Patents by Inventor Oded Horovitz
Oded Horovitz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10726131Abstract: Systems, methods, and non-transitory computer-readable media can perform verification of a currently stored BMC firmware on a remote access-enabled server based on a BMC security key. It can be determined that the currently stored BMC firmware cannot be verified based on the BMC security key. A replacement BMC firmware can be received over a network connection based on the determination that the currently stored BMC firmware cannot be verified. The currently stored BMC firmware can be replaced with the replacement BMC firmware.Type: GrantFiled: November 21, 2016Date of Patent: July 28, 2020Assignee: Facebook, Inc.Inventors: Sahil Sunil Rihan, Oded Horovitz, Stephen August Weis
-
Patent number: 10049048Abstract: A processor cache is logically partitioned into a main partition, located in the cache itself, and an enclave partition, located within an enclave, that is, a hardware-enforced protected region of an address space of a memory. This extends the secure address space usable by and for an application such as a software cryptoprocessor that is to execute only in secure regions of cache or memory.Type: GrantFiled: October 1, 2014Date of Patent: August 14, 2018Assignee: Facebook, Inc.Inventors: Oded Horovitz, Stephen A. Weis, Sahil Rihan, Carl A. Waldspurger
-
Publication number: 20180217941Abstract: A processor cache is logically partitioned into a main partition, located in the cache itself, and an enclave partition, located within an enclave, that is, a hardware-enforced protected region of an address space of a memory. This extends the secure address space usable by and for an application such as a software cryptoprocessor that is to execute only in secure regions of cache or memory.Type: ApplicationFiled: October 1, 2014Publication date: August 2, 2018Inventors: Oded HOROVITZ, Stephen A. WEIS, Sahil RIHAN, Carl A. WALDSPURGER
-
Patent number: 10037282Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.Type: GrantFiled: September 23, 2016Date of Patent: July 31, 2018Assignee: Facebook, Inc.Inventors: Carl A. Waldspurger, Oded Horovitz, Stephen A. Weis, Sahil Rihan
-
Patent number: 9983894Abstract: An application such as a virtual machine are executed securely using a software-based, full-system emulator within a hardware-protected enclave, such as an SGX enclave. The emulator may thereby be secure even against a malicious underlying host operating system. In some cases, paging is used to allow even a large application may run within a small enclave using paging. Where the application itself uses enclaves, these guest enclaves may themselves be emulated within an emulator enclave such that the guest enclave(s) are nested as sibling enclaves by the emulator.Type: GrantFiled: September 25, 2014Date of Patent: May 29, 2018Assignee: Facebook, Inc.Inventors: Oded Horovitz, Stephen A. Weis, Sahil Rihan, Carl A. Waldspurger
-
Publication number: 20180144135Abstract: Systems, methods, and non-transitory computer-readable media can perform verification of a currently stored BMC firmware on a remote access-enabled server based on a BMC security key. It can be determined that the currently stored BMC firmware cannot be verified based on the BMC security key. A replacement BMC firmware can be received over a network connection based on the determination that the currently stored BMC firmware cannot be verified. The currently stored BMC firmware can be replaced with the replacement BMC firmware.Type: ApplicationFiled: November 21, 2016Publication date: May 24, 2018Inventors: Sahil Sunil Rihan, Oded Horovitz, Stephen August Weis
-
Patent number: 9747450Abstract: An attestation system for asserting and verifying assertions of a known-good state of a computer system is provided. The attestation system allows a challenger and a prover to conduct an attestation so that the challenger can verify an assertion of the prover. To conduct the attestation, the prover sends, as an assertion of its state, a combined measurement of resources along with a constituent measurement of each resource to the challenger. The challenger verifies the assertion by verifying that the asserted constituent measurements represent known-good measurements and verifying that the asserted combined measurement can be generated from the asserted constituent measurements. To verify the asserted constituent measurements, the challenger determines whether each asserted constituent measurement for a resource is a known-good measurement for that resource.Type: GrantFiled: February 10, 2015Date of Patent: August 29, 2017Assignee: Facebook, Inc.Inventors: Oded Horovitz, Sahil Rihan, Stephen A. Weis, Daniel Arai
-
Patent number: 9734092Abstract: Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory.Type: GrantFiled: March 19, 2015Date of Patent: August 15, 2017Assignee: Facebook, Inc.Inventors: Oded Horovitz, Sahil Rihan, Stephen A. Weis, Carl A. Waldspurger
-
Publication number: 20170206167Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.Type: ApplicationFiled: September 23, 2016Publication date: July 20, 2017Inventors: Carl A. Waldspurger, Oded Horovitz, Stephen A. Weis, Sahil Rihan
