis McKeen, Jason W. Brandt, Joseph Nuzman, Alaa Alameldeen, Abhishek Basak, Scott Constable, Thomas Unterluggauer, Asit Mallick, Matthew Fernandez
-
Publication number: 20220207149Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes speculation vulnerability detection hardware and execution hardware. The speculation vulnerability detection hardware is to detect vulnerability to a speculative execution attack and, in connection with a detection of vulnerability to a speculative execution attack, to provide an indication that data from a first operation is tainted. The execution hardware is to perform a second operation using the data if the second operation is to be performed non-speculatively and to prevent performance of the second operation if the second operation is to be performed speculatively and the data is tainted.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Jason W. Brandt, Joseph Nuzman, Asit Mallick, Carlos Rozas
-
Publication number: 20220207146Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and load circuitry coupled to the decode circuitry. The decode circuitry is to decode a load hardening instruction to mitigate vulnerability to a speculative execution attack. The load circuitry is to be hardened in response to the load hardening instruction.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Carlos Rozas, Fangfei Liu, Xiang Zou, Francis McKeen, Jason W. Brandt, Joseph Nuzman, Alaa Alameldeen, Abhishek Basak, Scott Constable, Thomas Unterluggauer, Asit Mallick, Matthew Fernandez
-
Publication number: 20220207148Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Carlos Rozas, Fangfei Liu, Xiang Zou, Francis McKeen, Jason W. Brandt, Joseph Nuzman, Alaa Alameldeen, Abhishek Basak, Scott Constable, Thomas Unterluggauer, Asit Mallick, Matthew Fernandez
-
Publication number: 20220207154Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Applicant: Intel CorporationInventors: Richard Winterton, Mohammad Reza Haghighat, Asit Mallick, Alaa Alameldeen, Abhishek Basak, Jason W. Brandt, Michael Chynoweth, Carlos Rozas, Scott Constable, Martin Dixon, Matthew Fernandez, Fangfei Liu, Francis McKeen, Joseph Nuzman, Gilles Pokam, Thomas Unterluggauer, Xiang Zou
-
Publication number: 20220200783Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.Type: ApplicationFiled: December 18, 2020Publication date: June 23, 2022Applicant: Intel CorporationInventors: Thomas Unterluggauer, Alaa Alameldeen, Scott Constable, Fangfei Liu, Francis McKeen, Carlos Rozas, Anna Trikalinou
-
Patent number: 11354482Abstract: An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable compute kernel. The FHE-capable compute kernel is to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable compute kernel, the per-tenant FHE keys utilized to encrypt tenant data provided to the FHE-capable compute kernel; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.Type: GrantFiled: December 22, 2020Date of Patent: June 7, 2022Assignee: INTEL CORPORATIONInventors: Alpa Trivedi, Carlos Rozas
-
Publication number: 20220091851Abstract: In one embodiment, a processor includes: a decode circuit to decode a load instruction that is to load an operand to a destination register, the decode circuit to generate at least one fencing micro-operation (?op) associated with the destination register; and a scheduler circuit coupled to the decode circuit. The scheduler circuit is to prevent speculative execution of one or more instructions that consume the operand in response to the at least one fencing ?op. Other embodiments are described and claimed.Type: ApplicationFiled: September 23, 2020Publication date: March 24, 2022Inventors: FANGFEI LIU, ALAA ALAMELDEEN, ABHISHEK BASAK, SCOTT CONSTABLE, FRANCIS MCKEEN, JOSEPH NUZMAN, CARLOS ROZAS, THOMAS UNTERLUGGAUER, XIANG ZOU
-
Publication number: 20210200551Abstract: An apparatus and method for tracking speculative execution flow and detecting potential vulnerabilities.Type: ApplicationFiled: December 27, 2019Publication date: July 1, 2021Applicant: Intel CorporationInventors: CARLOS ROZAS, FRANCIS MCKEEN, PASQUALE COCCHINI, MELTEM OZSOY, MATTHEW FERNANDEZ
-
Publication number: 20210200552Abstract: An apparatus and method for non-speculative resource deallocation.Type: ApplicationFiled: December 27, 2019Publication date: July 1, 2021Inventors: FANGFEI LIU, CARLOS ROZAS, THOMAS UNTERLUGGAUER, FRANCIS MCKEEN, ALAA ALAMELDEEN, Abhishek Basak, XIANG ZOU, RON GABOR, JIYONG YU
-
Publication number: 20210111863Abstract: An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable compute kernel. The FHE-capable compute kernel is to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable compute kernel, the per-tenant FHE keys utilized to encrypt tenant data provided to the FHE-capable compute kernel; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Applicant: Intel CorporationInventors: Alpa Trivedi, Carlos Rozas
-
Patent number: 10970390Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address ofType: GrantFiled: February 15, 2018Date of Patent: April 6, 2021Assignee: Intel CorporationInventors: Francis McKeen, Bin Xing, Krystof Zmudzinski, Carlos Rozas, Mona Vij
-
Patent number: 10922088Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.Type: GrantFiled: June 29, 2018Date of Patent: February 16, 2021Assignee: Intel CorporationInventors: Fangfei Liu, Bin Xing, Michael Steiner, Mona Vij, Carlos Rozas, Francis McKeen, Meltem Ozsoy, Matthew Fernandez, Krystof Zmudzinski, Mark Shanahan