-
Patent number: 9639482Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.Type: GrantFiled: August 6, 2015Date of Patent: May 2, 2017Assignee: Facebook, Inc.Inventors: Oded Horovitz, Stephen A. Weis, Carl A. Waldspurger, Sahil Rihan
-
Patent number: 9477603Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.Type: GrantFiled: September 5, 2014Date of Patent: October 25, 2016Assignee: FACEBOOK, INC.Inventors: Carl A. Waldspurger, Oded Horovitz, Stephen A. Weis, Sahil Rihan
-
Publication number: 20160224475Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.Type: ApplicationFiled: August 6, 2015Publication date: August 4, 2016Inventors: Oded Horovitz, Stephen A. Weis, Carl A. Waldspurger, Sahil Rihan
-
Patent number: 9164924Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.Type: GrantFiled: September 13, 2012Date of Patent: October 20, 2015Assignee: FACEBOOK, INC.Inventors: Oded Horovitz, Stephen A. Weis, Carl A. Waldspurger, Sahil Rihan
-
Publication number: 20150269091Abstract: Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory.Type: ApplicationFiled: March 19, 2015Publication date: September 24, 2015Inventors: Oded Horovitz, Sahil Rihan, Stephen A. Weis, Carl A. Waldspurger
-
Publication number: 20150227744Abstract: An attestation system for asserting and verifying assertions of a known-good state of a computer system is provided. The attestation system allows a challenger and a prover to conduct an attestation so that the challenger can verify an assertion of the prover. To conduct the attestation, the prover sends, as an assertion of its state, a combined measurement of resources along with a constituent measurement of each resource to the challenger. The challenger verifies the assertion by verifying that the asserted constituent measurements represent known-good measurements and verifying that the asserted combined measurement can be generated from the asserted constituent measurements. To verify the asserted constituent measurements, the challenger determines whether each asserted constituent measurement for a resource is a known-good measurement for that resource.Type: ApplicationFiled: February 10, 2015Publication date: August 13, 2015Inventors: Oded Horovitz, Sahil Rihan, Stephen A. Weis, Daniel Arai
-
Publication number: 20150089502Abstract: An application such as a virtual machine are executed securely using a software-based, full-system emulator within a hardware-protected enclave, such as an SGX enclave. The emulator may thereby be secure even against a malicious underlying host operating system. In some cases, paging is used to allow even a large application may run within a small enclave using paging. Where the application itself uses enclaves, these guest enclaves may themselves be emulated within an emulator enclave such that the guest enclave(s) are nested as sibling enclaves by the emulator.Type: ApplicationFiled: September 25, 2014Publication date: March 26, 2015Applicant: PrivateCore, Inc.Inventors: Oded HOROVITZ, Stephen A. WEIS, Sahil RIHAN, Carl A. WALDSPURGER
-
Publication number: 20150067265Abstract: A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict.Type: ApplicationFiled: September 5, 2014Publication date: March 5, 2015Applicant: PRIVATECORE, INC.Inventors: Carl A. WALDSPURGER, Oded HOROVITZ, Stephen A. WEIS, Sahil RIHAN
-
Patent number: 8966623Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.Type: GrantFiled: March 8, 2011Date of Patent: February 24, 2015Assignee: VMware, Inc.Inventors: Oded Horovitz, Samuel Larsen, Gilad Arie Wolff, Marios Leventopoulos, Bharath Chandramohan
-
Patent number: 8763115Abstract: One embodiment of the present invention is a method of operating a virtualization system, the method including: (a) instantiating a virtualization system on an underlying hardware machine, the virtualization system exposing a virtual machine in which multiple execution contexts of a guest execute; (b) monitoring the execution contexts from the virtualization system; and (c) selectively impeding computational progress of a particular one of the execution contexts.Type: GrantFiled: March 19, 2008Date of Patent: June 24, 2014Assignee: VMware, Inc.Inventors: Dmitriy Budko, Xiaoxin Chen, Oded Horovitz, Carl A. Waldspurger
-
Publication number: 20130312096Abstract: A system is provided to facilitate on-demand data scan operation in a guest virtual machine. During operation, the system generates an on-demand scan request at a scanning virtual machine, wherein the request specifies a scope for the on-demand scan. The system communicates the on-demand scan request to the guest virtual machine and receives data from the guest virtual machine in response to the request. The system identifies the data as candidate for on-demand scanning and scans the data in furtherance of a security or data integrity objective.Type: ApplicationFiled: May 18, 2012Publication date: November 21, 2013Applicant: VMware, INC.Inventors: Samuel Larsen, Gilad Arie Wolff, Oded Horovitz, Lionel Litty, Marios Leventopoulos, James Kiryakoza